A Visit from the FBI

[c0rrupt3d 0]

I saw this on a newsgroup I am in and thought it would be intresting to share it all with you. I dont know how valid this information is below, but i can see with how mac deletes files and so on how they would have a hard time.

>> Quoted from:-

>>

>> A Visit from the FBI

>> By Scott Granneman

>>

>> "

>>

>> Dave also had a great quotation for us: "If you're a bad guy and you

>> want to frustrate law enforcement,

>> use a Mac." Basically, police and government agencies know what to do

>> with seized Windows machines.

>> They can recover whatever information they want, with tools that

>> they've used countless times.

>> The same holds true, but to a lesser degree, for Unix-based machines.

>> But Macs evidently stymie

>> most law enforcement personnel. They just don't know how to recover

>> data on them. So what do they do?

>> By and large, law enforcement personnel in American end up sending

>> impounded Macs needing data

>> recovery to the acknowledged North American Mac experts: the Royal

>> Canadian Mounted Police.

>> Evidently the Mounties have built up a knowledge and technique for Mac

>> forensics that is

>> second to none.

[neuro 1]

the mounties are l337 mac haxors.... apparently....

[greystatic 0]

Hah! If they have trouble with Macs, I would love them try to recover data after the....

(4 random overwrites)    memset(ptr, 0x55, sizeof(ptr));    memset(ptr, 0xAA, sizeof(ptr));    memset3b(ptr, sizeof(ptr), 0x92, 0x49, 0x24);    memset3b(ptr, sizeof(ptr), 0x49, 0x24, 0x92);    memset3b(ptr, sizeof(ptr), 0x24, 0x92, 0x49);    memset(ptr, 0x00, sizeof(ptr));    memset(ptr, 0x11, sizeof(ptr));    memset(ptr, 0x22, sizeof(ptr));    memset(ptr, 0x33, sizeof(ptr));    memset(ptr, 0x44, sizeof(ptr));    memset(ptr, 0x55, sizeof(ptr));    memset(ptr, 0x66, sizeof(ptr));    memset(ptr, 0x77, sizeof(ptr));    memset(ptr, 0x88, sizeof(ptr));    memset(ptr, 0x99, sizeof(ptr));    memset(ptr, 0xAA, sizeof(ptr));    memset(ptr, 0xBB, sizeof(ptr));    memset(ptr, 0xCC, sizeof(ptr));    memset(ptr, 0xDD, sizeof(ptr));    memset(ptr, 0xEE, sizeof(ptr));    memset(ptr, 0xFF, sizeof(ptr));    memset3b(ptr, sizeof(ptr), 0x92, 0x49, 0x24);    memset3b(ptr, sizeof(ptr), 0x49, 0x24, 0x92);    memset3b(ptr, sizeof(ptr), 0x24, 0x92, 0x49);    memset3b(ptr, sizeof(ptr), 0x6D, 0xB6, 0xDB);    memset3b(ptr, sizeof(ptr), 0xB6, 0xDB, 0x6D);    memset3b(ptr, sizeof(ptr), 0xDB, 0x6D, 0xB6);(4 random overwrites)

-ish procedure that is implemented in many security-concious programs (afaik, gpg, gringotts, and the like, more programs should take steps like ^^).

If you're interested in recovery of magnetic and (not really) "volatile" memory, check out the de-facto standard: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.htmlH

[neuro 1]

i thought that you had to zero a disk 7 times as a rule of thumb to stop forensic analysis in its tracks.

[White_Raven 0]

Just use encrypted loopback filesystems, or hardware that doesnt fit any real common standard.

Edited January 29, 2004 by White_Raven

[masakari098 0]

auto hasnt said it yet, so i will...anyone remember 760(about)k 5 1/4 in floppies?

[White_Raven 0]

heh, better yet:

A cyphered loopback with the key being the entire content of a old 5.25 floppie being the key for the filesystem, plus a password.

[neuro 1]

if you get bustxorr'd, and they find an encrypted filesystem, they will just subpoena your password, or hold you in contempt of court, and get you in more trouble than you where in in the first place. if you want to DESTROY your data, you zero the sector of the disk containing the info in question 7 times.

[ilpimp 0]

if you put a magnet on your hard drive, would it erase it?

