Sign up for our Health IT Newsletter
"*" indicates required fields
A local Board of Supervisors voted unanimously in January 2021 to authorize the Forensic Audit of ballot tabulation equipment; the culmination of a year-long effort to ensure the accuracy of the voting hardware and software used in the local division elections.
SLI Compliance’s team performed analysis of the election equipment’s software and hardware hacking vulnerability, verified that no malicious software was installed, and tested tabulators to ensure there was no information being sent or received via internet.
The election equipment and software passed all tests performed by the SLI Compliance VSTL team.
The forensic audit was conducted on the division’s voting system and included an examination of the following items:
This effort included verification of the following items:
SLI Compliance conducted the forensic audit in a way that maximized efficiencies in examining the election artifacts.
The process included creation of disk images that allowed the examiners to audit and analyze the systems without the risk of changing the original system environments. Once the system media was imaged the examiners were able to mount and use forensic tools to inspect the systems for indicators of internet connectivity, as well as indicators of malicious or unauthorized software present on the systems.
County and Manufacturer mandates require that devices used for elections must be isolated from all non-election-related equipment and connections. To accommodate these requirements, SLI Compliance provided technological capability to block any data alterations to election-related media or resources. They achieved this by using specialized technology designed to prevent changes to the election media throughout the forensic investigation. The Hardware and software tools employed hardware-level, read-only, write-blocking features to eliminate the risk of unintentional changes to election-related media during the audit process. Additionally, the tool came equipped with several write-protected ports, facilitating the secure connection of various types of storage media in a read-only, write-protected fashion.
The tool provided read-only, write blocking technology at a hardware layer, preventing inadvertent modification of election media during the audit. The tool also provided multiple write protected ports that allowed for a wide variety of storage media to be connected in a read only write protected manner.
Examination for Item #1, verification of hashes, included usage of:
Examination for Item #2, checking for malicious software, included usage of:
Examination for Item #3, internet connectivity check, included usage of
Examination for Item #4
SLI Compliance completed the audit of the local election division’s voting system components.
SLI Compliance maintained the integrity of the audited system components by performing a an image of all systems examined by SLI Compliance, except for the two EMS servers. that were live systems. Unused media from original packaging was used to remove or extract data from the live systems. In all instances, when removing or examining system storage media, proof of write back protection was demonstrated to protect the election infrastructure’s air-gapped environment.
Physical examination of the election infrastructure indicated that the physical setup of the systems was arranged so that all network connectivity was clearly marked and delineated. This means that, at any time, observers could examine and determine that the election systems were connected only to authorized networking. Separate cable runs were positioned to clearly identify all network cabling to and from election devices, and cables were color coded for easy identification. In addition, the entire election area was fully covered by cameras that may be used for observing the election process and maintaining a historic record of events on the election processing floor.
While the systems examined showed no malicious or networking related USB devices being
connected, the systems examined didn’t provide a physical or a digital method of preventing unauthorized USB devices to the systems. In this case, policy drives control of USB connectivity.
For the four items being examined,
What we did
"*" indicates required fields
"*" indicates required fields