Slashdot Mirror
Alternative Browsers Impede Investigations
rbochan writes "Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""
This is one of the dumbest articles I've read in a while...
From TFA:Implying that 'alternate browsers' such as Firefox and Opera, 'hide' data? Shenanigans! These other browsers don't 'hide' anything...you just have to know where to look.
Also from TFA:You can't be serious. If it's this easy to thwart the authorities, maybe I should tender my resume.
God help these 'professionals' if a suspect's computer happens to run Linux...which brings up a disturbing thought...is the presence of a 'non-standard' browser or OS now going to be 'suspicious' to investigators, because they can't seem to penetrate its 'arcane secrets'?
____
~ |rip/\/\aster /\/\onkey
Switch back to IE, it's the best Homeland Security Friendly browser on earth!
While the summary sounds like a "problem", the article clearly indicated that someone has already figured how to deal with these alternative browsers and is sharing with the law enforcement agents.
Rock that crushes, Paper & Scissors that don't matter.
Looks like the cops got this before those evil Firefox users could....
Well these examiners must be idiots then, I would much rather sort through the files in ~/.mozilla/firefox and a swap partition than scattered IE files and the Windows registry.
RE: "they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners."" ... GOOD!!!
-GenTimJS
Heaven forbid that they have to learn to deal with a different file layout. I mean, it's not like these are supposed to be skilled professionals practicing their trade here...
sed "s/SJW.*$/... never mind. I was about to say something stupid, and also, I'm a troglodyte./Ig"
Firefox and Opera may use a different method of file structure/ naming, but they *do* have a fundamental process and that process does not vary from system to system.
"Simplify, simplify, simplify!" Thoreau
...the terrorists have already won.
Isn't that exactly why we switched for Opera and Firefox?
A morning without coffee is like something without something else.
In other news, bad guys hide in secret hideouts, which makes it hard for the Police to do their job.
Damn I have deployed TOR for nothing. Installing Firefox was enough.
http://ebgp.net/ccc/
It sounds like a lot of the people doing this kind of investgation aren't actually computer experts, but using pre-packaged software or following a list of directions someone has tailored for IE.
Effectively, they're professional script kiddies working for the common good instead of against it.
The lesson? Training. You wouldn't put a detective in the morgue and hand him a scalpel, and you wouldn't drop him in a science lab. You'd hire a coroner, you'd hire someone trained in forensic science. If you're going to search someone's computer for evidence, hire an expert or train someone to become an expert.
Help me out, /.!!!
1. Submit patent.
2. ???
3. Profit!
Reminder: Apple owns 1/255th of the internet.
I mean, if the police is too stupid to learn other things, we really should do like the police wants.
If we'd had to listen to what the police want, we'd still be using GOPHER...
Well, mister the police, if you're too friggin stupid to cope, though noogies!!! You're not the guys calling the shots.
I have a WAY harder time developing apps that run on the same three browsers. Yes, it's a pain. Yes, I don't like my job being any harder than it should be either. So please don't whine to me about how invading my privacy is harder to do.
Dear investigators,
Your current guidebook reads as follows.
1. Search IE cache directory.
Please append the following lines.
2. ???
3. Search Firefox cache directory.
4. Search Opera cache directory.
5. Profit.
Repeat as necessary for any other browsers. Problem solved. Yeesh, some people are morons.
Now I understand why the police or 'special' agencies can't find their terrorists: they rely on MS in general, and IE in particular! ;-)
--- "To pee or not to pee, that is the question." ---
Firefox and Opera store information on typed URLs in a different file than IE does, and the files are somewhat tough to decipher
You would think since Firefox is open-source, it would be a trivial matter to determine the format of the cache files by examining the source code.
And then I realized that they were serious.
Now I weep for them.
RTFA again for the best results.
Have they SEEN how IE stores history data? You want to talk about hidden data, sheesh.
Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.
From my perspective, it seems this is just another reason to make sure I am using the most obscure browsers available.
Not only do these browsers avoid most of the common exploits for IE, etc, but they foil law enforcement?? Sign me up!
All generalizations are bad.
So with a few low-res pictures of some metal objects in Iraq we can determine they have biological weapons... but the 'trained professionals' working for the police can't figure out how to find Firefox's internet logs?
...Firefox... on Linux! "Find what they've been browsing? Hell, we can't even find C: !"
"cause trouble for examiners."
Exactly!!!
People have more trouble figuring out what I've been up to!!!
Investigators need to change, they can't expect people to bend over backwards to make it easier.
Adaptation is a key necessity for investigators. If they can't adapt to the future and to other changes, then we need to find better people. Simple as that.
In other news, law enforcement officals have become lazier than ever.
What am I missing here? How is this a problem?
Let me see now (Jon Stuart grin), the police haven't learned how "alternative" browsers store data. Users of these "alternative" browsers even have been known to "flush" their data caches. This , um, "flushing" is a suspicious behavior - AND these "alternative" browsers are resistant to spyware that we normally use to "spy" on our "citizens."
I say, if these "citizens" don't want to be "spied" on, they are SUSPICIOUS! SEND THEM TO GUANTANAMO!
Meanwhile, in Soviet Russa...
Good.
That's one of the reasons I use Firefox, Thunderbird, Sunbird, etc...
Security by obscurity is not essentially valid, but it can be useful.
The government can't force people to organize their thoughts or ideas written down on legal pads with sworn oaths as to dates & times, why should ANY information be handed to them. I run may trace eliminators, for this purpose. I encrypt my file system. If this is going to slow them down or prevent them from gathering evidence, it's done it's job. Just another reason not to buy into the Microsoft way. (I'm not being facetious, it's true: Microsoft has an agenda to be on the side of the law, they HAVE to be lobbying quietly to get stuff like this out and laws passed to enforce it.)
So... are they trying to say that using Firefox and Opera makes it easier to be a terrorist?
OMG.
Investigators are lazy and stupid! I'm surprised they could gather the energy to complain.
I would say this says something about the level of education and intellegance of authorities. They aren't very educated and smart. If the techie authorities can't handle browser differences how are they supposed to find info on computers are trying to hide.
If I were the authorities I would be insulted by this article and it implying they aren't smart.
Evolution or ID?
They can figure out IE's convoluted way of storing data such as cookies but they can't find out how Firefox stores its data? Bogus!
EvilCON - Made Famous by
What if we told them that IE wasn't stanards compliant.
Microsoft is like...no, it's much worse.
"use different structures, files and naming conventions for the data "...
What??? They are not following the Microsoft IE standard? WTF!?
As a criminal defense attorney specializing in computer crimes, I can say authoritatively that the investigators are typically poorly trained. Most that I have dealt with are not IT or CS degree holders. In fact, the norm is for it to be a police officer who has taken a 2 week course in Encase, nothing more. Their knowledge of operating systems is lacking to say the least. Of course, this can result in some poor schmuck being convicted for something he didn't do, both because the cops don't know any better, and the juries - who typically take the word of the police as gospel down here in Arizona, know even less and rely on the uninformed testimony of law enforcement.
http://www.theregister.co.uk/2004/01/28/a_visit_fr om_the_fbi/
A visit from the FBI
By Scott Granneman, SecurityFocus
Published Wednesday 28th January 2004 13:05 GMT
[snip]
I teach technology classes at Washington University in St. Louis, a fact that I mentioned in a column from 22 October 2003 titled, "Joe Average User Is In Trouble". In that column, I talked about the fact that most ordinary computer users have no idea about what security means. They don't practice secure computing because they don't understand what that means. After that column came out, I received a lot of email. One of those emails was from Dave Thomas, former chief of computer intrusion investigations at FBI headquarters, and current Assistant Special Agent in Charge of the St. Louis Division of the FBI.
Dave had this to say: "I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are." He then offered to come speak to my students about his experiences.
I did what I think most people would do: I emailed Dave back immediately and we set up a date for his visit to my class.
It's not every day that I have an FBI agent who's also a computer security expert come speak to my class, so I invited other students and friends to come hear him speak. On the night of Dave's talk, we had a nice cross-section of students, friends, and associates in the desks of my room, several of them "computer people," most not.
Dave arrived and set his laptop up, an IBM ThinkPad A31. He didn't connect to the Internet - too dangerous, and against regulations, if I recall - but instead ran his presentation software using movies and videos where others would have actually gone online to demonstrate their points. While he was getting everything ready, I took a look at the first FBI agent I could remember meeting in person.
[snip]
Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them!
Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.
[snip]
Micro$oft to congress: to protect our children from the terrorists we should modify the Patriot Act and outlaw all operating systems other than Windows and all browsers other than IE. Yes, for the children!
this is going to be a reason *to* use these browsers. I doubt the police will get much sympathy here.
I am trolling
Another microsoft drone quoted at Slashdot, nothing worth reading here, move on people! move on!
It's the silliest thing I've read about non-IE browsers, and how they're BAD since I read this one.
OMG, the terrorists have already won!
Seriously, way to go, guvvies. Advertise to the world that you are too stupid to be able to locate data in a Firefox profile directory, why don't you. Something tells me you should be bitching about your own tools and training methods rather than the tech industry's ability to move forward and create new, better things for everyone's sake, like superior non-bug-ridden/non-Microsoft software.
So that's why they can't find my legion of cybernetic rabbits!
My photo's.
Add this to the list of reasons not to use Internet Explorer.
I fail to see the point of the article. Tech changes, cops have to adapt. That's not news. Here's a related question - how do you wiretap a VOIP system? There's a problem we haven't heard much about, and I imagine we'll hear about that pretty soon.
If we start using real encryption more widely, that's going to make the lives of cops much tougher. I can only imagine a cop finally cracking an encrypted hard drive, and then being stymied by a non-default install.
