I wrote about the memorialization of an October 22, 2020 meeting about the Hunter Biden laptop that Gary Shapley did here.
Shapley is using it to wind up the frothy right, which as is true of all things Hunter Biden, has worked like a charm.
He has used it not only to make false claims that the FBI has validated the laptop and all its contents, but also to claim that Whistleblower X was being denied access to some of the materials on the laptop. As I noted, by his own description, Whistleblower X saw contents from the laptop, as released by Rudy Giuliani, at some point in the investigation, even though investigators had been instructed not to view publicly available materials out of taint concerns.
But the meeting wasn’t held 8 days after the Rudy laptop had been made public so Whistleblower X could air his complaints. It was held as CYA, to make sure DOJ documented the chain of custody that had just been rendered suspect by the disclosure that a source the FBI had basically trusted had turned the laptop into an election season hit job.
Authentication
The frothy right is either lying or ignorant when they claim this report authenticates the laptop and all contents. Indeed, the report makes it clear that, over a year after first learning of the laptop, the FBI still hadn’t validated every file on it.
But it did do some authentication, some of which could have been faked. That includes:
- Financial records showing Hunter Biden made a purchase in a cigar shop on the “same day” (could easily be faked, particularly since anyone with his laptop had images of his credit cards)
- “Other intelligence” showing he was in the area
- Phone records showing at least two calls “around this time” (but may not reflect later calls Mac Isaac claimed to have made)
- Device number registered to Hunter Biden’s iCloud account
- October 2020: Discussion of tracking data creation dates on laptop
Forensic Process
From the description of the memo, the hard drive was easy to access. It was imaged within days of receipt and sent to the regional forensics lab in Philadelphia. Even there, though, by March there were concerns about the quality and completeness of what got imaged from the hard drive.
For some reason, however, to access the laptop, the FBI obtained a new PowerBook and installed the hard drove from the Hunter Biden laptop in the new laptop, which “the computer guy” in the meeting said “returned [the laptop] to original.” It took three months to get this image.
Furthermore, there were problems with exporting the results. Even in October 2020, the team were joking that anyone else who wanted to access the laptop would need to buy their own laptop and review the discovery on that.
Here’s what the memo said about this:
FBI determined in order to do a full forensic review a replacement laptop had to be purchased so the hard drive could be installed, booted and imaged.
[snip]
Josh Wilson stated that (while laughing) so whoever [people wanting to review the laptop] are they are going to have to buy a laptop to put the hard drive so they can read it.
As noted, at that point in October 2020, the FBI had not checked the laptop for any alterations made while in Mac Isaac’s custody. Of particular concern given what I’ve heard about the hard drive is whether the computer access email updates during the period it was at the shop (not least because in that period, Burisma was hacked). Shapley said nothing about any validation that happened after this point.
- Replacement laptop purchased, hard drive installed, booted, imaged
- CART images external hard drive
- 12/19/19: Regional Computer Forensics Lab receives image of har drive
- 3/6/20: FBI receives image of laptop
- 3/10/20: RCFL receives laptop image
- 3/31/20: email about quality and completeness of imaged/recovered from hard drive (not shared with agents)
- No list of when files created
Legal Treatment
Before the government took the laptop, they checked with Apple (what might be a subscriber report) to make sure the laptop in question was registered to Hunter Biden’s iCloud account. The FBI did two telephone and one in person interview with Mac Isaac (curiously, Shapley refers to his as John Paul rather than Mac Isaac). They then served a subpoena on Mac Isaac to take custody. The Office of Enforcement Operations approved the warrant. The IRS then used a Title 26 (tax) search warrant, with search protocols, to access the content.
There are two references to LTFC, which I suspect is the filter team.
- Order to Apple to verify computer
- Two telephone and one in-person interviews of Mac Isaac
- Subpoena for laptop (12/9/19, but not recorded in doc)
- 12/12/19 OEO approval for search warrant
- 12/13/19 T26 Search Warrant approved with filter protocol
- Some grand jury process relating to iPad backup
- LTFC [?] emails 1/23/20 about data imaging
- 4/10/20: thumb drive (from laptop?) to LTFC
Discovery History
As noted, the hard drive was easy to access; the laptop was not.
The forensic team first started describing the contents of the hard drive 24 days after obtaining the search warrant (with Christmas in between), and first obtained messages from the hard drive in February.
The investigators didn’t get content from the laptop until April, and it was deduped from the hard drive (though there seems to have been stuff on the laptop that was not on the hard drive).
Whistleblower X kept complaining about not getting a Cellebrite report on the devices. It’s unclear whether that pertained to some of the forensics challenges.
Shapley mentioned that there had been an error when the FBI tried to upload the laptop to USAfx, a discovery platform. That’s weird because USAfx is really finicky. Problems uploading it would be unsurprising. Problems uploading it that remained an issue in October, six months later, would be.
- After 1/6/20: Emails about “body parts, file names”
- 1/15/20: Email with file extensions
- 1/27/20: DE1 and DE2 provide file extensions, provided on USB drive
- 2/27/20 DE3 All messages from hard drive provided on USB drive (includes iPad and MacBook messages, not iPhone messages)
- After 2/27/20: iPhone messages decrypted with password obtained from business card
- 4/7/20: DE4 first evidence from laptop (de-duped from hard drive)
- 4/17/20: Uploaded files to USAfx, receive error (many file types)
- 4/20/20: Zip file with PDF and HTML files of cell phone records, and redacted Cellebrite file
Investigative treatment
The most interesting aspect of the investigative treatment of the laptop is that a filter team withheld information from the Mac Isaac 302 from investigators. I wonder whether he told them what he has said publicly–that he has no idea whether Hunter Biden really was the one who showed up in his shop.
- 10/16/19: Richard McKissack calls the FBI Albuquerque
- 10/17/19: Baltimore Field Office receives lead from FBI Albuquerque
- 11/3/19: Unnamed person reaches out to McKissack for contact information for Mac Isaac
- 11/6/19: Josh Wilson calls Mac Isaac
- 11/7/19: FBI interviews Mac Isaac, 302 not shared with prosecution team
- 11/21/19: Follow-up phone call to clarify Mac Isaac claims about timing of abandonment
- 12/3/19: Whistleblower X starts drafting search warrant
- 12/9/19: Took property of laptop, external hard drive, and receipt (redacted information about subpoena)
- 12/12/19: OEO approved search warrant for laptop and hard drive
- 12/13/19: Whistleblower X obtains T26 Search Warrant
- 1/6/20: Forensic analysis begins
- 2/10/20: Filter review completed, scope review begins
Update: Added link to DDOSecrets report.