c0rrupt3d

A Visit from the FBI

44 posts in this topic

I saw this on a newsgroup I am in and thought it would be intresting to share it all with you. I dont know how valid this information is below, but i can see with how mac deletes files and so on how they would have a hard time.

>> Quoted from:-

>>

>> A Visit from the FBI

>> By Scott Granneman

>>

>> "

>>

>> Dave also had a great quotation for us: "If you're a bad guy and you

>> want to frustrate law enforcement,

>> use a Mac." Basically, police and government agencies know what to do

>> with seized Windows machines.

>> They can recover whatever information they want, with tools that

>> they've used countless times.

>> The same holds true, but to a lesser degree, for Unix-based machines.

>> But Macs evidently stymie

>> most law enforcement personnel. They just don't know how to recover

>> data on them. So what do they do?

>> By and large, law enforcement personnel in American end up sending

>> impounded Macs needing data

>> recovery to the acknowledged North American Mac experts: the Royal

>> Canadian Mounted Police.

>> Evidently the Mounties have built up a knowledge and technique for Mac

>> forensics that is

>> second to none.

0

Share this post


Link to post
Share on other sites

the mounties are l337 mac haxors.... apparently....

0

Share this post


Link to post
Share on other sites

Hah! If they have trouble with Macs, I would love them try to recover data after the....

(4 random overwrites)    memset(ptr, 0x55, sizeof(ptr));    memset(ptr, 0xAA, sizeof(ptr));    memset3b(ptr, sizeof(ptr), 0x92, 0x49, 0x24);    memset3b(ptr, sizeof(ptr), 0x49, 0x24, 0x92);    memset3b(ptr, sizeof(ptr), 0x24, 0x92, 0x49);    memset(ptr, 0x00, sizeof(ptr));    memset(ptr, 0x11, sizeof(ptr));    memset(ptr, 0x22, sizeof(ptr));    memset(ptr, 0x33, sizeof(ptr));    memset(ptr, 0x44, sizeof(ptr));    memset(ptr, 0x55, sizeof(ptr));    memset(ptr, 0x66, sizeof(ptr));    memset(ptr, 0x77, sizeof(ptr));    memset(ptr, 0x88, sizeof(ptr));    memset(ptr, 0x99, sizeof(ptr));    memset(ptr, 0xAA, sizeof(ptr));    memset(ptr, 0xBB, sizeof(ptr));    memset(ptr, 0xCC, sizeof(ptr));    memset(ptr, 0xDD, sizeof(ptr));    memset(ptr, 0xEE, sizeof(ptr));    memset(ptr, 0xFF, sizeof(ptr));    memset3b(ptr, sizeof(ptr), 0x92, 0x49, 0x24);    memset3b(ptr, sizeof(ptr), 0x49, 0x24, 0x92);    memset3b(ptr, sizeof(ptr), 0x24, 0x92, 0x49);    memset3b(ptr, sizeof(ptr), 0x6D, 0xB6, 0xDB);    memset3b(ptr, sizeof(ptr), 0xB6, 0xDB, 0x6D);    memset3b(ptr, sizeof(ptr), 0xDB, 0x6D, 0xB6);(4 random overwrites)

-ish procedure that is implemented in many security-concious programs (afaik, gpg, gringotts, and the like, more programs should take steps like ^^).

If you're interested in recovery of magnetic and (not really) "volatile" memory, check out the de-facto standard: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.htmlH

0

Share this post


Link to post
Share on other sites

i thought that you had to zero a disk 7 times as a rule of thumb to stop forensic analysis in its tracks.

0

Share this post


Link to post
Share on other sites

Just use encrypted loopback filesystems, or hardware that doesnt fit any real common standard.

Edited by White_Raven
0

Share this post


Link to post
Share on other sites

auto hasnt said it yet, so i will...anyone remember 760(about)k 5 1/4 in floppies? :lol:

0

Share this post


Link to post
Share on other sites

heh, better yet:

A cyphered loopback with the key being the entire content of a old 5.25 floppie being the key for the filesystem, plus a password.

0

Share this post


Link to post
Share on other sites

if you get bustxorr'd, and they find an encrypted filesystem, they will just subpoena your password, or hold you in contempt of court, and get you in more trouble than you where in in the first place. if you want to DESTROY your data, you zero the sector of the disk containing the info in question 7 times.

0

Share this post


Link to post
Share on other sites
if you put a magnet on your hard drive, would it erase it?