"It's real and we can touch it, so least we know where we stand." - Jack Burton
Kinda funny that the investigations are focusing on things that are not standards complient to begin with. So non-"standard" browsers impede investigations, because investigators are looking for a nonstandard browser. Although the nonstandard that they ignore doesnt meet the nonstandard that they are looking for, the nonstandard that they are looking for doesnt meet the standards of the net. Yet the standard that they are not looking for is not being looked for because it doesnt meet the standard nonstandard.
Get it?
Wow, CNET is really scraping the bottom of the barrel for tech news isn't it.
investigator 1: DAMN IT! HE USED FIREFOX!
investigator 2: well shit i dont know what to do..
investigator 1: i heard they dont work the same way as IE.
investigator 2: fuck that, im not changing the methods of finding shit. i only solve crimes where the answers are handed to me on a silver platter.
message: stop bitching and get with the times
With IE, however, the user will contract some virus that will clear their hard drive. Try tracking browser history after that!
sigfault. core dumped.
This is going to be moot if the law enforcement is dealing with people who are serious about what they're doing. I'm sure that if someone is planning an elaborate high-profile attack, they would have the sense to be careful as well, so it won't matter if you use IE or if you use Firefox or if you use Lynx--it's not that hard to wipe out all traces of activity from your computer no matter what browser you use. So I doubt that this is going to be of any help in dealing with smart criminals.
;)
And if the law enforcement can't figure out how to write a simple tool to decipher the files that are left behind from alternative browsers (especially one like Firefox that is open-source, meaning that the format of such files would be easy to determine), then that's just, well, pathetic.
And finally, I think that this is a good thing. Most people in this world will probably never ever have to deal with law enforcement. But they do have to deal with snooping parents, snooping friends, snooping girlfriends, snooping spouses, snooping bosses, etc., so I welcome this as good news.
So says dear leader in this time of crisis. I'll be heading down to my nearest walmart to buy only true Murkian merchandise and software from now on.
Sadly his 30% base and the other idiots who vote for him would be like this.
The advent of Firefox and other alternatives to Internet Explorer means cybercops have to learn new tricks for their investigations. Well, if we never had internet, we would have never had the need for Cybercops. It doesnt mean we have to destroy the internet. It means we need to train Cops to become Cybercops.
Clearly, Google is the next Microsoft.
Thi is the reason all my illicit activity done on a computer, is done on really obscure platforms.
That way, if I'm ever caught, it'll be hard for the authorities to find out what I did, cuz my machines are all arkane and shit, or something like that.
Mainly I just like using weird platforms.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Heck, I regularly clear my cache and history logs in case my kids click their way inquisitively to the alternative browser and go where I've been.
I normally flush the cache, history, et al. for firefox simply because it takes up space and I don't like to sift through pages of stuff that I manually entred, especially for that URL I typoed 3 months ago. I wonder if that and regularily defragging my hard drives counts as suspicious activity?
Foreign languages are deemed barrier to terrorism investigations; Esperanto declared new mandatory global standard
In other words, they seem to be slamming Firefox, but actually it is pretty good advertisement for Firefox. They should put on their front page.
"Even the brightest police investigators can't look at your browser history! Get Firefox today, the most secure browser."
Perhaps we should make all guns the same calibur. All cars the same weight, size and color and all criminals the guilty of the same crime? Would that make it easy enough for them?
It would be called an "investigation" for a reason. And not just because it fit in well with the show title CSI: Miami.
In the US, there is an appaling lack of technical expertise in local police departments. Frequently extending to state and federal departments also.
I can only imagine what it is like in a less well funded or less progressive country.
Computer geeks could probably make a small mint on contracting with police departments.
Look, he is writing from right to left!
Quickly arrest him, he must be a terrorist!
How evil they are!
I'm still trying to figure out what people mean by 'social skills' here.
...perpetrator in high speed chases have grown increasingly accustomed to driving motorcars instead of their tried and true equine counterparts. Investigators have attempted to gain the advantage with performance enhancing drugs for their enforcer donkeys, but in the end are quoted as saying "It's just a pain in our asses."
FLR
It's about time someone linked the use of open source software to the War on Terror(TM). I was beginning to wonder if the authorities were asleep at the wheel...
A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
Somehow we just never realized this... we should also encourage businesses to only use ONE accounting method, so that embezzlement investigations can be simpler. There should only be a single gun manufacturer, with only one kind of gun available... imagine how much simpler investigations would be? "Well, we already know it was a Glock 32 handgun...".
What are people thinking, that businesses and products might exist to serve the needs of the people paying for and using them? What nonsense! Only law enforcement matters!
Seriously, even if this were a serious question, don't investigators get MORE useful data in the variations of people's setup? The more unique your suspect's setup, the easier it may be to track them.
And of course it's perfectly simple to find the Firefox cache -- can someone just drop them an email? They can print it out, tack it to the wall, and quit with the whinging.
I think that "potentially more difficult" is better appropriate (grammar?). I agree that this is a silly article in the general sense but given that we [software developers] have the ability/time/curiosity to tinker around with the source and modify the browser's behaviour--is it so hard to believe that IE is easier from an investigative standpoint?
In any case, I'm looking forward to seeing "hide_data.xpi" appear in the Extensions section of the Firefox website.
hate Microsoft^H^H^H^H^H^H^H^H^H Freedom?!?!
Just like driving a car:
(D) to go forward
(R) to go backward
I find it hard to believe that trained professionals couldn't figure out how to read other formats for cookies. Or find out where the cookies go. As a previous poster said, gimme a break... Heaven forbid they take my computer. They'd have to figure out what cryptic command starts the desktop, and which of 3 browsers (Firefox, Konqueror, Lynx) I was using. After all that, they'd find out I've got no cookies except for about 5 sites :)
Call me paranoid, but I think that the police like MSIE because they know that if push comes to shove, that MS will gladly cooperate and help in exchange for certain 'favors' likely involving no use of non-MS products or the dropping of the next antitrust lawsuit. On the other hand, FOSS developers are far less likely to agree (and will never, ever give the government backdoors to their software).
In other words, it's easier to manipulate one fat, greedy corporation than millions of individuals.
Seriously.
If a forensic investigator can't analyze artifacts left my alternative browsers - he/she shouldn't be doing case work. This is what happens when an investigator is trained to run Encase scripts instead of learning to understand how operating systems and applications work, and how data is stored on media.
Inevitably, when doing a forensic investigation, you will run into something that you've never seen before. You have to be able to analyze the data, and find out how to extract meaningful information out of it - even if nobody has ever done it before. Without this ability, you're in the wrong profession.
The problem is that computer forensics is a new profession. It doesn't take much skill to get a job doing it, because not many people know how. That creates a low average when it comes to forensic skills and abilities among current practitioners. There are skilled examiners out there, and the average will improve as more people move to the profession (Hint hint).
Too bad. With the amount of money they have at their disposal they shouldn't be having this "problem". Another two words: tough shit.
Find what you're looking for, you have no business doing that kind of work. Thats like asking a NT admin that has never used *nix to figure out why the Solaris box is running slow.
...and the cache contents magicly appear!
Anyhow, let me help...
In Opera or Firefox type "about:cache" in the URL box.
Just mandate what sort of software we can use on our PCs.
The HSD needs to enforce this for 'our safety'.
( its sarcasm )
---- Booth was a patriot ----
However, there are plenty of methods to clear out the IE cache just as efficiently as the others, it just takes a little more work. If someone is going to cover their tracks, there's not a whole lot (besides reconstructing deleted data) that you can do to stop them.
Ok, so authorities say browsers other than IE are too much unlike IE to find the information they are looking for, but if these other browsers were more like IE then the authorities would say they are copying IE and there would be copyright issues...
(Along with all browsers being crappy.)
... this week, there was a sudden tripling in the number of downloads of the popular Firefox web browser. Also, adult web site webmaster are reporting that Firefox has become almost the exclusive browser of choice by patrons of their services. Downloads of Firefox are also reportedly being done by gangs and organized criminal syndicates.
now we need to go OSS in diesel cars
Police, baffled by the lack of a blue "e" can't figure out how they used the Internet.
"And there's no START button! How are we supposed to find anything?"
I like microcars
So, if you're going to type in a legally-shaky address, make a little html file with the url and click on it instead...
I'm really a little confused by this whole article on so many levels, but let me start with the opening paragraph:
From that opening I prepared to be read the litany of tricks and subterfuges used by Firefox and Opera to put investigators off the hot trail of criminals. Alas, nowhere in the remaining article is there any indication or hint of any "hiding" of evidence from investigators.
Are the investigators of the world so dumb, or so lazy? Neither is tenable, unless you're a criminal.
Also from the article: Furthermore, forensics software may not support the Web browsers..... To quote my factory-working buddies from post-high-school days, "Un-fucking-believable!" Are software vendors churning out software that weak? Are they that dumb, or lazy? Neither is tenable!
I started out looking at the article thinking it had to be some kind of hoax. I pray eventually this is what this turns out to be.
I question the trust that slashdotters seem to have in this new story. Why should we believe it?
The general police forces have managed to get a new story published on how they can not deal with any sort of semi-modern technology. Why should we believe it?
If I were the police, and I'm sure the police have at least one or two people smarter than me. then I would go to great lengths to get this story published. Why? Not because I can't figure out Firfox, be because I -can- figure out Firefox.
If my suspect thinks that I am too dumb to understand Firfox, then my suspect is far less likely to use powerful encryption. Without the powerful encruption, I -can- read Firefoxes files, and a significant proportion of criminals will think they are safe when they are not.
Hell, I'm not even law enforcement but I still find it obvious how this story is a great advantage for the law enforcement community.
to accept the praise of personal wisdom is an affront to the very ideal i hold dear.
