Slashdot Mirror
Alternative Browsers Impede Investigations
rbochan writes "Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""
This is one of the dumbest articles I've read in a while...
From TFA:Implying that 'alternate browsers' such as Firefox and Opera, 'hide' data? Shenanigans! These other browsers don't 'hide' anything...you just have to know where to look.
Also from TFA:You can't be serious. If it's this easy to thwart the authorities, maybe I should tender my resume.
God help these 'professionals' if a suspect's computer happens to run Linux...which brings up a disturbing thought...is the presence of a 'non-standard' browser or OS now going to be 'suspicious' to investigators, because they can't seem to penetrate its 'arcane secrets'?
____
~ |rip/\/\aster /\/\onkey
Heaven forbid that they have to learn to deal with a different file layout. I mean, it's not like these are supposed to be skilled professionals practicing their trade here...
sed "s/SJW.*$/... never mind. I was about to say something stupid, and also, I'm a troglodyte./Ig"
It sounds like a lot of the people doing this kind of investgation aren't actually computer experts, but using pre-packaged software or following a list of directions someone has tailored for IE.
Effectively, they're professional script kiddies working for the common good instead of against it.
The lesson? Training. You wouldn't put a detective in the morgue and hand him a scalpel, and you wouldn't drop him in a science lab. You'd hire a coroner, you'd hire someone trained in forensic science. If you're going to search someone's computer for evidence, hire an expert or train someone to become an expert.
Have they SEEN how IE stores history data? You want to talk about hidden data, sheesh.
Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.
Quick question: is the average detective familiar with C or C++?
No?
What good is the source code going to do him?
OMG, the terrorists have already won!
Seriously, way to go, guvvies. Advertise to the world that you are too stupid to be able to locate data in a Firefox profile directory, why don't you. Something tells me you should be bitching about your own tools and training methods rather than the tech industry's ability to move forward and create new, better things for everyone's sake, like superior non-bug-ridden/non-Microsoft software.
This is going to be moot if the law enforcement is dealing with people who are serious about what they're doing. I'm sure that if someone is planning an elaborate high-profile attack, they would have the sense to be careful as well, so it won't matter if you use IE or if you use Firefox or if you use Lynx--it's not that hard to wipe out all traces of activity from your computer no matter what browser you use. So I doubt that this is going to be of any help in dealing with smart criminals.
;)
And if the law enforcement can't figure out how to write a simple tool to decipher the files that are left behind from alternative browsers (especially one like Firefox that is open-source, meaning that the format of such files would be easy to determine), then that's just, well, pathetic.
And finally, I think that this is a good thing. Most people in this world will probably never ever have to deal with law enforcement. But they do have to deal with snooping parents, snooping friends, snooping girlfriends, snooping spouses, snooping bosses, etc., so I welcome this as good news.
None...but if they divert some of the money they spend on, say, hiring Psychics(tm) hiring a programmer (or for that matter just "someone skilled with computers") THAT person may be helped by it, and can certainly develop some simple "how to find where Firefox puts stuff" training for them.
Hacker Public Radio is our Friend
In other words, they seem to be slamming Firefox, but actually it is pretty good advertisement for Firefox. They should put on their front page.
"Even the brightest police investigators can't look at your browser history! Get Firefox today, the most secure browser."
I question the trust that slashdotters seem to have in this new story. Why should we believe it?
The general police forces have managed to get a new story published on how they can not deal with any sort of semi-modern technology. Why should we believe it?
If I were the police, and I'm sure the police have at least one or two people smarter than me. then I would go to great lengths to get this story published. Why? Not because I can't figure out Firfox, be because I -can- figure out Firefox.
If my suspect thinks that I am too dumb to understand Firfox, then my suspect is far less likely to use powerful encryption. Without the powerful encruption, I -can- read Firefoxes files, and a significant proportion of criminals will think they are safe when they are not.
Hell, I'm not even law enforcement but I still find it obvious how this story is a great advantage for the law enforcement community.
to accept the praise of personal wisdom is an affront to the very ideal i hold dear.
I guess those people locking their door are all bad guys as well. After all, the fact that they lock the door shows clearly that they are thiefs, and just want to protect those things they've stolen. So the result of more people locking their doors will be an increase of stealing from those good citizens who leave their door open.
