Just a further refinement on my initial 'rate determination from file time stamps' ....
One can get total transit times and deduce rates from the file time stamps.
However - those time stamps DO NOT HAVE the 'local time zone' information in them - they are in UTC - and use system settings on the computer to convert the STORED time stamps into local zone times.
So my comment was on RATE determination - not on TIME ZONE determination of 'where a file was created'.
I am NOT going to go to the site of the 'forensicator' to determine HOW 'he/she/it' supposedly derived the 'Time Zone Info' from the Wikileaks archives. Complete lack of trust of such sites
In Fact - i believe that portion of his/her/its claims to be complete and total BS. That is something that can NOT possibly be determined without unlimited access to the actual file server that was hacked - and even then, highly unlikely one can determine the 'time zone' of the machine doing the 'copying/hacking'. Yes, it is a logical assumption that the two machines were in the same zone - if the rate (23 mega-bytes per second - or approx 200 megabits/sec ie. gigabit width required, or direct access to usb or other physical ports on the originating machine) is correct. But that is ALL that it is ... an ASSUMPTION - it is not rock solid EVIDENCE.
Willing to hear countering arguments.
Just a note; did spend quite a few years submerged in Unix at system level, and did some programming - but do not consider myself an 'expert' at forensics.
| 
