I'm aware that the "Multi-Stage Fingerprint Fabrications" article assumes a fair bit of technical knowledge to follow through and I'm also seeing some try to explain the processes and not communicate them as well (or accurately) as could be done.
So, here are processes that appear to have been used to construct Guccifer 2.0's first 5 documents (very likely starting at 1:38pm on June 15th but that's not an essential point for the sake of proving the fabrication efforts):
"1.doc", "2.doc" & "3.doc"
On a PC with a copy of MS-Word registered to "Warren Flood"...
Approximately 30 minutes later on a PC with a copy of MS-Word registered to "Феликс Эдмундович" each document goes through the following process:
1. The document is opened.
2. Content from a genuine document is pasted into it.
3. It is then saved and closed, writing the Russian name to the metadata in the process.
Even if we ignore names and times in the meta data, the process above is backed up by RSID correlations across the documents, something that wasn't discovered until mid-February of 2017 and clearly one aspect of these fingerprints that was not supposed to be discovered.
On a PC with a copy of MS-Word registered to "user", an original document was opened and saved-as "4.doc".
(It appears this was done in between the initial and second phases of fabricating the first 3 documents.)
On the PC with a copy of MS-Word registered to "Феликс Эдмундович" an original document is opened and then saved as "5.doc".
For both "4.doc" and "5.doc", the original creator/author name being retained but the creation and last modification timestamps matching the modification time - is how we can tell how those the files were handled - if you experiment writing out RTF-format documents in MS-Word under various circumstances you'll see this result only occurs under the same set of circumstances)