Slashdot Mirror

← Back to Stories (view on slashdot.org)

Alternative Browsers Impede Investigations

Posted by CmdrTaco on from the all-the-more-reason-to-switch dept.

rbochan writes "Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""

138 of 720 comments (clear)

  1. It's *not* rocket science, guys... by TripMaster+Monkey · · Score: 5, Insightful

    This is one of the dumbest articles I've read in a while...

    From TFA:
    Internet Explorer hides nothing from police and other investigators who examine PCs to discover which sites the user has visited.
    Implying that 'alternate browsers' such as Firefox and Opera, 'hide' data? Shenanigans! These other browsers don't 'hide' anything...you just have to know where to look.

    Also from TFA:
    These programs use different structures, files and naming conventions for the data that investigators are after. And files are in a different location on the hard drive, which can cause trouble for examiners.
    You can't be serious. If it's this easy to thwart the authorities, maybe I should tender my resume.
    God help these 'professionals' if a suspect's computer happens to run Linux...which brings up a disturbing thought...is the presence of a 'non-standard' browser or OS now going to be 'suspicious' to investigators, because they can't seem to penetrate its 'arcane secrets'?
    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:It's *not* rocket science, guys... by DrEldarion · · Score: 5, Funny

      Oh come on, it's nearly impossible to find the URL history! Ctrl-H is a very, very complex cracking method.

    2. Re:It's *not* rocket science, guys... by MyLongNickName · · Score: 4, Insightful

      Is is dumb, but not for the reason you suggest. It is dumb because software isn't to be designed with 'criminal investigator usability' as a design consideration.

      Simple as that.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    3. Re:It's *not* rocket science, guys... by ron_ivi · · Score: 2, Insightful
      More frightenly, IMHO -- why does *ANY* browser leave this stuff unencrypted on a hard drive anyway.

      That's just begging for a virus/trojan that might infect a PC to steal confidential data.

    4. Re:It's *not* rocket science, guys... by KiloByte · · Score: 5, Funny

      Actually, FireFox Deer Park (pre-1.1) which I am using right now has a right-in-your-face menu item to remove this kind of data. Those bad evil criminals don't even have to dig through the options to purge the evidence for their wrongdoings. Clearly, this browser must be a work of the devil and should be banned.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    5. Re:It's *not* rocket science, guys... by Anonymous Coward · · Score: 3, Funny

      Well, you just proved the authors point.

      On the BeOS version of Firefox it's ALT+H, not CTRL+H! ;)

    6. Re:It's *not* rocket science, guys... by EvilMonkeySlayer · · Score: 5, Informative

      If you're using windows (2000/XP Professional), right click on the directory you want to use encryption. Then select Properties, on the general tab click on Advanced and tick Encrypt contents to secure data.
      There you go, transparent encrypted directory.
      Also, Truecrypt is capable of encrypting stuff too.

    7. Re:It's *not* rocket science, guys... by Valiss · · Score: 4, Funny

      Oh come on, it's nearly impossible to find the URL history! Ctrl-H is a very, very complex cracking method.


      Good job. Now you've flagged yourself and the FBI is undoubtedly on its way. Giving away what is most likely a National Secrect! Please don't let them look here.

      --

      -Valiss
    8. Re:It's *not* rocket science, guys... by BJZQ8 · · Score: 5, Interesting

      This is NOT a joke. I have dealt with some state police "computer forensics" people that were little more than a rookie cop with a "Computer Forensics for Dummies" book under their arm. It was THAT bad. They used undelete utilities and such to get a file off of a ZIP disk. Wowee. They are given virtually unlimited budgets and permission to buy practically any computer item, all in the name of security...but you can't change the fact that they are LEJA majors, not CS majors.

    9. Re:It's *not* rocket science, guys... by beacher · · Score: 4, Informative

      Here's the best part - "One specific challenge with Firefox and Opera is identifying which Web addresses have been entered manually as opposed to having been clicked on in a hyperlink"..

      Cmon.. any advanced porn^H^H^H^H surfer knows to go to google, enter the url and click through google's url. That way you don't have a suspicious empty dropdown bar and you can simply delete the url and google's search url) from the history and for all intents and purposes, you never went there (just dump the cache).

      I guess these guys were never married. Simply having an attentive wife teaches you that FED defeating trick. The location dropdown bar and autocomplete can be a lot of trouble.

      Heh

    10. Re:It's *not* rocket science, guys... by shanen · · Score: 2, Insightful
      I basically agree, though I think you didn't word the criticism directly enough. The deeper point revealed by the "serious" publication of this kind of tripe is that America is moving to a police state where the convenience of the police is a primary consideration over the freedoms and rights of the citizens. Since they (the political monopolists, not the police) want to monitor everything and everyone in search of their political enemies, then of course they want to maximize the convenience of the process. Searching for terrorists is just an excuse for standardizing browsers in this specific case, and the police are just the hired agents.

      By the way, that's actually an important point: As far as I know from my studies of history, the police themselves are never the instigators of police states, just as terrorists are never the instigators of reigns of terror. The dark "oxymoronic" side of English?

      Of couse it's impossible to know exactly how the present will look from the historical perspective. Some elements are clear, such as Dubya being a miserable failure, but I have trouble imagining how they will label the dominant philosophy of these times. Royal fascism?

