Friday, January 25, 2008

How do forensic investigators seize and analyze a computer without turning it off?

The nightmare scenario for today's modern digital forensic investigator is the seizure of a computer with strong incriminating evidence contained on its hard drive. After seizure, but prior to investigation of the drive, the computer is turned off and removed to another location. The nightmare begins when the forensic investigator realizes that the computer was password protected and encrypted; and the perp won't provide the password (or the perp is nowhere to be found!).

Think it can't happen? It just did. Read this from a recent newspaper account:

"FEDS WANT PASSWORD TO UNLOCK COMPUTER FILES".

WASHINGTON -- The federal government is asking a US District Court in Vermont to order a man to type a password that would unlock files on his computer, despite his claim that doing so would constitute self-incrimination.

The case, believed to be the first of its kind to reach this level, raises a uniquely digital-age question about how to balance privacy and civil liberties against the government's responsibility to protect the public.

The case, which involves suspected possession of child pornography, comes as more Americans turn to encryption to protect the privacy and security of files on their personal computers and thumb drives.

FBI and Justice Department officials, meanwhile, have said that encryption is allowing terrorists and criminals to communicate their plots covertly.

The original article may be found on the Washinton Post's website, in it's entirety, here.

The use of WiebeTech's 'HOTPLUG' device allows forensic criminal investigators (along with our companion product, 'Mouse Jiggler') to stabilize a computer, prevent it from going to sleep, examine it, and if necessary, relocate it to a secure location without ever powering the computer down. This is real technology, it works, and it's available now.

Go ahead and look at the links. You'll see technical information on how to use Hotplug and Mouse Jiggler, along with a couple of nifty Youtube videos that demonstrate Hotplug in action.

Tuesday, November 27, 2007

Digital Photography Hard Drive Backup #1

** Details have been changed in order to protect friends and customers! **

A few evenings back, I was twiddling away in my home office when the phone rang. It was an old friend; hadn't heard anything from him in awhile. He had a friend who was a professional photographer.

It turns out the friend of a friend had recently completed some customer sessions (with obviously irreplaceable photos) and was editing them on an external enclosure. When he turned to take his laptop computer to another room, he forgot it was attached to the enclosure. The enclosure slid across the table, and quicker than you can say "uncontained disaster", the hard drive hit the floor.

Thereafter, it made funny clicking sounds. If it was a living creature, you could almost imagine blood flowing out of it as it made moans of death!

A couple of days later, we sent the damaged drive to Drivesavers. They have a thriving little business (actually, it's not so little) helping folks recover from these disasters.

Now the bad news: they had no good news, and there is no happy ending to this story. They pulled it apart and discovered that the drive was irreparably damaged, and the irreplaceable photos were gone forever.

The moral of the story: ALWAYS make a backup of your data.

Tuesday, November 13, 2007

6 Things You Thought You Knew About Erasing a Hard Drive.

Justin wrote a fine white paper on the topic of what's on hard drives. If you haven't read the paper, you should.

read more | digg story

Monday, November 12, 2007

Drive Eraser, Drive eRazer

WiebeTech introduced a new product today, called Drive eRazer. It's a drive eraser. Hook it up to a hard drive, and *voila*, the contents are zeroed. There's no software to install, it's fast, and it doesn't tie up your computer for hours. And it's cheap. $99.95.