File Systems for Electronic Surveillance Devices?

An anonymous reader asks: "A friend recently discovered that her vehicle had been bugged by the police (for reasons I won't go into here). It seems the set-up had been wired into the car's electronics, so that whenever the car was going the microphones were recording the occupants' conversations. Unfortunately I didn't get to see everything she recovered, as she was a bit exuberant in her removal and disposal. However, I have been given a 20G Fujitsu notebook hard drive and some kind of audio processing chip from a manufacturer by the name of Topoint, and have been asked if I can examine the contents. You can read on to hear about my efforts so far, but I have several questions: If the surveillance device came from a vendor, what kind of file system might they use, and if - as I suspect - it is encrypted, do I have any options other than writing zeros over the drive and putting it to less controversial use?" "Not knowing what to do with the audio chip, I focused on the notebook hard drive. I got an adapter, connected it as master on my desktop and booted up. After checking the BIOS to see if the drive was recognised (it was), I was presented with a full-screen simple line diagram showing the floppy drive slot, a floppy with an arrow in front of it and across the bottom, the F keys with the F1 key depressed. Hitting F1 with or without entering a disk resulted in 'Non-system disk error...' So much for the direct approach.

Next I set the drive as slave and booted Linux (Mandrake and then a few Live CDs), but the drive contents weren't recognised due to the lack of a partition table. So, I kept it as slave and ran a few forensic and data recovery tools in Windows: DFSee and tools from Mare Software and Runtime Software. I couldn't recognize the file system or recover anything from the drive with these, so I figure it isn't formatted with any of the standard FAT, FAT32, HPFS, NTFS, JFS, EXT2/3 or REISER file systems. I've kind of reached the limit of my abilities here, but my curiosity has been stoked.

Does anyone have any suggestions or comments - useful or otherwise? To anticipate a few in advance: Yes, listening devices might well run Linux. We're not in the US and are more interested in human rights than terrorism. My friend obviously knows most of what has been recorded, but wants to figure out how long the bug was in place."

Re:Hmm

I think you have bigger probems than the technical ones you are facing. Get a lawyer.

Or better yet, dd the HD contents into a file and put it up on bittorrent.

A better idea

[crstophr]

Forget reading the data.

Format the whole thing with fat32
Fill the entire drive with gay porn.

Reinstall in car.

Re:A better idea

[dgatwood]

Even better, find a bunch of people on the street who you don't know. Hand them scripts and ask them to read them while you drive the car. In those scripts, they should confess to dozens of crimes that never happened. One might admit that he/she hid the body in the foundation of the Microsoft building, another that he murdered some famous person (who isn't dead... or better yet, who is, but who died naturally, ideally before the 'murderer' was born), etc.

As the recording gets longer, make the conversations get more and more outrageous. One person tells the other that he used to be a she who, in turn, used to be a he. Another goes into a tirade about how his father beat him, so now he feels like he should beat his children... except that he doesn't have children, so he beats up random children on the playground instead. At some point, the line "I'm not your Uncle, I'm your father" appears. "But wait, that would make me your brother." "Eww.... You married your sister?"

By the end, everybody is sleeping with everyone, family trees are intertwined in amusing ways, the priest is having an affair with the school nurse, and the horny schoolgirl talks about how she once had sex with the governor/president/whatever. It all culminates with someone deciding to off him/herself, not because he/she did anything wrong, but because he just found out that his sister had become a prostitute to raise money to help pay for his cancer treatment while he sold his cancer drugs to help pay for her AIDS treatment. Be sure to accurately simulate the sound of a gunshot through the roof of a car.

Watch the amusement as the police A. try to find the blood stains, B. try to find the bullet hole, C. try to figure out who the heck all those people are, and D. arrest a senior government official for underage sex. If you pull it off without getting caught, it would be the prank of the century....

Re:Exact same thing happened to me.

[themassiah]

even if the sex is good The what?

Re:Let me get this straight:

[DustMagnet]

If you were designing a car bug, what would you use for storage? Something without moving parts.

I wish the police would put a large flash device in my car!

Investigate the [BS] first

"Shiny brown? Uhhh. What kinda data do you store in "shiny brown" medium?"

This story, and most of the comments.

Lo-Jack

LOL, she just tore out her dealer-installed Lo-Jack system. I'd hate to be her at the end of her lease term....

Re:Whose property is it?

eh, any precedent would be country-specific anyway. and he ain't tellin' which country, for obvious reasons.

Obvious reasons? Like 'cause then it limits down his identity to one of a few million people?

Um, I would hope that there aren't that many countries that are targeting "a few million people". Or heck, even targeting enough people so that they and each of a dozen of their closest friends adds up to "a few million people".