In my home country the cops are considered idiots. There are a lot of jokes arround this subject. This article shows that this is not happening ONLY in my home country.
I wonder what those "investigators" would do faced with a system where the browser was set to clear cookies on exit, clear the history on exit, and either clear the cache or not use a cache at all, where you can't get a desktop or a command prompt at all without having a valid username and password, and where the filesystem isn't supported by Windows. If they can't deal with simple things like this, how are they going to deal with criminals who know what they're doing and use stuff like encrypted filesystems and disk-wiping and free-space-zeroing programs?
Yes, it is.
They Write the Right Stuff
What will they say when they hear about Safari's Private Browsing feature? It turns off history logging, cacheing, etc so that none of that usual stuff is recorded on the client side. Mind-blowing...
See http://www.apple.com/macosx/features/safari/
Poor law enforcement -- I guess they're going to have to do some real work.
[%] Cingular Ringtones
This story is a kind of corporate psy-ops. Sadly, it will probably be very effective.
Personally, I tend to find the things I like on my own so stories like this are kind of funny to me.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Seriously, what do you propose? Educate them? This is national security that is potentially at stake here, people. We cannot simply turn to the logical solution. There's only one way to deal with this problem and that is to nip it in the bud. All non-IE browsers should be outlawed forthwith and anyone caught using them should be sent to Guantanamo for interrogation.
Have the browser keep the cache and history files encrypted with PGP/GPG and actually have the investigators do some work. It wouldn't even have to be an overengineered, certified security level. Just f**k with the guys a little to keep them on their toes. ;-)
Of course, you could just encrypt the whole disk.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
Alternatives is good for balancing out the market to prevent monopolies or even oligopolies. Laziness to improve their forensic software is not an excuse to bash Firefox, Opera, or any other "non-standard" format.
Criminals understand law enforcement units have finite resources, and will use very cryptic methodologies will conceal their activity. Hiding text in JPEGs, encrypting email communications, multi-proxy redirect of pages using free XP zombies on the net...
Forensic analysts should train their users on methodologies of deciphering, and provide detailed documentation of all available tools, instead of giving training of every possible browsr out there. Same argument applies for CompSci students - the theory, not the apps.
And why anyone want to send jihad-invitations in clear text HTTP i have no idea =p
I can see it now, Microsoft will encourage someone to propose an ammendment to CALEA that will extend its provisions to include browsers to make it much easier and save costs....
In other news, residents of Monterey, California have witnessed the formation of a new river originating somewhere in town. It seems that authorities have actually taken the advice of their critics and managed to "cry us a river". We can only hope now that the publishers of this article will manage to drown themselves in it.
-d
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
Just remember CNET is an MS Shill, has been for a long time. Someone at MS decided to take a shot at other browsers in a way they though no one would complain to much about. After all we are good law abiding sheep ^H^H^H^H^H citizens who need police friendly software and DRM to protect us from the evil terrorists, right?? While we are being protected from the terrorists, the hackeers/scammers and spammers are cleaning up! Just change the name of your Firefox directory to Donut Store Locations and they'll find it in a flash!
From Apple's website:
"Using Safari's new Private Browsing feature, no information about where you visit on the Web, personal information you enter or pages you visit are saved or cached. It's as if you were never there."
Forensic specialist have the skill well below of the average script kiddy. Who, like the specialist, like to blame there incompetence on anything but themselfes.
The ability to download and/or use a tool to MAYBE findout something is not a great feat.
How about just LEARNING HOW STUFF WORKS ?
Lazy govt. bastards.
Investigator: Okay, I'm at the desktop.
...
Tech Support: Now, click on the icon that looks like a blue, lower-case E.
Investigator: Um.. I'm not finding anything, chief.
Tech Support: That's okay, take your time.
Investigator: No, really. There are no blue E's. Just something that looks like.. an exploding basketball? Or an orange fetus, maybe?
Tech Support: Wait, wait. No E?
Investigator: No E.
Tech Support: I'm sorry, sir, but you'll need to create a customer service ticket. In the meantime, try running Windows Update.
Investigator: Christ, we're dealing with a professional!
Moderators can down-mod me, but the only response I can come up to they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners."" is tough shit.
Nobody should ever make it easy for script kiddies (especially because they have a Chicken Inspector Badge).
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
Get tech's that know what they are doing. I can take any browser and after only a few minutes figure out it's inner workings.. This is just an excuse to get more funding.. and or we are paying these idiots WAY to much.
No?
Then where do you draw the line?
Don't let THEM immanentize the Eschaton!
I run BeOS. Now the feds can never catch me Bwahahahahah.
Since when did operating systems become a religion?
So far you've all said the same basic thing and every single one of you has missed the point of the article.
It's a fluff piece talking about how a particular training session at the 'High Tech Crime Investigation Assoc.' event was well attended. It doesn't say that the law enforcement people can't learn to handle alternate browsers, it simply says they haven't learned yet.
I'm all for pointing out the absurdity that often occurs as law catches up with tech, but this just ain't one of those articles.
It doesn't hide information from cops, terrorists, hackers - as a matter of anybody /but/ a software developer has access to IE.
The vast majority of computer users are not particularly savvy to how data is stored on their machine.
For most cases in which a computer is evidence, the police aren't dealing with a sneaky computer guy trying to hide his data. They're dealing with some normal U.S. citizen who uses a computer for basic tasks. They're not dumb, they're just normal users (Yes I recognize that might qualify them as dumb on this board).
This is the situation that police have to be able to deal with most often, and the're so swamped with casework and no funding - how are they going to learn how to adapt to changes in tech?
Why do you think that they can't handle these changes? It's because any normal person with a comp sci degree who knows something about computers doesn't want to get a job as a police officer making $25,000 a year. So who gets to do the computer forensic work - over-worked, under-paid, under-trained policemen.
If everybody thinks that it's a problem that police can't adapt to new technology, then donate some time to train them for free. Impart your uber skills upon them oh-mighty computer professionals! Volunteer your time to your county forensic lab. Call your local government representative and say, "I want to pay more taxes so that our policemen can be trained properly!".
Oh wait. I'm on slashdot. Sorry. Yes every person should be smart enough to analyze Opera cache files and history. The police are definitely idiots. Geez, doesn't everybody know how to read a Firefox temporary file. Gossshhhh!
aaaawwwwwwwwwwwwww... poor babies....
"Those who make peaceful revolution impossible, make violent revolution inevitable" - JFK
...the people you would think would be using Linux LiveCDs to look at computers. Running the host operating system could have all kinds of problems. (Like the computer's setup to clear cache files at boot, etc.)
Coder's Stone: The programming language quick ref for iPad
Implying that Firefox, which is open source, hides any data is a lie. Click the friendly Getting Started link on Firefox's toolbar. Click the Developers tab. Click Get the Source. Click Download. Click the Firefox 1.0.6 bzip2 link. If you can't find someone who can read code, you aren't qualified to make any statements in court about the meaning of the data that code wrote.
Detroit, MI - The American Union of Automechanics is complaining loudly that different makes and models of cars use different parts. "It makes our job very difficult." said Winston Q. Crescenthead. "I mean, we have to work on a Vega, and then turn around and try to fix one of these new Toyota 4Runners. Some of these cars even use different kinds of wrenches. You should see the tools I have to use." Other mechanics have shared similar horror stories. "I got some little British roadster in the shop. It's taken six months of deep psychotherapy, and I think I might be up to the task of putting air in my kid's bicycle tire." The AUA is demanding that Congress pass law a forbidding the sale or use of any vehicle other than a 1972 Chevy Nova.
The world's burning. Moped Jesus spotted on I50. Details at 11.
this guy.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Some evildoers use Portable Firefox which doesnt even save the history to the computer. Or show that a browser has been used at all.
/
http://johnhaller.com/jh/mozilla/portable_firefox
A knoppix cd or a usb drive will soon become criminal equipment
The one thing that has always bothered me about such "forensic analysis" in computer crime investigation is the fact that it is fairly trivial for a competent developer-type person to artificially create this information and tell any story s/he wants. If someone wanted to frame a person for a computer crime they could even develop a trivial piece of malware that would actually visit target sites from a person's computer over time, such that even the ISP's and target host's logs would confirm the user's activity. Such a program could be configured to activate only when a user was at a computer. The only technical challenge to creating such a piece of software would be finding a means to install it, but it's common knowledge that there are a great variety of means (both social and technical) to accomplish this step.
It would be my guess that it would be fairly difficult to convince a jury that the real criminal was an "evil program" running behind the scenes. The only real hope for a defendant in such a scenario would be to find some flaw in the malware program to suggest its existence (for example, if it activated when the defendant was out of town and his/her spouse was using the machine).
It concerns me that somewhere, someday, someone might go to prison as a result of the forensic analysis of his/her computer when in fact the criminal act was committed by a third party solely for the purpose of landing his/her victim in prison.
Oh my, a browser stores things in ~/.mozilla/firefox!!! What are we going to do?!?!
do all my surfing using telnet! bash$ telnet slashdot.org 80 GET / HTTP 1.0
... homicide investigators admitted they were stumped when a murderer used an aluminum bat to bludgeon his victim to death rather than the standard lead pipe.
... traces from a pipe ... lead is what makes it a crime scene."
Said an officer who wished to remain anonymous: "We're not even sure there was a murder without some trace of lead at the scene. A bullet
Joris Evers is full of shit. He's spinning the existence of a class that teaches law enforcement agents how to do computer forensics as a story when there's really nothing there. I've done forensic exams on machines that ran netscape and firefox and had no problem. The files and there structures are well documented. The format was a little tricky to read though... I mean, plain text is hard to interpret sometimes. Here's an idea - maybe the people doing forensic exams should be IT professionals who learned law enforcement, not law enforcement officers who took a week-long class on using Encase.
