lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fa8424e70606291718ydf5499ue569615383bcdec5@mail.gmail.com>
Date: Fri Jun 30 01:18:37 2006
From: jonorb at gmail.com (Jon O.)
Subject: FBI Says Data on VA Laptop Not Accessed

On 6/29/06, Brian Eaton <eaton.lists@...il.com> wrote:
> Would any of the forensics experts out there care to comment on the
> claims in this story?
>
> http://tinyurl.com/m43cw

Good question. I addressed this question at the link
below, I won't reprint the whole article here, but this
is something to consider:

http://blog.zonelabs.com/blog/2006/06/forensics_looki.html

While it's good they got the *hardware* back, recovering the laptop it
self doesn't mean the data wasn't stolen.

Speaking to this concern, another report stated this:

    The FBI, in a statement from its Baltimore field office, said:
    A preliminary review of the equipment by computer forensic teams d
etermined that the database remains intact and has not been accessed s
ince it was stolen. A thorough forensic examination is underway, and t
he results will be shared as soon as possible. The investigation is on
going.

As a former Computer Forensic Specialist, I wanted to explain what's p
robably going on with this laptop now that the FBI has the system and
is forensically examining it. This explanation assumes the data was pr
esent on the hard drive (not a CD-Rom or other storage medium).

...

Worst case scenario:
The laptop thieves really know what they are doing. They remove the
hard drive from the laptop, and mount it read-only (no modifications to
the file system) on another computer, access the sensitive data and
re-insert the hard drive into the stolen laptop. This is the same process
the forensic examiner would use to prevent the examination from modifying
the data contained on the laptop -- and this is why I mentioned
what the FBI might look for during the physical examination -- marks on
the screws or finger prints on the internal hard drive casing (which gloves
would obviously prevent).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