EMS Compiler Installed – Capable of Generating New Executables During Live Election (AZ)

Arizona, Deployment Configuration, Disputed Fact, Dominion, Electronic Voting System Integrity, Maricopa County, United States / Patrick Colbeck

Disputed Fact Cotton’s forensic presentation to the Arizona Senate documented that a compiler was installed on the Maricopa EMS – a tool providing the ability to modify and create executable files and drivers on the fly that could alter election results without detection. Evidence showed that new executable files were created at least three times […]

EMS Compiler Installed – Capable of Generating New Executables During Live Election (AZ) Read More »

EMS OS and Antivirus Unpatched Since August 2019 – Contradictory CISA Guidance (AZ)

Arizona, Deployment Configuration, Dominion, Electronic Voting System Integrity, Established Fact, Maricopa County, United States / Patrick Colbeck

Established Fact The Cyber Ninjas audit documented as an established fact that neither the EMS operating system nor its antivirus software had been patched or updated since August 2019 – the date of Dominion’s software installation – meaning Maricopa ran a presidential election on a system with 15+ months of unaddressed CVEs. Maricopa County contended

EMS OS and Antivirus Unpatched Since August 2019 – Contradictory CISA Guidance (AZ) Read More »

Post-Certification Software Alterations – 45 EXEs and 1,053 DLLs Modified (AZ)

Arizona, Deployment Configuration, Disputed Fact, Dominion, Electronic Voting System Integrity, Maricopa County, United States / Patrick Colbeck

Disputed Fact Forensic cybersecurity analyst Ben Cotton (CyFIR), retained by the Arizona Senate audit, documented that after the Dominion software installation 45 .exe packages and 1,053 .dll files were modified, and 4 .exe files and 377 .dll files were newly created on the EMS system. Cotton stated: “The machine behavior settings (MBS) and the database

Post-Certification Software Alterations – 45 EXEs and 1,053 DLLs Modified (AZ) Read More »

Post-Election Forensic Audit Scope Insufficient to Validate or Refute Hardware Configuration – Internal Inspection Refused (AZ)

Arizona, Deployment Configuration, Dominion, Electronic Voting System Integrity, Established Fact, Maricopa County, United States / Patrick Colbeck

Established Fact Post-election forensic examinations of Maricopa County’s voting systems conducted by certified test laboratories, including Pro V&V and SLI Compliance, were structurally limited to external reviews, removable-media imaging, and software-level analysis. No auditor was permitted to conduct internal hardware inspections of the tabulator units – the “lift the hood” examination that would verify whether

Post-Election Forensic Audit Scope Insufficient to Validate or Refute Hardware Configuration – Internal Inspection Refused (AZ) Read More »

Defective L&A Testing Using Zero-Voter “NVP” Synthetic Precincts (AZ)

Arizona, Deployment Configuration, Disputed Fact, Electronic Voting System Integrity, Maricopa County, United States / Patrick Colbeck

Disputed Fact Maricopa County publicly represented its 2020 tabulator deployment as consisting of ImageCast Precinct 2 (ICP2) optical scan units. However, multiple independent forensic indicators establish that the devices operated on Election Day were ImageCast Evolution (ICE) units: EMS configuration files consistently identified the tabulators as ICE devices, not ICP2 units; SLOG verification logs and

Defective L&A Testing Using Zero-Voter “NVP” Synthetic Precincts (AZ) Read More »

Unapproved Hardware Substitution – Tabulators Identified as ICE Devices Despite ICP2 Representation; Procurement Records Corroborate Substitution (AZ)

Arizona, Deployment Configuration, Dominion, Electronic Voting System Integrity, Maricopa County, Reasonable Inference, United States / Patrick Colbeck

Reasonable Inference Maricopa County publicly represented its 2020 tabulator deployment as consisting of ImageCast Precinct 2 (ICP2) optical scan units. However, multiple independent forensic indicators establish that the devices operated on Election Day were ImageCast Evolution (ICE) units: EMS configuration files consistently identified the tabulators as ICE devices, not ICP2 units; SLOG verification logs and

Unapproved Hardware Substitution – Tabulators Identified as ICE Devices Despite ICP2 Representation; Procurement Records Corroborate Substitution (AZ) Read More »

Surreptitious Software Alteration – Tabulation Components Deviated from Certified Build; L&A Testing Conducted on Only Five Spare Tabulators (AZ)

Arizona, Deployment Configuration, Disputed Fact, Electronic Voting System Integrity, Maricopa County, United States / Patrick Colbeck

Disputed Fact System log files reviewed during post-election forensic analysis indicate that Maricopa County’s tabulation software was surreptitiously altered in components that control how ballots are read – the core functional module of any optical scan tabulator. This alteration rendered the deployed software an uncertified build not matching the EAC-approved Dominion Democracy Suite 5.5B golden

Surreptitious Software Alteration – Tabulation Components Deviated from Certified Build; L&A Testing Conducted on Only Five Spare Tabulators (AZ) Read More »

Unauthorized Dual-Boot Configuration on Adjudication Endpoint (AZ)

Arizona, Deployment Configuration, Electronic Voting System Integrity, Established Fact, Maricopa County, United States / Patrick Colbeck

Established Fact Forensic review of Maricopa County’s election network discovered a dual-boot configuration on the “Adjudication 02” endpoint workstation. The system contained two internal hard drives, both capable of booting to different operating environments. The second drive contained non-county, non-election data whose provenance has not been publicly disclosed. A certified election system is required to

Unauthorized Dual-Boot Configuration on Adjudication Endpoint (AZ) Read More »

EMS SQL Database Purged of 2020 Election Results Prior to Forensic Audit – 263,139 Corrupt and 21,273 Missing Ballot Images (AZ)

Arizona, Election Record Integrity, Established Fact, Maricopa County, United States, Vote Tally Integrity Findings / Patrick Colbeck

Established Fact The Maricopa County EMS SQL Database was purged of all 2020 General Election results by an administrator account in the period immediately prior to the forensic audit team gaining access. Forensic examiners found that: (1) the database contained 263,139 corrupt and unreadable ballot images – digital records that should allow tally reconciliation to

EMS SQL Database Purged of 2020 Election Results Prior to Forensic Audit – 263,139 Corrupt and 21,273 Missing Ballot Images (AZ) Read More »

Intentional Overwriting of EMS Security Logs via Script Executed 38,478 Times (AZ)

Arizona, Election Record Integrity, Established Fact, Maricopa County, United States, Vote Tally Integrity Findings / Patrick Colbeck

Established Fact Windows security event logs on the Maricopa County Tabulation and Election Center (MCTEC) Election Management System server – the primary records of who accessed the system, when, and what actions were taken – were deliberately restricted to a maximum file size of 20 MB, causing automatic overwriting of older entries. This configuration alone

Intentional Overwriting of EMS Security Logs via Script Executed 38,478 Times (AZ) Read More »