HOW DO YOU FIND FRUAD IN THE IT SYSTEM
One needs to first get the court's permission to gain access to the computer system. You may need an expert to show to court why there is a need to directly forensic audit the computer system itself and why just viewing from vote scanned in and to look at the data table out are insufficien.
If it is difficulty to get access at this point, one can at the first step to ask the government to self examine to provide detailed listing on how the numbers, for example, MI of 138,339 and WI 193,720, are composed. It would be great if you can get your own IT expert to be there to obsereve at the same time.
In MI, when 138,339 votes all for Biden in one minute, in addition to itemized listing, the government needs to show whether it has ever been corrected and how and when.
In WI, in addition to the listing, how is the percentage calculated to be different than the total vote numbers. All the votes need to listed by counties.
Maybe, hopefully, when doing the itemized detailed listing, the governments can find fraud on their own.
The Fraud is computer system fraud, we have to go into the computer system to examine. If the government cannot satisfactory explains, you need to go into the system to take a look first-hand.
You can interview several IT, Computer fraud examiners, show them the data you have and tell them why you suspect fraud has happened. Interview several of them so that you can understand the scope and steps of the tasks.
When you actually get the court's permission to start the work, make sure that you have your team member doing the examination with the expert at the same time. This is to take notes on what happened and make sure that your expert does not do anything which will alter the system content. When the expert is really working on the system, the things s/he says along the way will be much more than the final written report. You will learn much more on the steps s/he took and the reason leading him/her to take the next audit step.
It would be best that you will have a silent, independent auditor to be there just for observation purpose. Do not let this person to dictate or prevent the expert to do his/her job. It would be the worst thing happening for someone to prevent the expert to take further step or certain step and eventually causing us not to be able to find fraud.
In this voting situation, it would be the worst thing that one can imagine is to have someone there to tell the fraud examiner not to do anything or to suggest or to discourage or to question him/her. Therefore, unless the siuation is particular, we don't need an opposing party to be there to say or this that to affect the expert's work. A good IT fraud auditor is independent anyway.
An IT fraud examiner is independent with his/her own specialty, ethics, and will not be biased. S/he should have caution and steps to prevent the original computer data or system being altered by his/her auditing steps.
For certain work, one can make a copy and work on the copy instead of on the original system. However, for the subject matter of vote reporting system, to examine the original system may not be avoidable.
We don't know whether the question is in which county or at what level. It is more likely than not, to alter the number of this magnitude, the hacker would need to work on the summary stage. That is, the examiner needs to find out the grouping process for the final result to show to identify where the data dump could have happened.
So called forensic audit the computer system, the expert is first looking for the particular problem, in this instance, with the time stamped, screenshots, to find out exactly when and how it happened. Once this original issue is identified, the forensic steps are to make sure that the entire system is examined to see when and where there could be similar or different fraud.
To take a sampling approach is a step and not the method. Computer audit may be done with a sample. Forensic audit would be complete and detailed. It is complete examination and not just a sampling work.
It is a public data, security is most important thing. Of course, in nowadays, the auditor may work from home. That has an issue for us to make sure that his computer environment and access control are done properly. This is not something that the examiner works from home. This is not a private copy of a computer database.
Discuss the private and security issue with the expert. Discuss how s/he may suggest to prevent the hacker to come in to erase trace or change the original data entry at this point -- after the whole total amount has been published.
24/7 security is the most important thing.
It should not take a professional really good IT team or one person to identify the initial problem. Then, based on the initial problem identified, one can design steps to see how widely the same instance has repeated itself in the system.
To have added in more than 100,000 votes at one time may seem to be bold. Yet, the person's bet is that when we recount votes in millions, we will not be able to find or identify the missing votes are not there unless all the votes are counted together.
If the fraud design is to spead added votes to several counties, it would be very hard to locate or find that missing 100,000 physical votes. It is also hard to identify which ones of vote difference belong to this 100,000 or of issues of themselves.
Therefore, the computer forenscic audit is necessary to be complete by itself. Its result can serve as a guidance to the vote count reconciliation.
All numbers in the system can be used to verify the numbers even outside of the vote counts and the computer scanns or the data input. For example, all counties have a check-in process for the voters. Is there anyway, that number can be tabulated with all counties, by county to get a summary? To understand the specific processes and the computer system of the voting data count is one important step.
To have a compute data dump of more than 100,000 each time looks as if the number is large. Yet, if we look at the piles of ballots of total over several millions, the person who designed this data dump is betting we cannot identify and find this 100,000 difference soon enough
Again, discuss with your IT expert, interview some professional computer fraud examiner teams or experts. Be very careful. Make sure you select the ones without a political bias or agenda.
It is not the largest team the best. We need to have background information on everyone who may be involved. The control over the experts should be your job. Remember that the person who designed the bug or system or break-in must have been an expert him/herself or a team who knows how to do this. We don't want to hire them or their related parties to help us do this forensic work.