Yes, my only tool is a hammer. And you're starting to look like a nail.
"Alternative Browsers Impede Stupid Investigators"
What I say does not represent the views of my employers, my friends, my cats, or myself.
All the article is really saying is that investigators need to learn how to glean information from the caches and histories of non-IE browsers. Specifically mention was the need to be able to differentiate between urls from clicked links and urls entered into the browser by hand. It didn't even say that learning how to do this was providing any difficulty to them:
"Lewis, who works for risk consulting company Kroll, gave attendees more tips on how to read the cache, history and cookie files that Firefox and Opera generate. He recommended some free tools for investigators, including Opera 4 File Explorer, which displays Opera cache files, and Web Historian from Red Cliff, which exports history information for IE, Opera and Firefox into an easily readable Excel spreadsheet. etc..."
All the article is really saying that the use of non-IE browsers has created the need for investigators to broaden their horizons. The only controversy here was created in the use of buzz (weasel?) words in the summary... "impede," "allegations," so on and so forth. I don't mean to spoil the fun, but there really is very little to see here.
that's too funny. Ok, so lets for one second "suppose" that for some really funny reason what TFA says is true. IE doesn't hide anything and Firefox and Opera do.
This is, just by the way, not true. IE puts some hidden stuff in that Content.IE5 folder which seems to not exist on your hard drive (it's not hidden or operating system protected) but pops up if you type it into the address bar after your temporary files. OOOOOh, that's fucking straightforward.
So AAAnyway, let's "suppose" that this is all backwards and that somehow Firefox hides data. Think about that for a moment? What are they proposing? That everyone switch to IE so that it's easier for the FUCKING GOVERNMENT TO SEARCH THROUGH OUR SHIT? LOLOLOLOLROTFLMAO. Moreover, lets suppose that all reason and rationality has just jumped out of a 10 story building, if everyone does switch to IE to enable the government to better monitor us, are the terrorists and people with shit to hide going to do the same thing? NO MAN, HOLY FREAKING GOD, NO. THAT'S THE WHOLE FUCKING POINT OF BEING A THIEF AND A PIRATE AND A FUCKING TERRORIST.
Article summary: terrorists are uncooperative with authorities because they use a file structure which is non standard and harder to search.
AHAHAHAHAHAHAHAHA. I almost pissed my pants. Dude, the fucking government should be worried about how to recover files from hard disks that have been literally blown up in explosions to cover up data. Jesus christ. CNET is like, really dumb.
I just started using opera. I love it. That, and the fact that I'm inadvertently fighting the system, and I didn't even know it. -rolls eyes-
"Banking establishments are more dangerous than standing armies." -Thomas Jefferson
So on a mac, with both Camino and Safari (with the debug option on) having a browser reset, that clears EVERYTHING (cookies, cache, history, etc.) - what does that make non-IE mac users ?
The title should be:
"Investigators Impede their own Investigations due to Lack of Knowledge"
The browsers maintain user privacy too well!
We've been wrong all along, and Microsoft was right. We need less secure computers to be more secure.
That's their 'too damn bad'. Do different floor plans cause them problems? How about DNA sequences? I bet they're in a real pickle when they have multiple sperm samples off of a rape victim...
Personally, I have a real bitch of a time when traffic patterns change, I do wish someone would standardize traffic so that it flowed the same way every day, it'd be super awesome for me.
"How like you to drag your keyboard to a gun fight." - Aaron Bedard (BANE)
Link to the Moz 1.5 faq
http://www.mozilla.org/start/1.5/faq/profile.html
7. Profiles & Backup
Look how much I saved the tax payers. And don't mod this as insiteful or informative. Going for funny.
Well we better all use one operating system too - Linux and MacOS impede investagations! Lets not stop with computers though - we should fold all car manufacturers into one company which only makes one model so when doing crash investigations its much easier to tell what happened since the specifications of the one car are well known. If these "investigators" are having trouble finding simple files maybe they should find another job. Is this like having a 16 year old who just got his license teaching a defensive driving course?
Ok, so considering the history of browsers that were available long before IE, what should we all be using to make it easier on them? Netscape 1.0? Mosaic? I feel bad even commenting on this, it's just so completely absurd that it doesn't really deserve it.
To make their job easier, we'll soon illegalize me taking notes or writing anything down for myself in a grammatically incorrect way, or with my hard to read handwriting, because it's hard for them to read. Handwriting should be banned, everybody friggin learn how to type, please, even when you write stuff down for yourself! How about we punish the Maya or Egyptians somehow for giving us such a hard time deciphering their writing? That stuff should be illegal! But how to punish the dead, hmmm...
... is the only true browser.
M.
Why blame the tool, when anyone can roll their own browser anyway, and that's been the case since Mosaic? Heck, half the "information" that law enforcement thinks is "true" can be faked, since it's all http requests in the first case.
...
Never mind the possibility that your neighborhood script kiddie hacked your laptop over the wireless and zombied it, or piggybacked over the wire, or broke into your house and logged on as you, or wandered into a room when you went on break to run the exploit, or severed your finger to activate the fingerprint reader (true story of that), or
But you get the drift.
It's the same as it was back in the 80s when I was Acting Security Officer in Pacific Region - most of the hacks are by clueless n00bs who leave a trail any competent investigator can follow, and ninety percent of the security is defeated easily by social engineering, not by techie toys.
I'm sure the Gestapo complained about having to file reports when they interrogated people - even though the methods they used got them no better information than an intelligent investigator could have had if they'd used their brains instead of taking the easy way out.
-- Tigger warning: This post may contain tiggers! --
They're just too plane dumb. I remember a case in the Netherlands where the police only took the monitors in a child-porn case, and left the harddrivers untouched. Three years ago, Wim Kok (our former prime minister) even aimed the mouse at a monitor like a remote to officially open a website, come on ! Digital law enforcement officers just need proper training; it's just as stupid saying you frustrate police efforts when your door opens inwards instead of outwards...
the key issue is that tiny button called "Clear all" that Firefox has under "privacy".
Not to mention some add-ons that add the "clear all" on the main browser window.
No wonder...
I'll shed no tears over the apparent superhuman effort that the FBI and company feels is needed to find out where a browser keeps its files.
I believe it was our Beloved Leader (TM) who said something to the effect of "Fighting evil-doers is hard work!"
CUR ALLOC 20195.....5804M
Hrm- Since when are data formats bad? Sure we've come a long way from every product having its own proprietary .dat file specific to its needs, with some programs using XML and the *shudders* registry for its data. Sure we've come a long way to bring in (and then phase out) standard-format .ini files for everything from major settings to the last opened files... But seriously?
.dat files which Windows (for whatever reason) treats as a special folder and doesn't let you copy or move the file itself.
Why should Opera and FireFox store their data in the Microsoft format? What gain is there in the slightest? And why would a criminal actually keep history anyway? Maybe Microsoft should be using the Firefox format rather than it's proprietary
Yes many people are promoting open formats, but maybe that means M$ needs to move... or maybe meet in the middle.
It's a very open easy to read format... Why can't the technical forensic people read these files with a basic arsenol of tools?
-M
when you see the word 'Linux', drink!
Having my computers seized by the Finnish equivalent of FBI I can confirm that the police are clueless when it comes to non-microsoft operating systems. They were smart enough to read my mails stored in thunderbird and dig up bitcomet logs though..
Kind of ironic considering Microsoft/BSA was the one that sic'd those guys on me in the first place.
Wow! If thats not a reason to switch to Firefox, I don't know what is.
...
The problem with freedom is - you don't know what people are going to do with it. You know, like colaborate together and develop a kick ass open source browser and give it away or something
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
Alternative browsers do not create a registry key thus:
4 98763}
{32DD384732828aBDDe573463525cd73482672dFFdaBc2635
That is what fooks up the switched on cops.
...the encrypted cluster server I'm building which will have hardware encryption on every hard drive and IDE flash drive as well as software encryption of the partitions and then on top of it the files. I'm planning it to stress test these things for reliability before I press ahead with a side business for clients that need the security like HIPAA involved entities, or for that matter, the local cops and lawyers. Living in a small city with a state court and a hospital and ten dozen medical practices, it's not a bad market for people catering to info security.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
You left of where having nuts and bolts in both metric and inches was all a conspiracy hatched by SnapOn and Craftsman to sell twice as many sockets.
Exactly what law enforcement officials are they talking about here? I'd assume that anyone trying to perform digital forensics knows their way around a computer quite well, alternative browsers or not!
Therefore, if these law enforcement officials are so inexperienced with computers that they cannot handle alternative browsers being used by suspects then they are definitely incompetent and in the wrong job.
It is my sound belief that these allegations are excuses that are being made up to hide the incompetence of these officials when it comes to gathering evidence off of computers. Certainly the FBI/CIA has NO PROBLEM WHATSOEVER when it comes to gutting suspects' computers to see what's on them. Maybe these incompetent officials should call them and take some lessons.
He happened to like to collect old computers, so his house was filled with all sorts of old disk packs, 9-track tapes, those "washing machine" disk drives for old VAX's, decks of punch cards, etc.
Law Enforcmement took it all! I have no idea how (or if) they ever managed to scrutinze all of this media for clues....
Best Buy can have you arrested
IE stores multiple copies of a history. Some get removed when you clear your cache. Some do not.
f reeware/messages/316790.html
This little program is freeware and makes it extremely easy to see exactly where someone has been on IE, even after they have clicked the buttons to clean everything out.
http://www.talkaboutshareware.com/group/alt.comp.
To see where someone has been in Firefox or Opera, there is no cool little freeware app that I know of. If you open Firefox's cache folder, you'll see at the top of the list some files named _cache_001_, _cache_002_, etc. That is where the history is. Just open it in notepad and get your "page down" finger ready. There's no need to create some nifty little program if you can easily read it in notepad.