The Tao of math: The numbers you can count are not the real numbers.
Nobody should ever make it easy for script kiddies (especially because they have a Chicken Inspector Badge).
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
The title should be:
"Investigators Impede their own Investigations due to Lack of Knowledge"
that article had to be a joke.
:)
Probably, cuz it says "This is satire" right there in the footer
"When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
The problem here (and elsewhere) is that people seem to treat computer related problems as a whole different concept to anything else.
To condense some of the comments on the original CNet page: you wouldn't expect the cop to identify the cause of death in a murder investigation, you'd leave it to an expert (the coroner). You wouldn't expect the cop to check a car engine for tampering, you'd leave it to an expert (a mechanic). As such, there shouldn't be any expectation that the cop should have to go through the logs of ceased machines. Assuming you did leave it to an expert (coroner, mechanic or computer engineer), you'd sure as hell expect them to know their job - the mechanic shouldn't be confused if you bring them a Toyota rather than a Ford, the coroner shouldn't be confused because a person was diabetic, the computer engineer shouldn't be confused because the machine had Firefox or even, god forbid, Linux or BSD installed.
Huh. I keep my MP3's in a shared directory, so that's not a problem for me.
One of the things about encryption: If you encrypt everything, it's harder for an attacker to determine what's important and what's not. If I can encrypt my entire home directory at essentially no cost, why not do it?
Why yes, I AM a rocket scientist!
So, how hard is it to hide a 4 GB flash drive full of porn?
That was my thought, after seeing "And the data formats haven't changed that much since the days when Netscape was the dominant browser.".
It's not like Firefox is open source or anything.</sarcasm>
From article:
Firefox and Opera store information on typed URLs in a different file than IE does, and the files are somewhat tough to decipher, Lewis said. He showed his students--mostly law enforcement agents and private investigators--how to do it.
Look at the source for the browser, silly.
"Each browser has its intricacies," he said. "You can find some details online, but often it is difficult."
You have to wonder if they're talking about the same Firefox browser here.
Eh, not that I've poked around the source or would know what to do once I found the bit telling how it stores its cache or anything. But still..
hiring a programmer (or for that matter just "someone skilled with computers") that person may be helped by it, and can certainly develop some simple "how to find where Firefox puts stuff" training for them.
If they can hire a programmer who has a clue then just get him to write a script for Encase that automatically searches out and displays Firefox, Opera, Safari, and other browser caches and logs. It would not be very hard at all. Distribute said script to all the police departments, and have the forensics monkeys click a menu item to find all the web caches and logs regardless of the browser used.
Jedidiah.
Craft Beer Programming T-shirts
Boo Hoo!
That's just as good an excuse as saying "you need to buy Office 95 because we can't read your Office XP files with our copy of Office 95."
It's up to the government to get with the times and update their forensics software. If their software vendor can't do it for them (no pun intended) then change vendors.
No one's likely to care because your scum. Making someone use windows isn't cruel or unusual.
We show too much kindness to rapist and child molesters. Did you know that a person who molests a child still has parental rights so long as it was their child they molested? The victims of these kinds of crimes are punished indefinitely, I don't see why the stigma against the offenders should be any less
"A man is but the product of his thoughts what he thinks, he becomes." -Mahatma Gandhi
Umm, if they want to require convicted sex offenders to use only approved software on their computers, I guess I can live with that. (They let them have access to the _internet_ while on parole? Convicted sex offenders? Isn't that, like, lenient *enough*? I think that's really fairly generous, to allow them that, under the circumstances, considering that there really aren't adequate resources to monitor it very closely at all.)
But as far as regular, non-convicted type people, I don't think it's reasonable to consider using an alternative browser to be "making trouble" for potential investigators. I mean, if having the web browser cache in a different place makes investigation hard, what would happen if a suspect had, I don't know, a Mac, for crying out loud? If the investigation doesn't warrant getting somebody who knows enough to find the browser cache in a slightly atypical place, is it even worth investigating the computer at all?
I mean, what would happen if the suspect had an MSIE icon on the desktop, and used it for normal stuff, but for subversive or illegal activities used something else, something with *no* shortcut icon on the desktop or in the start menu? You know, like a copy of Netscape 4 tucked away in a hidden directory underneath C:\WINDOWS\SYSTEM16\ someplace?