[c0rrupt3d 0]

if you put a magnet on your hard drive, would it erase it?

It should to a certain point. The ones I have seen have some kind of switch you have to turn on, so I suspect that you have to do more then just put it on there.

[ilpimp 0]

if you put a magnet on your hard drive, would it erase it?

It should to a certain point. The ones I have seen have some kind of switch you have to turn on, so I suspect that you have to do more then just put it on there.

I have a 12" subwoofer sitting in my room that i would use. It seems like it would be strong enough.

[Subzero1037 1]

lol zero ing it out 7 times tho could take a while lol

[Cr45 Du57 0]

check out this http://www.active-eraser.com/ they say

METHODS FOR DATA DESTRUCTION

Active@ ERASER has several methods for data destruction that conform to:

US Department of Defense clearing and sanitizing standard DoD 5220.22-M

German VSITR

Russian GOST p50739-95.

More sophisticated methods like Gutmann's or User Defined methods are available as well.

[neuro 1]

that makes me think, I wonder if any of the DOD standards books have a method for data destruction.

[White_Raven 0]

It doesnt matter if they subpoena your password or not if in all the consufion and stress you forget your passwords; In court they cant do shit to you if you inform them of the fact that you have forgotten your passwords due to all the confusion and stress; Its a defence protected by law in fact.

[StankDawg 48]

Actually, Saitou and I were talking about this yesterday...I was under the impression that it took 20 "wipes" of a hrd drive to meet government standards for non-recoverability.

That is to say that you must FILL your hard drive on one full pass to all "X" until it is full. Then do another write of all "O" to the whole hard drive as pass 2. Continue switching until you reach 20 passes. Supposedly, the logic is that the "X" and "0" (or possible "1" and "0") are opposites of each other and that by alternating you keep flipping teh magnetic bits enough to cause any actual original data to be logically destroyed.

Now to scare you even more, I was talking to a "friend" on "the inside" earlier this week and we had an interesting discussion on "disk shaving". You might want to read up on that.

As an afterthought: This would be a great topic for an article! If someone is so inclined, they should write it up and submit it to <BR> articles@binrev.com for the next issue!

[Zapperlink 2]

Well if your bored... encrypt it.. but on top of that.. use a hardly supported filesystem... and if your even more bored.. translate your texts using a generator program.. to a ancient language.. That should play with their minds... even with all the passwords in the world.. and then finding someone who has the knowledge to support rare filesystems... and even finding a linquist to support the language.. they have done their homework and they are ready to find out about your secret paper on fried rice.

[Zeigenfus 0]

Or you can rig up your computer with shaped ceramic thermite charges around the hard drives that are remotely detonatable. Last I heard it was pretty hard to recover data from molten slag.

[neuro 1]

i knew that it wouldn't be long 'till 'fus said something about either fire or explosives.

[Minion 0]

hook it up to a pager that is connected to a fuse, and make that your first call from jail to ignite the thermite

[Tank 0]

i like the blowing up idea best or just have a switch that would start the disk spining wile a electro magnet starts erasing it. this way data is lost and i think you could use it again if you low level format it

[automatic_jack 0]

yea.... i've actualy been contemplating installing a a electromagnet driven by some burly capacitors in my case, rigging it to fire if someone tries to move the machine... what i am looking for is a sort of emp setup **just** weak enough not to b0rk my hardware while absolutely laying waste to magnetic storage medium in the general vicinity....

[inetank 0]

bulk tape erasers are only about $25. Put thermite on it and have it connected to a photo cell so when the open the computer it will go. Or if you give them a special password that triggers it.

[neuro 1]

that was like in cryptonomicon, where he is outside, sitting there trying to rm -rf his box because the fbi is breaking down the door, then all of a sudden, he turns around and one of the secret admirer guys the blasts the building with a HEAP EMP cannon.

[XxthugstylezxX 1]

bulk tape erasers are only about $25. Put thermite on it and have it connected to a photo cell so when the open the computer it will go. Or if you give them a special password that triggers it.

Dont you think when the small explosion go's off when they open it they'll think you tried to rig a bomb not only to destroy all data on there but also to try to harm them? That would land you a life time pass to cell 31337 and the your superficial orange jump suite with the numbers 1337 on it dont you think?