Clearing the cache in other browsers actually clears the cache. Clearing the cache in IE does not clear all histories. Hence the reason why programs like WindowsWasher exist.
The problem law enforcement actually runs into is that they can't find the secret hidden history in Opera and Firefox like they can with IE because it doesn't exist.
Want to step up your privacy another notch? Install a freeware ramdisk and put your cache in it. If the computer loses power, POOF all the cache is gone. It speeds up browsing as well since it's faster to delete files during a normal cache cleanup from ram than from the drive. The only downside is that you're limited to 32 or 64 meg in windows. Don't know how big it can be in *nix.
Awwww... poor investigators...
SUCK IT UP! We share your pain.
-A Webmaster
IF you have OS X Tiger you can simply use safari's private browsing method and avoid this alltogether
as i have always said, the only purpose of legisation is to control the average citizen. if i'm a criminal and i'm intent on doing something i know is illegal, then no law or punishment is going to stop me. it stands to reason then, that laws such as having to give over encryption keys, and limiting the level of encryption so that angecies and break it, is squarely targeted at law abiding citizens.... makes you think doesn' it?
If you mod me down, I will become more powerful than you can imagine....
Ya know, this falls under the "using MS across the board is easier" and "do as the nice gov't official says" crap. and just be be a real troll: MS==BAD. Linux==GOOD. ha.
Power to the Penguin!
Criminals who commit murder with a knife also impede the investigation of law enforcement officials who are only looking for bullet casings. We're supposed to care that they're too stupid to look for the right things?
Nothing new here, just goes to show that making a standard leads to dumb techs and investigators. Looks like someone needs to fire their acadamy teachers.
"Slashdot, where telling the truth is overrated but lying is insightful."
There wes an account a few years back, on the register perhaps, of a reporter returning from France to Britain with his laptop. Customs officers suddenly perk up: computer's been abroad, internet is abroad, pornography is somewhere on the internet... (these officers are not the sharpest pencils in the box). They want to search his laptop for illicit pornography. The reporter, boggled, asks how they search. Officer produces CDROM, "We have this program that finds the pornography". Reporter shrugs, gives laptop to dimbulb officers and they retreat to a back room.... returning baffled sometime later, having totally failed to run their Windows PornSearch software on the reporter's Apple.
This sounds like more of the same... Throw in a "computer forensics" disk and it magically finds all your illegal files. They hope....
I did a google on the author and came up with: http://www.pcworld.idg.com.au/index.php?authid=109 8416642
After reading the article and looking thru the list of previous articles, I can safely say Joris has no credibility on anything non-Windows.
These guys have degrees in Counter-Strike? Shit! The 1337 and policing our nation - you know those terrorists are wallhacking.
Safara 2.0 has so called "Private Browsing". Better not let the police know about that or they might just think MAC OS X is for terrorists.
Actually it does suck, and I say this as an OS X fan. I don't want my home directory encrypted. Why should I encrypt my mp3s and photo collection? But I do want the option of encrypting a folder. The amount of data that really needs encryption is tiny compared to the amount of stuff on my hard drive.
I know I am going to switch browsers so my browsing habits are easier for law enforcement and other hackers to track. Yah right.
http://www.boingboing.net/2005/01/27/jailed_for_us ing_a_n.html
If they're THAT stupid, then fuck 'em.
It is not the purpose of my computer to make the job of someone spying on me easier.
The purpose of my computer is to organize and manipulate data, exactly how I want, and encrypt and obfuscate that data, exactly how I want.
This is like saying that the invention of curtains makes it too hard to look into windows.
If webdevelopers have to cater for IE, FF, Moz, Opera, etc. users, detectives should have to, too.
In some states, parole for sex offenders can require that they don't look at pornography.
Their parole office will drop by periodically and check their PC. They have some sort of forensic software that does this.
I've heard some jurisdictions require that you only run Windows on your computer as a condition of your parole. Logically this translates to going back to prison for owning a knoppix cd.
There simply aren't the resources to train all parole officers in computer forensics, expose them to various obscure operating systems, or to perform regular offline analysis of offenders hard drives.
The resources are (probably) there for big cases, but when there are probably close to half a million sex offenders on parole - it's just not practical.
So that is what the infamous index.dat is really for. Remember how it never deletes itself when you tell it to?
What if I look at pr0n with Lynx?
Sie ist tunbar!
After all, aren't we all interested in making homeland spying easier?
Someone should write a firefox extension to encrypt all of its files....
Boy, they must get really pissed about encrypted file systems and the `shred` utility!
OK, I read the article and the responses on /. Correct me if I'm wrong, but nowhere in the acticle was there an accusation that "alternative" browsers are bad or evil. The gist I got was about law enforcement agencies learning to deal with what is a new challenge to them. Granted, they are a bit behind the times, but is this anything new or suprising. And some people see in this an effort by "the man" to promote IE use. I'll admit I had a similar knee-jerk reaction, but I got over it and tried to look at it objectively.
So please, put away your tin foil hats. Nothing to see here, please move along.
"Build something idiot proof, and someone will build a better idiot" - Samuel Clemens
Is this just incompetent, crybaby police? Or is it really an orchestrated MS ploy aimed at, say, Massachusetts?
90% of the people you encounter do nothing to hide their tracks - except maybe erasing browser histories.
If you take basic precautions then you should be safe, unless of course you do something really bad like try to steal money from a large company.
It shows they're criminals because it forces Law Enforcement to use non-standard methods of entry (like through a window).
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I propose an easy solution... encrypt the whole drive with AES256 or stronger, dm-crypt, stegfs or similar mechanisms, or better yet.. a combination of all of the above.
Its not their data, they have no business poking around in it, "different file structure" or not. Keep them out with strong encryption. You have nothing to hide, and they have no business looking.
look at the source code?!?
Since when is Firefox an "alternative" browser?
Could you imagine this with cars? Everyone driving a different type of car makes it hard to identify which car was in the accident. From this point on we're only going to allow Ford Freestars and they all have to be green.
That was my thought, after seeing "And the data formats haven't changed that much since the days when Netscape was the dominant browser.".
It's not like Firefox is open source or anything.</sarcasm>
From article:
Firefox and Opera store information on typed URLs in a different file than IE does, and the files are somewhat tough to decipher, Lewis said. He showed his students--mostly law enforcement agents and private investigators--how to do it.
Look at the source for the browser, silly.
"Each browser has its intricacies," he said. "You can find some details online, but often it is difficult."
You have to wonder if they're talking about the same Firefox browser here.
Eh, not that I've poked around the source or would know what to do once I found the bit telling how it stores its cache or anything. But still..
Yes, and they've also found that different people impede law enforcement and investigation effoerts because they "have different motivations, hide bodies in different places, use different methods for killing people, and won't admit their guilt", which can "cause trouble for examiners."
If the people involved think it's a real issue that the software fundamentally works differently - instead of it being a problem that the examiners need to understand how different systems work, they're idiots. If the SlashDot readers are making this into an "issue" when it's not, they're idiots.
Who the idiots really are remains to be seen.
Education is the silver bullet.
First up, i must admit that i am an author of one of the programs in the class of those mentioned in the article - http://www.webcacheview.com/ I've had detectives and other "police" (corporate IT watchdogs, schools, etc) contact me with some pretty interesting situations, like trashed hard-drives and partial files recovered using undelete. Ok, so in these cases, computer forensics can be difficult. The article does not mention this kind of thing at all. But then again thats probably not the majority of cases : Majority of cases are on Windows, and they're idiots who probably use the browser that lets them do whatever crime they're doing with the least effort. Whether thats IE, because its already there, or Firefox because someone said it was the "most secure". For these cases there are _plenty_ of free/shareware/commercial tools on the market. I'm sure a google search could find three which could do the job of figuring out whatever they need figured out. tj
rigid adherence to proprietary computer anti-standards is impeding law enforcement. the nonsense that comes out of a government that can't win a war overseas and can't drop water bottles into a flooded American city just never stops, does it?
if this is supposed to be a new economy, how come they still want my old fashioned money?
...bin Laden uses Mosaic?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Button 1: Investigate
Button 2: Prosecute
Button 3: Lunch!
"Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""
This whole idea of "alternate" browsers is just crazy. My first "alternate" browser was Internet Explorer 3.0 on the Mac - after using Mac Lynx and Netscape Navigator I thought I'd give an "alternate" browser a shot - IE.
Furthermore, if a criminal investigation is held up because an alleged criminal use Opera or Firefox (if they used open source they were probably stealing MP3s!:-) then the state of technological forensics is about as poor as the emergency response our government mounted after Hurrican Katrina.
The Luddites were ahead of their time.
In Soviet Russia, there's only one browser, but any guy with a big stick is a policeman; that's how it used to be, at least. Recently some folks developed alternative sticks ("pointy" sticks, and "boom" sticks) and since those things work differently nobody knows who's supposed to be looking after whom.
Well I guess MS won on this one, apparently the way microsoft structures it's programs is the correct and proper way and far be it for others to say or do differntly.. so are we going to see people in court getting branded as intentionaly trying to thwat investigations by hiding data because they use firefox?
..just because you can, doens't mean you should...
Oh Nos! I'm hiding data from the government?! What can I do to stop Mr. Policeman?
-|BlackErtai|-
Good. Hopefully developers of "alternative" browsers will take this into account and make the browsers better for...the users.
God forbid that investigators know enough about technology to let them handle different web browsers. Complaining about Firefox of all things after all the press and market share that it's gained? What are these people on?
why people don't use knoppix or a livecd gnu/linux distribution to safely* browse the web. the cache and history will never touch your hard drive.
*safely meaning that the data won't persist on your hard drive, not that it won't also be logged by your isp etc.
