Slashdot Mirror

← Back to Stories (view on slashdot.org)

Alternative Browsers Impede Investigations

Posted by CmdrTaco on from the all-the-more-reason-to-switch dept.

rbochan writes "Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""

10 of 720 comments (clear)

  1. It's not the software . . . by crimguy · · Score: 5, Informative

    As a criminal defense attorney specializing in computer crimes, I can say authoritatively that the investigators are typically poorly trained. Most that I have dealt with are not IT or CS degree holders. In fact, the norm is for it to be a police officer who has taken a 2 week course in Encase, nothing more. Their knowledge of operating systems is lacking to say the least. Of course, this can result in some poor schmuck being convicted for something he didn't do, both because the cops don't know any better, and the juries - who typically take the word of the police as gospel down here in Arizona, know even less and rely on the uninformed testimony of law enforcement.

  2. Re:It's *not* rocket science, guys... by EvilMonkeySlayer · · Score: 5, Informative

    If you're using windows (2000/XP Professional), right click on the directory you want to use encryption. Then select Properties, on the general tab click on Advanced and tick Encrypt contents to secure data.
    There you go, transparent encrypted directory.
    Also, Truecrypt is capable of encrypting stuff too.

  3. Re:It's *not* rocket science, guys... by beacher · · Score: 4, Informative

    Here's the best part - "One specific challenge with Firefox and Opera is identifying which Web addresses have been entered manually as opposed to having been clicked on in a hyperlink"..

    Cmon.. any advanced porn^H^H^H^H surfer knows to go to google, enter the url and click through google's url. That way you don't have a suspicious empty dropdown bar and you can simply delete the url and google's search url) from the history and for all intents and purposes, you never went there (just dump the cache).

    I guess these guys were never married. Simply having an attentive wife teaches you that FED defeating trick. The location dropdown bar and autocomplete can be a lot of trouble.

    Heh

  4. Re:It's *not* rocket science, guys... by Florian+Weimer · · Score: 5, Informative

    Oh come on, it's nearly impossible to find the URL history! Ctrl-H is a very, very complex cracking method.

    Digital forensics is performed offline. You don't run the browser software to read its history.

    However, I fail to see how this would create problems for law enforcement. Most of the interesting data is readily available. And the data formats haven't changed that much since the days when Netscape was the dominant browser.

  5. Safari's the worst of them all. by tritone · · Score: 4, Informative

    From Apple's website:

    "Using Safari's new Private Browsing feature, no information about where you visit on the Web, personal information you enter or pages you visit are saved or cached. It's as if you were never there."

  6. Re:It's *not* rocket science, guys... by Hadlock · · Score: 4, Informative

    Or in Mac OS X, go to System Preferences, click on the Security button that looks like a house with a padlock dial on it, then click the button that says Turn on FileVault. It'll take probably an hour to encrypt your hard drive in 128 bit encryption depending on computer speed and hard drive size, leaving you with a transparent encrypted directory.

    --
    moox. for a new generation.
  7. Re:Another article with the same logic by WiFiBro · · Score: 3, Informative

    site /.-ed.
    google cache: http://66.102.9.104/search?q=cache:JMB0PlWzQEUJ:ww w.danaquarium.com/article.php%3Fstory%3D2005020905 570523+

  8. yes it does by commodoresloat · · Score: 4, Informative

    Actually it does suck, and I say this as an OS X fan. I don't want my home directory encrypted. Why should I encrypt my mp3s and photo collection? But I do want the option of encrypting a folder. The amount of data that really needs encryption is tiny compared to the amount of stuff on my hard drive.

  9. Re:Yeah and then a few weeks later... by elemental23 · · Score: 3, Informative

    To counter that with my own anecdotal evidence, I've used File Vault on my laptop since Panther was released and have never had the slightest problem.

    --
    I like my women like my coffee... pale and bitter.
  10. Re:It's *not* rocket science, guys... by k12linux · · Score: 5, Informative

    Yep, you're right zerblat. I went to search.cpan.org and did a search for Mork. And I have to agree law inforcement couldn't possibly come up with a perl prog like this one:

    ------------
    #!/usr/bin/perl -w

    use File::Mork;

    my $mork = File::Mork->new('history.dat', verbose=> 1)
        || die $File::Mork::ERROR."\n";

    foreach my $entry ($mork->entries) {
          while (my($key,$val) = each %$entry) {
                print "$key = $val\n";
          }
          print "\n";
    }

    ------------
    BTW, I do realize that your post was sarcastic... as is this one.

    Works perfectly if run in the same directory as history.dat and produces output like:

    ID = 388D
    URL = http://www.google.com/
    Hostname = google.com
    LastVisitDate = 1125064549
    FirstVisitDate = 1125064549
    Name = Google

    It should be left to guru perl coders making $500,000/yr or more to do fancy things like convert timestamps to dates.

    I guess it's a good thing that there are no tools available for Windows that auto-clear IE history, cookies or cache files! What would law enforcement do??