C'mon, either *investigate* the computer, or else don't, but just casually going through the single most obvious place, does that really count as an investigation? That's the electronic equivalent of getting a warrant, looking for stolen merchandise on the kitchen table and in the bedroom closet, and ignoring the attic and basement. What kind of investigator operates that way? Seriously, act like your job might actually matter and be worth doing, or something.
Cut that out, or I will ship you to Norilsk in a box.
> I suspect it would be very hard to thwarte a computer forensics expert
An encrypted filesystem would presumably make their job rather harder.
Of course, that only works for ex-post-facto forensics. If someone plants a hidden camera where it can see your screen and keyboard for a week, your encrypted filesystem has accomplised, to a first approximation, nothing.
Of course, the *best* way to avoid having computer forensics experts crack your computer is to just be innocuous, i.e., just don't do anything that will make computer forensics experts want to investigate your computer. Granted, not everyone can do this; if, for instance, you are an executive for a major international corporation, you should probably assume that at some point someone will attempt to investigate you and/or your computers -- if not law enforcement, then the competition or a freelance information seller. So you do want to think at least briefly about the question, "Who would want to break into my computer, and what will it cost me if they succeed?" In my case I've concluded, at least for the time being, "Maybe some neighborhood kid fooling around" and "Not much if I have offsite backups." YMMV.
Cut that out, or I will ship you to Norilsk in a box.
We show too much kindness to rapist and child molesters.
Welcome to Oops!
Here, we have aa drunken frat boy who took a whiz in a parking lot. Public indecency, sex offender. Over here, we've got a highschooler who mooned his principal on graduation day. Sex offender.
So lets all say it together! "OOPS!"
Keep that in mind while you're busy waving around your burning crosses and what not. Not everyone who is a "sex offender" is a child rapist, or even really all that offensive.
But for now, you can murder somebody, and you don't have to register, but mooning somebody, peeing outside, or being 20 and having sex with a 17 year old who said she was 19 can get you labeled as a sex offender for life (depends on the state) and that's just plain wrong.
I suspect that varies from state to state. In any event, even if you molest your child, you're still their parent, so it would seem appropriate that you should still have `paternal rights' (which is a remarkably vague concept anyways.)They (Child Protective Services and similar government organizations) don't generally take children away from their parents and never ever give them back except maybe in the most extreme cases. Being placed in a foster home or orphanage, especailly forever, is seriously disruptive to a child's life, so they're not going to do that if there's any other alternative. They'll have to look at each case individually and try and work out what's best for the children. In most cases, that probably involves staying with the parent(s), and instead getting counselling for the parents or something.
Infants generally have no problems getting adopted. But once the kids grow up a bit, things change, especially if they're not white. Few people want to adopt them, and so they get shuffled between foster parents and orphanages. Not a good way to grow up.
Except the stigma also affects those who get wrongly accused or for example, has sexual relations with a 17 year old when the 17 year old lied about their age.
Using an off-the-shelf undelete utility or such to find evidence of wrongdoing may be sufficent in order to fire or investigate someone, but any competent laywer would rip that 'evidence' to shreds.
To get a serious felony conviction, evidence has to meet defined standards. For example, recently many DUI's got tossed out in my area because the officers did not properly document the temperature of the equipment.
All evidence needs a documented, trusted, chain of custody. If you suspect an employee of storing kiddie porn on a company computer, and you do anything with that computer before the police get it, the evidence loses a lot of value.
Proper forensic software; just like Breathalyzers, DNA/Fingerprint equipment, and anything else used to collect/store potential evidence needs to be known and trusted, and used by certified forensic folks, because it's not a mad scramble to get as much data as possible, it's an attempt to prove a crime was commited beyond a reasonable doubt.
As an example, it would be difficult to convict someone for having a few peices of child porn in their cache... how many of you have goatse somewhere on your hard drive, does that mean you willfully went there? But if hundreds of photographs are stored in a deliberate fashion, you might have something.
The feds have a nice little chip, weighing under 1 ounce that goes inside of an existing keyboard attached to the wires leading to the PC that logs keystrokes to a buffer for later retrieval. Handy for getting passwords to encrypted drives and such.