Science : Proprietary , Knowledge : Open Source
By using Firefox or Opera, you are supporting global terrorism and "open-source" communists! Switch to IE, now called Freedom Browser!
They should be going after browsers that don't comply with standards, right?
Now hold on just a second...
For the love of God, please learn to spell "ridiculous"!!!
RTFA!
\m/
This article actually doesn't surprise me in the least.
Most police investigators of the digital forensics flavor, have little to no business doing the work they do because they're simply not qualified to do so. The vast majority of them are NOT techies, let alone have intimate knowledge of the internals of any given system or know of ways to find out. I think most important thing that I learned in my Computer Forensics class at Mississippi State was that few police departments can actually offer competitive pay for a forensics expert when compared to corporate America.
The few people that they do have that are qualified are mostly locked up in state labs with a case load such that you end up with rookie criminal psychologists with a book of computer forensics for dummies under their arms handling the vast majority of the investigations.
This is not to say that I think non-standard (ie. non-Microsoft) in any way are intentionally thwarting law enforcement. Rather, I think the investigation tools should become more comprehensive and the information to be an effective forensics expert on various non-standard systems to be more accessible to those that might not be as tech saavy as the typical slashdot geek.
Boo Hoo!
The article says Firefox impedes investigations. I say Internet Explorer impedes the Internet.
Colin Dean Go a year without DRM
Specifically the part where Hig orders the foot warriors to restrain Arthur & Trillian but because the foot warriors have terribly painful feet (caused by ill-fitting shoes) they are unable to do so.
So Hig gives out the order to Arthur and Trillian:
"Prisoners? Restrain yourselves!"
Gentoo Linux - another day, another USE flag.
. . . for Trusted Computing? Could the idea that any lawful browser (i.e. one that will be able to access most commercial sites because it can supply remote attestation credentials) is required (or arranged through "gentleman's agreement") to store history of a user's activity in a file untouchable by the user be far behind?
I too have felt the cold finger of injustice.
That's is nonsense. IE/Safari/FireFox all sves data to the harddisk. All data can be forensically found. Sheesh, how silly.
If you wear pants, that means that you've got something to hide.
A world that would revolve around criminal investigation - that would actually be a world that revolves around criminals... if you think about it. I don't want to live in a world where everything revolves around that and where everyone is considered a potential criminal. Sounds like some people have never read "1984". Anyway...
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
-- Dave Thomas, former chief of computer intrusion investigations at FBI headquarters
http://www.securityfocus.com/columnists/215
"Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none."
Hide a linux lapatop with wireless in a closet somewhere and use vnc to access it. Hell, just use a disk on your neighbours wlan.
You can find clues of these things though. Look at the vnc history, try pinging the broadcast address on the subnet, look in the arp cache, see if there are clues in the registry that another drive was mounted.
I suspect it would be very hard to thwarte a computer forensics expert, but i'm sure the VAST majority of petty criminals can be caught by someone with a weeks worth of training.
UK Police forces arrest people for using browsers such as Lynx: http://www.boingboing.net/2005/01/27/jailed_for_us ing_a_n.html
Apparently this guy got 2 years jail time, he's gonna have an arsehole the size of a clowns pocket by the time he comes out.
N.
Yeah, it happened at work, and it was not pretty.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
... the terrorists have already won.
slashdot fucking blows now, im never reading it again
You can't be serious. If it's this easy to thwart the authorities, maybe I should tender my resume.
As an ISP having been served with FBI warrants in the past, let me assure you that it can sometimes be goofy. Sometimes you have to explain to them that an access on an U.S. East Coast server at midnight does not mean that the access from your West Coast subscriber occurred at midnight. It can boggle their mind that the access may have occurred three hours earlier.
All this really points out is that law enforcement is a very large endeavor. The more people involved, the higher the chance that there are some below average "authorities." Some of them are just bright enough to announce that alternative timezones thwart investigations. The rest just wince and try to keep working.
Tip to sex offenders:
Go ahead. Run Windows for the parole officer. Run it on a 5G partition on your 200G drive. Run Linux on the rest. Put pr0n on the RFS.
How do they ever solve crimes with all the differtent guns, cars, tires, bullets, blood types, etc. I also have heard an ugly rumor that everyone has a different fingerprint pattern not to mention something called DNA. It would be much easier for the police to solve crimes if all the criminals would agree to use standard government approved tools of the trade.
I for one am stoked to hinder our gestapo troops, but my question is how sanitary IS the sanitize button in deer park? Does it really eliminate all of your browsing records reliably?
rhY
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
First off relying on extensions to identify a file format is stupid, but that's MS's way of doing it. I personally favor the MagicNumber *nix way of doing it (not perfect but a hell of a lot more reliable). Secondly analyzing files you think serve a certain purpose because you think they belong to a certain application and therefore are configured a certain way is stupid and a huge waste of time. I work for an electronic discovery firm. I do this kind of stuff for a living. You don't hunt through terrabytes of data looking for internet explorer history files, you rely on software that can analyze all files on a system and identify what you are looking for. I imagine law enforcement agencies using the file-browser and notepad would have a bit of a problem doing damn near anything right, and so they bitch.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
Ok, so I have your basic skills necessary to do a better job than most computer forensics experts, or so some of the entries here imply.
What do they make? Any reason to try to get into that line of work?
""Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""
Allegations in an article over at Police Magazine propose that alternate vehicles such as motorcycles and buses impede bank robbery law enforcement and investigation efforts because they "use different shapes, different numbers of seats, and different logos for the manufacturers that investigators are after", which can "cause trouble for get-away car examiners".
Obviously, only Dodge Chargers, like the "General Lee" should be allowed to criminals, to make them easier to catch.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
cry me a river
... am REALLY glad to welcome our moron, utterly clueless law-enforcement overlords!
This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
If the Cops can't figure out how to do their job unless we all buy Microsoft, screw 'em. I'm not helping them. What percentage of crimes require them to bust into your browser cache anyway? 0.005%?
After looking over the site, I suspect that "The High Technology Crime Investigation Association (HTCIA)" is a front; it is really a for-profit money-making venture, not a legitimate professional association, as it presents itself. For a genuine professional association, they make too strong an effort to convince us that's what they are. It would work like this: A few guys collect the attendance and membership fees, keeping a big profit for themselves. The fees are paid by governments. The conference attendees, mostly law enforcement officials, receive some stupid advice. Masquerading as a professional organization instead of a for-profit business creates good will, helping them to fleece taxpayers.
The content of the training seminars is especially suspicious. Really, how easy is it to uncover the "secret" history files of "alternative" web browsers? I timed myself, and it took me about 90 seconds using Google to work out some good keywords and find the answer. See the first link in my google search.
Something else suspicious about this professional training: Because the source code for Firefox is available for free to the public, which is not the case with Internet Explorer, it should be easier, not more difficult, to uncover where and how Firefox logs history.
Ceci n'est pas une signature.
Seriously,
I was asked to corroborate records found in an IE disc cache on a suspect's PC against logs in our system, but could not. Probably suspect's date or time are wrong, as I did later find records from same IP address. But these were useless.
Oh well, we had enough other details to get them, as the crim was pretty dumb and transferred money in identical amounts from different accounts into his own account.
Anyway, I am sure the "different formats" of the alternative browsers that are OpenSource can be pretty easily reverse-engineered, and those that aren't OpenSource would co-operate with police if asked. The article seems to be a shill: if it's not Microsoft, then it's helping criminals.
“Our opponent is an alien starship packed with nuclear bombs. We have a protractor.” — Neal Stepnenso
If you can't figure out where my history is on Firefox, you really have no need to have a looksie into my /var/log directory. If you are that flippin' stupid, why are you doing forensics on another person's hard disk???
/mnt/cd. Now unless they know how to read the prefs.js they won't even know what to look for...
Note to self... move thunderbird and firefox store directory to USB drive and place the chrome and rest of the profile on
To all you special investigators out there: RTFM!
Wah Wah, we aren't 100% familiar with this and it makes our jobs hard so we're gonna blame it on the software and not our own inability to learn. It's not like how it works is a secret.
Emory: Uh..we're still..beta testing that.
Oglethorpe: What you're testing is me and my patience!
Poor Babies, would you like some cheese with that whine?
In Opera's History panel using it's quicksearch you can easily selectively delete all your 'C...' sites without leaving history 'suspiciously empty'.
If you should find anyone, say a member of your family or a neighbor, using these "alternative" web browsers, contact the Department of Homeland Security at once. If you are not breaking the law and you love America, then you have no reason to hide your activities on the internet. Use Microsoft Internet Explorer and defend freedom. God Bless America. Thank You.
SecurityFocus does a decent job of showing how to perform web browser forensics.
They have a 2 part article, aptly titled: Web Browser Forensics (Part 1, Part 2). It deals with getting data from both IE and Firefox.
"cause trouble for examiners" should be "cause trouble for incompetent examiners." End of story.
Apparently CNET is hiring
"MIT betrayed all of its basic principles."
Now if I wanted to hide my browsing activites I'd use portable Firefox or VM running off a usb drive or flash card, preferably the same kind as my digital camera or other flash card using device so I'd have a reason to have it. Then I'm sure I could find a way to easily hide in or around my home if I really had to. And there are always the file erasing programs, 50 passes on a 128mb usb drive shouldn't take that long.
You'd think if someone knew they were doing something illegal they might know enough to try to hide it. But not everyone does that and IE's default setting of 10% of the disk for temp files will provide more than enough evidence for anyone examping the PC.
I never thought I'd say this, but what about: "or get a Mac?" I'm guessing OSX and safari store history and temp files differently than Windows and IE. It's almost as if they're saying if you want to get away with illegal online activites all you have to do is NOT use IE.