It should to a certain point. The ones I have seen have some kind of switch you have to turn on, so I suspect that you have to do more then just put it on there. :D

0

Share this post


Link to post
Share on other sites
if you put a magnet on your hard drive, would it erase it?

It should to a certain point. The ones I have seen have some kind of switch you have to turn on, so I suspect that you have to do more then just put it on there. :D

I have a 12" subwoofer sitting in my room that i would use. It seems like it would be strong enough.

0

Share this post


Link to post
Share on other sites

check out this http://www.active-eraser.com/ they say

METHODS FOR DATA DESTRUCTION

Active@ ERASER has several methods for data destruction that conform to:

US Department of Defense clearing and sanitizing standard DoD 5220.22-M

German VSITR

Russian GOST p50739-95.

More sophisticated methods like Gutmann's or User Defined methods are available as well.

;)

0

Share this post


Link to post
Share on other sites

that makes me think, I wonder if any of the DOD standards books have a method for data destruction.

0

Share this post


Link to post
Share on other sites

It doesnt matter if they subpoena your password or not if in all the consufion and stress you forget your passwords; In court they cant do shit to you if you inform them of the fact that you have forgotten your passwords due to all the confusion and stress; Its a defence protected by law in fact.

0

Share this post


Link to post
Share on other sites

Actually, Saitou and I were talking about this yesterday...I was under the impression that it took 20 "wipes" of a hrd drive to meet government standards for non-recoverability.

That is to say that you must FILL your hard drive on one full pass to all "X" until it is full. Then do another write of all "O" to the whole hard drive as pass 2. Continue switching until you reach 20 passes. Supposedly, the logic is that the "X" and "0" (or possible "1" and "0") are opposites of each other and that by alternating you keep flipping teh magnetic bits enough to cause any actual original data to be logically destroyed.

Now to scare you even more, I was talking to a "friend" on "the inside" earlier this week and we had an interesting discussion on "disk shaving". You might want to read up on that.

As an afterthought: This would be a great topic for an article! If someone is so inclined, they should write it up and submit it to <BR> articles@binrev.com for the next issue!

0

Share this post


Link to post
Share on other sites

Well if your bored... encrypt it.. but on top of that.. use a hardly supported filesystem... and if your even more bored.. translate your texts using a generator program.. to a ancient language.. That should play with their minds... even with all the passwords in the world.. and then finding someone who has the knowledge to support rare filesystems... and even finding a linquist to support the language.. they have done their homework and they are ready to find out about your secret paper on fried rice.

0

Share this post


Link to post
Share on other sites

Or you can rig up your computer with shaped ceramic thermite charges around the hard drives that are remotely detonatable. Last I heard it was pretty hard to recover data from molten slag.

0

Share this post


Link to post
Share on other sites

i knew that it wouldn't be long 'till 'fus said something about either fire or explosives.

0

Share this post


Link to post
Share on other sites

hook it up to a pager that is connected to a fuse, and make that your first call from jail to ignite the thermite

0

Share this post


Link to post
Share on other sites

i like the blowing up idea best or just have a switch that would start the disk spining wile a electro magnet starts erasing it. this way data is lost and i think you could use it again if you low level format it

0

Share this post


Link to post
Share on other sites

yea.... i've actualy been contemplating installing a a electromagnet driven by some burly capacitors in my case, rigging it to fire if someone tries to move the machine... what i am looking for is a sort of emp setup **just** weak enough not to b0rk my hardware while absolutely laying waste to magnetic storage medium in the general vicinity....

0

Share this post


Link to post
Share on other sites

bulk tape erasers are only about $25. Put thermite on it and have it connected to a photo cell so when the open the computer it will go. Or if you give them a special password that triggers it.

0

Share this post


Link to post
Share on other sites

that was like in cryptonomicon, where he is outside, sitting there trying to rm -rf his box because the fbi is breaking down the door, then all of a sudden, he turns around and one of the secret admirer guys the blasts the building with a HEAP EMP cannon.

0

Share this post


Link to post
Share on other sites
bulk tape erasers are only about $25. Put thermite on it and have it connected to a photo cell so when the open the computer it will go. Or if you give them a special password that triggers it.

Dont you think when the small explosion go's off when they open it they'll think you tried to rig a bomb not only to destroy all data on there but also to try to harm them? That would land you a life time pass to cell 31337 and the your superficial orange jump suite with the numbers 1337 on it dont you think?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now