If you don't know about the RTF/RSID evidence already - please read this first.
Now we can take a look at the metadata - and see that it corroborates and helps provide more detail to what we know about the process used.
|File||Created By||Time||Modified By||Time|
|1.doc||Warren Flood||1:38pm||Феликс Эдмундович||2:08pm|
|2.doc||Warren Flood||1:38pm||Феликс Эдмундович||2:11pm|
|3.doc||Warren Flood||1:38pm||Феликс Эдмундович||2:12pm|
We can see that a copy of MS-Word registered to "Warren Flood" was apparently used to create all 3 documents at the same time, this would seem odd usually, but we know they were just saving a tainted blank template as multiple files.
We then see that "Феликс Эдмундович" (the founder of the soviet secret police and someone who has been deceased for 90 years!) opens the files in sequence 30 minutes later, doing something (copying in the contents from original documents into the blank 'pre-tainted' template) and then saving the files, within the space of a few minutes.
SUMMARY: The files were constructed from the same template document with a Russian stylesheet entry in it and then each file, in sequence, was opened to add a secondary layer (writing the Russian name to metadata) when content was copied into them. - TWO layers of Russian "fingerprints", with one existing in the documents even before the main content was present in them!
Guccifer 2.0, from day one, was using a Russian masquerade and knew anything he could forge a perceived attribution with would later be easy to discredit because of their association with the 'Russian Hacker' persona.
Everything shown on RTF/RSID & metadata can be CHECKED and VERIFIED independently and immediately.