F7 doesn't work, ignore spelling and grammar
"MONTEREY, Calif.--Expanding its efforts to help law enforcement with cybercrime investigations, Microsoft plans in the coming months to launch a new online resource.
p +cops/2100-7348_3-5845205.html?part=rss&tag=584520 5&subj=news
The Web site will include training, tips and tools for investigations and information on cybercrime, Richard LaMagna, director of worldwide law enforcement programs at Microsoft"
http://news.com.com/New+Microsoft+portal+will+hel
So did anyone read TFA all the way through before deciding that this was either a) law enforcement being clueless or b) law enforcement maliciously attacking alternate browers? It's just a light piece about how the tech forensics guys have to adapt. Nobody is claiming that Firefox and Opera are only used by criminals, for the sole purpose of hiding criminal activity. It just points out is that they have to learn some new things in order to deal with it. That is what's known as a "fact". After reading the entire thing, I didn't see a single value judgment about that fact. I didn't even see a quote from some clueless schmuck making a value judgment about that fact.
Good god. Get a grip, folks (submitter included).
Well I could really impede the investigation by using my mac. Have my home directory with file vault turned on and when the computer goes to sleep it turns back on asking for a password. If asked for my password I can plead the fifth amendment rights. I am sure to use an unsecured setting on my wireless router and live in an multi-family home. In a crowded neighborhood. There is very little proof beyond a reasonable doubt that I did anything. If there is evidence that could possibly prove that I did it. I could always then just give my password and prove that I didn't do it.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
So if we follow this logic, http://en.wikipedia.org/wiki/Dewey_Decimal_Classif ication/Melvil Dewey must be one of the greatest criminals of the 20th century!
That's:
a) one of the reasons they're criminals
and
b) likely a major contributing factor to them getting caught
Smart people either don't get caught, do their evil deeds in legal ways, or follow the rules. That's usually the way it goes down. One obervation I made some time ago is the reason that Society and Civilization "works" is because if you are smart enough to cause real trouble, you are also smart enough to be rewarded by society for productive deeds.
..don't panic
Firefox is OPEN SOURCE! That means the file formats are OPEN. Microsoft IE is CLOSED SOURCE, meaning you need to reverse engineer everything to figure out where stuff lives.
That said, I wonder what would prevent someone from creating a wireless fileserver and embedding it behind their drywall. Using an NFSmount or Share, an evildoer's PC wouldn't hold anything evil when the FED's nabbed it.
Realistically I bet it would though - They can do some pretty amazing things with Forensics these days, and I wouldn't be surprised if they could take a ram chip and see previous states of 0's and 1's.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
I work in computer forensics and it isn't that goddamned hard to develop tools to process different kinds of databases, encrypted or otherwise. Besides, I'm certain that if it were in the interests of "National Security", Federal investigators could get ensure cooperation between developers of FireFox or Opera and the contractors who actually do the forensics work.
All you have to do is play "follow the money" and it quickly sounds like Micro$oft is using the God-and-Country argument to win by default the Second Browser War. Considering how invested Micro$oft has been in the US Justice Dep't. (one of former USAG John Ashcroft's biggest campaign contributors and still heavily involved to this date) it would be unsurprising if they were the ones pulling the strings on the issuance of a statement like this.
What ought to happen is for the Dep't. of Homeland Security to proclaim Internet Explorer as the single largest cause of "electronic terrorism" because of Micro$oft's half-assed security measures.
That'd shut them up real quick...
I was watching kiddie pron, on the PC. Suddenly, police cars in front of my house went all "EEooEEooEEoo", and I was, like: "huh?" And then they seized my PC and they put me in jail and now I have to build up my collection again and I'll have to do it fast so it isn't as good, which is kind of... a bummer.
I'm Fellen Eiss and I'm a pervert.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Even worse, those non-IE browsers make it really hard for police to install spyware and keylogging software on the user's computer. With IE, they just insert a little bit of code into any web page and they are done, but Opera and Firefox put up obstacles to that kind of legitimate law enforcement activity! Evil! Terrorism!
The point was that it's now possible to encrypt data so that other people can't read it unless they have appropriate credentials.
True story:
One of my coworkers thought NT4+NTFS was an incredibly secure platform. So I put a Knoppix CD in the drive, rebooted, mounted the NTFS partition, went to his profile directory and showed him the contents of his cookies. I then explained to him that NTFS security was cooperative, meaning that the security was based on the idea that a security flag in the filesystem would say "please don't read this file" and the operating system would respect that request. As soon as you find a way to ignore that flag then anything resembling security is out the window (pardon the pun).
Working for an ISP, I had the "pleasure" of dealing with the RCMP (Some sort of CIA/FBI like thing only Canadian) on a few occasions when they wanted websites/emails from customers. One time the guy took all damn day making me explain all the crazy stuff I was doing (tar and scp are very complicated) to get the data for him, and I had to wait around while he verified all the md5 checksums one at a time. He had no clue what unix was, or how to read email that was stored in a maildir on a server. He couldn't even get his USB hard drive adapter to work because he had the hard drive set to slave. The high school kid who mopped the floor and RMA'd hardware and stuff for us knew more than the RCMP's computer expert.
Huh? Why aren't they saying that Internet Explorer is for criminals because it puts things in different places to Netscape?
Netscape had 90% market share before IE came along..
so why is IE considered a 'standard' and Firefox isn't? Especially considering that IE stores the forensic data in harder-to-reach formats?
GOD FOR-FSCK'ING-BID that anyone's job get a bit more difficult, especially law enforcement's duties.
Hey, COPS: learn something besides MS BS
What? and tread the dangerous waters of the DMCA?
The DMCA's circumvention ban, 17 USC 1201, makes an explicit exemption for criminal investigations and other legitimate acts of law enforcement:
This article only echoes what I have known for nearly a decade:
Do not EVER, EVER use Internet Explorer! EVER! Not at work, not at home, not in your local library. These people are only just now realizing this?! Forensic experts must really hate me when I use browsers that cache everything into RAM, such as Lynx, Links, OffByOne, et. al.
I don't do this to clear my tracks; I do it because there's less thrashing and fragmentation on the hard disk. Oh yeah, and because IE is the most insecure piece of garbage ever devised. Free yourself of IE (and other useless Windows components) forever with http://litepc.com/.
When you combine this chasm of missing knowledge, along with the new "tools" being used for homeland "security" (you know, national security letters, information fusion centers, and other tasty stuff), I'd say the results will at least be interesting, if not disasterous.
This article would have been understandable in www.onion.com
When will people stop evaluating and debating subjects they have no knowledge or evidence to support?
Nothing is going to change until we shoot the bastards.
Andy Out!
suspects who speak a language other than english impede investigations by police who only speak english. of greater concern is the number of criminals with IQs over 80 who frequently use words of 2 or more syllables - unfairly confusing the average police officer.
"All this investigatoring is hard work" said Officer Dumbass via his special needs assistant, "it would be much easier if criminals had to carry a sign saying what crimes they had committed".
Cry me a river. How about hiring real computer science/computer security experts to be examiners, instead of using the good ole boy system? Maybe then they will be able to figure out the trivial differences between different caching systems of different browsers.
If they're having so much trouble with just a different browser, I can't imagine what they would do when faced with a different operating system like Linux or (God forbid) Mac OS X.
If you had super powers, would you use them for good, or for awesome?
Its not even that hard.
Try that with IE and you need a tracing debugger (which tells you what what the software is doing, instead of all those comments and var names and crap about intent as opposed to what the guy really wrote [of course with open source, you get the guy's name as well])
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I love it. Think of the advertising potential.
Male voiceover
"Microsoft, used by 100% of all sex offenders. Its not only the law, it their punishment."
Oh! I just fell off my chair.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Get a copy of Dekart Private disk. Create a new private disk. Install Opera onto the disk, set it's cache, etc to the private disk, and set opera to launch automatically when unencrypting the disk.
Surf to your heart's content, knowing that anyone will actually need your password to unencrypt it.
To make it harder to spot, Rename it something like "pagefile.bak," and make the drive file invisible. Set a scheduled event to unmount all disks if there is 1/2 hour of inactivity.
I haven't tried TrueCrypt... I'll have to check it out.
The ______ Agenda
Not to be unsypathetic, but TFB. Update your tools or learn to do the investigating with the old fashioned tools you've been born with (noggins still count right?).
Quack, quack.
Now I know to write my next ransom note with Open Office.
Table-ized A.I.
If alternative browsers are outlawed, only outlaws will use alternative browsers.
Alexander Melbourne, Australia
Part 1
Part 2
One of the first things that you learn with government inteligence communities, is that you never let on to what your real capabilities are. Now, Patriot Act grants the DOJ and other federal agencies access to NSA/CIA capabilities to use on American citizens (what, you thought it was about terrorism? If so, then you need to read more and learn a little bit of logic).
These federal agencies now have to follow the same protocol of not telling exactly what the problems are. The real issue is that other browsers do not have back doors built in. As such, your local FBI/DEA/DOD guy has to work to get the information out of your MS/Apple system.
BTW, how many of you noticed that safari was not mentioned in this? Nor will it be. But Konquorer and other OSS browsers/OSes will join the rank of hated browsers/software.
for those curious what software some "law enforcement" agencies use, it seems that ICE uses Encase because they left the encase boot cd in the drive after they gave me back my laptop, 6 months after they stole it from me.
they had unjustly confiscated my laptop with no explanation after i landed in New York. (and my name is not Yusef Islam, but i do like his music.) it gives me comfort to know, however, that as they spent/spend their time and U.S. taxpayer money getting files off of my laptop and reading my email (or the part of it that wasn't encrypted), there are people around the world plotting to overthrow the U.S. government.
Using an off-the-shelf undelete utility or such to find evidence of wrongdoing may be sufficent in order to fire or investigate someone, but any competent laywer would rip that 'evidence' to shreds.
To get a serious felony conviction, evidence has to meet defined standards. For example, recently many DUI's got tossed out in my area because the officers did not properly document the temperature of the equipment.
All evidence needs a documented, trusted, chain of custody. If you suspect an employee of storing kiddie porn on a company computer, and you do anything with that computer before the police get it, the evidence loses a lot of value.
Proper forensic software; just like Breathalyzers, DNA/Fingerprint equipment, and anything else used to collect/store potential evidence needs to be known and trusted, and used by certified forensic folks, because it's not a mad scramble to get as much data as possible, it's an attempt to prove a crime was commited beyond a reasonable doubt.
As an example, it would be difficult to convict someone for having a few peices of child porn in their cache... how many of you have goatse somewhere on your hard drive, does that mean you willfully went there? But if hundreds of photographs are stored in a deliberate fashion, you might have something.
The feds have a nice little chip, weighing under 1 ounce that goes inside of an existing keyboard attached to the wires leading to the PC that logs keystrokes to a buffer for later retrieval. Handy for getting passwords to encrypted drives and such.
The Blue Screen of FREEDOM!
Just like driving a car:
(D) to go forward
(R) to go backward
What will they say about Safari and its "Private Browsing" feature?
From Apples site:
I'm sure there's a better description out there somewhere, but it's easy enough to explain. The purpose of a transparently encrypted file system is to automatically encrypt and decrypt files on the fly, so you get the security of encryption with the convenience of regular file access.
The encryption is transparent to applications. Encrypted files look and work just like regular unencrypted files, as long as you're logged in as the correct user. They're encrypted with a key that is itself encrypted with your password; when you log in, the key is retrieved and used to access your encrypted data. If someone steals your hard drive but doesn't know your password, they can't decrypt the files.
In Windows, you can apply transparent encryption (or transparent compression) to files and folders by clicking "Advanced" on the properties page. I'm sure there are similar tools for Mac, Linux, and any other OS that matters.
The other poster's suggestion of using "encrypt & archive files with PGP", however, is not transparent. The encrypted files go into a PGP archive and can't be accessed until you decrypt them with PGP. The extra step of having to encrypt a file when you save it and decrypt the file when you want to read it again leaves your data vulnerable while it's in an unencrypted state (not to mention the inconvenience).
Visual IRC: Fast. Powerful. Free.
Because I know where IE keeps it cache files and its history. YAY! Now I can get paid alot of money, and work in a big lab, with lots of computers, using knowledge acquired in the 6th grade.
No really, my heart goes out to thoose poor investigators. I mean, why should they do their job when we can just giftwrap the evidence and present it to them in a nice package. It's like saying "if you are a terrorist, please que here for termination"...
Move sig!
Good grief, it's stuff like this that makes me afraid for the future of humanity. So if I were to use emacs on my windows box they couldn't read any of my files???
Yet another reason to use Mozilla.
I just love how It Is Ordained From On High that anything but Internet Exploder is an "alternative". When did that measure come up on the ballot? I must have missed that election.
I have nary a machine in my house that runs Windows. I don't own any books or CD's on the same. I routinely deploy firewalls on all my machines, even in my home LAN, as a matter of practice.
Does this make me a terrorist?
I hope not. This is the kind of discussion, if turned into a political arena, is the kind of thing that enforces notions that the Government is not necessarily your friend. This is one of the more interesting points in American Society. Many have come to a point where the default is to not trust the government and the government behaviour continues to enforce that belief because of their interests are more focused on corporate interests than interests of individuals.
Having not read the article I can only hope that this is more a description of the problem than a call for political aide.
Imagine how hard it'd be if someone used a web-browser that actually IS obscure, you know? I only know like two people that use IE. Sadly, both are relatives. One of them because he's a moron (he's used Opera, and prefers IE. I haven't spoken to him for three months.), the other because he's merely ignorant. And is stupid. He's still nuts about cars at the age of 45.
At the time, I read through it and noted some "smart" things. They know about dead-mens switches etc; they NEVER boot up the PC. The drive gets removed and hooked up to a scanning system. The scan then looks for anything dodgy or the officer can browse it. If the software needs updated to include bookmarks/history from other sources, then I'm sure it's not all that big a deal to add this in. Even then, bookmarks & history? They are all too easy to clean and/or fake.
If you think the computer forensic expects boot up the PC and try to save your bookmarks to a floppy, you are sadly mistaken.
What worries me more is that computer evidence is so easilly fakeable yet is often seen as gospel by the courts. It would be easy to create "logs" showing bad activity from someone you don't like. If I ever get hastled from the RIAA, the court will be presented with "evidence" that shows the guys bringing the suit were paedophiles, just to show how ridiculus the idea of third-parties producing "evidence" from a remote system claiming you downloaded "X on date Y". The forensic guys have been trained and undoubtably have sworn and oath or signed a contract to be honest. Some anti-p2p company hasn't and it is also in there commercial interest to provide more of this evidence. Worrying times...
I guess this puts me at the top of the suspect list when it comes to questionable behaviour. Not only do I not use IE, but I'm on the Mac more often than not (thankfully). You would think the "experts" would be a bit more, hmmm, competent. I'm in the wrong business apparently...
A browser is a browser is a browser. Or 'a browser by any other name surfs just as well' - Shakespeare. To some people IE is an alternative browser, so how about we just call a browser a browser, unless you want to specify a particular one, then call it by its name.
Thank You,
The Management
I can't afford a sig!
no seriously.
Seeing that Firefox uses Mork for storing history and some other items, I can see why it's hard for law enforcement to make sense of that.
After all, it's hard even for the Mozilla people.
follow me on Twitter: http://twitter.com/moeffju
I am one of those people who whine about having to find where things go and how things are configured in alternative software systems.
I have found it to be easy to set up and customize firefox and opera.
It takes the most minimal of efforts, so if these investigators are complaining about that level of learning being an impediment then they need to think about another line of work because they may lack the patience and curiosity to be investigators.
Cry me a river. "This case is sooo hard, the guy has a different handwriting than the last one!"
When I read this pathetic whining, I wonder what they do when they encounter real criminals. You know, the guys who have a boot-up password or (horror, shudder, unbelievable!) encrypt their files or harddisk.
Assorted stuff I do sometimes: Lemuria.org
+1 insightful
Use encryption and a very strong password, something like 'let me into my kiddie porn' should do.
You mean it takes someone with a little intelligence to investigate? Wow!
Great way to become a monopoly is to get the government to legislate it for you. This smells like it. How much did Microsoft slip under the table to High Tech Crime Investigation Association for this nugget?
Apple - latte, turtleneck sweaters, webdesign, macromedia ass..... gay connotations
Royal Canadian Mounted Police - canadian, police, royal, "mounted"....gay
No wonder they are the mac experts ffs. I bet they are good with photoshop too.
(P.S. I don't mind gay ppl who aren't fags, i.e. don't play up their drama and just fuck ppl who they get turned on by. But I expect this is so un-PC to some it will be modded "teh troll" pretty quick)
smanley@nyx.net
I've never heard of this. Email me directly and I will insure you get a rapid response.
..don't panic
I can't speak for every law enforcement agency in the country, but I worked for one of the top 10 largest for nine years. I did not personally do forensics, but I worked with the guys who did and offered occasional support.
The hard drive is never touched except to make a copy. That image is burned onto write-only media then analyzed with forensic software, annotation of what is found where is made in a seperate log to help you make your submission to the detectives or DA. The programs don't care what the file name is, or the extension, or the location. It pulls everything through (effectively) filters to see if ANYTHING is an image. Doesn't matter if it's jpeg, png, bmp, whatever. If it's binary, it's largely ignored but I think it is still searched for string data that might be suspicious.
As a rule no software from the suspect PC is ever executed, there are exceptions. Keep in mind that computer forensics isn't just about kiddie porn. There are lots of crimes that require the use of computer forensic examination.
Anyway, let's assume they found porn. It's not difficult to recognize porn, but it can be difficult to identify the ages of those in the images. They ignore the obvious adult porn (unless it depicts an act deemed illegal by the local criminal code) and flag ones that are obviously involving minors or those of ages that they think might be minors but aren't sure.
At this point a medical doctor is usually brought in. The Dr has been trained in specific skills to determine the approximate age of a person based on a variety of physical characteristics. For example (a non-explicit one), if you look at pictures of a naked woman who is 25, she usually looks quite different than a girl of 18. The 18 year old might be legal, but the physical characteristics might be close to that of a 16y/o.
So it takes some training to be able to determine this.
If they find a sufficient quantity of images that are obviously underage, say 10 year olds, and some that are borderline, they'll ignore the borderlines and base the case on the 10y/os.
It doesn't matter where the files or programs are stored. It could be on unformatted partitions, it will be found. Change the file extension, it will be found. Zip it, it will be found. Encrypt it, it might be found. Some of their software has no problem ripping through some of the conventional encryption or compression software. Now, if you Blowfish it, Triple DES it, then Zip it, they might have problems (assuming they don't find traces of your key in your cache or paging files), but that's an awful lot of work you'd have to go through.
Encrypted file systems? I don't know. I haven't worked there in over 4 years. I'm sure a lot of their software has kept pace with advances in OS software.
Don't assume that because your local cops might be idiots that there aren't smart people in law enforcement who can undo what you do. These forensic software companies spend a lot of money developing their programs and they have to hold up to court and user community scrutiny. Flawed software processes that cost prosecutors a case will quickly be reviled and that company will either come up to speed or die.
And I whole-heartedly agree, the article as posted is absolute crap. The ones who know their jobs already know where to find cache history and such.
When you sympathize with stupidity, you start thinking like an idiot.