      This article sounds like something Ann Coulter would write.

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    11. Re:It's *not* rocket science, guys... by Florian+Weimer · · Score: 5, Informative

      Oh come on, it's nearly impossible to find the URL history! Ctrl-H is a very, very complex cracking method.

      Digital forensics is performed offline. You don't run the browser software to read its history.

      However, I fail to see how this would create problems for law enforcement. Most of the interesting data is readily available. And the data formats haven't changed that much since the days when Netscape was the dominant browser.

    12. Re:It's *not* rocket science, guys... by Anonymous Coward · · Score: 5, Funny

      In related news, police are complaining that not all criminals conduct their affairs in American Standard English.

      "It's an outrage! Why do people insist on impeding our efforts to be an all-seeing eye?"

    13. Re:It's *not* rocket science, guys... by 99BottlesOfBeerInMyF · · Score: 2, Interesting

      God help these 'professionals' if a suspect's computer happens to run Linux

      I remember reading a while back that when the FBI seizes a macintosh computer they ship it to the Canadian Mounties for data recovery because the FBI does not know how to recover data from macintosh computers. I don't know if that is true, but I would not be surprised.

    14. Re:It's *not* rocket science, guys... by einhverfr · · Score: 2, Insightful

      I don't doubt it.

      This being said.....

      If we are to value the market economy, we can't let the incompetence of law enforcement be used as an excuse to bully us into using a product released by a convicted monopolist.....

      --

      LedgerSMB: Open source Accounting/ERP
    15. Re:It's *not* rocket science, guys... by RetroGeek · · Score: 5, Insightful

      There you go, transparent encrypted directory

      Which means it is transparent to the logged in user, which means it is transparent to the virus/ trojan horse/ spyware.

      And your point?

      --

      - - - - - - - - - - -
      I am a programmer. I am paid to produce syntax not grammar. Deal with it.
    16. Re:It's *not* rocket science, guys... by JohnFluxx · · Score: 2, Interesting

      While this is true, the computers they can't deal with get sent out to private companies, who _are_ good. Either way they get the data - just the cheap or expensive way.

    17. Re:It's *not* rocket science, guys... by Hadlock · · Score: 4, Informative

      Or in Mac OS X, go to System Preferences, click on the Security button that looks like a house with a padlock dial on it, then click the button that says Turn on FileVault. It'll take probably an hour to encrypt your hard drive in 128 bit encryption depending on computer speed and hard drive size, leaving you with a transparent encrypted directory.

      --
      moox. for a new generation.
    18. Re:It's *not* rocket science, guys... by Mr+Guy · · Score: 2, Funny

      Or, you could just delete it from the history and turn off autocomplete for forms.

      Not that I do that. Er, it works.

      --
      Never confuse volume with power.
    19. Re:It's *not* rocket science, guys... by Shadow+Wrought · · Score: 2, Funny
      Simply having an attentive wife teaches you that FED defeating trick.

      Hopefully she not attentative enough to read your /. postings...

      --
      If brevity is the soul of wit, then how does one explain Twitter?
    20. Re:It's *not* rocket science, guys... by slaker · · Score: 2, Informative

      I find it hard to place much credence in that article.

      One of my students is an Indiana State Trooper undergoing computer forensics training. Since he's enthusiastic about his classes, I get to hear about what he's being taught at all his Homeland Security-sponsored courses.

      And it turns out that he's learning some pretty complex things, at least as far as examining the contents of hard drives. He has programs that can analyze Windows or *nix systems with a good level of accuracy. He talks about looking at partition tables to ensure that the drive geometry matches with the size of formatted space on a hard disk, and how to poke around in unpartitioned space or oddball filesystems or file types with a hex editor. He can dissect the contents of Linux or Windows swap space and he's fairly unpeturbed about sitting in front of unfamiliar operating systems on PC or Apple hardware.

      Granted, that's one guy, but he's not really a computer nerd, just someone who has been taught to do computer forensics work. And given that he seems fairly competent, I don't think something like a Firefox History would hinder him much at all.

      --
      -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
    21. Re:It's *not* rocket science, guys... by bhsx · · Score: 2, Funny

      CTRL +H closed my Opera session you insensitive clod!
      Luckily it also popped-up everything I had open with a restart. ;)

      --
      put the what in the where?
    22. Re:It's *not* rocket science, guys... by ArsonSmith · · Score: 4, Funny

      Yea and someone with the title "Computer Forensics Expert" shouldn't have to learn all these diffrent conventions.

      --
      Paying taxes to buy civilization is like paying a hooker to buy love.
    23. Re:It's *not* rocket science, guys... by Lumpy · · Score: 4, Insightful

      I also agree with this.

      we hired an Ex FBI computer forensics expert, he "retired" 3 years ago at the age of 37. the man knows absolutely nothing about computer forensics. I started talking to him during lunch to ask him how he would recover evidence from a company PC that a user was using to surf kiddie porn with.

      He said you grab the IE history folder and temp internet folder.

      I asked so what do you do when that user uses the option to empty the contents of that folder or uses XP power tools to set it to empty it on a regular basis. or installed one of those "hide your tracks" programs you get spams about every other week?

      He responded that highly skilled hackers like that are not common in the business world and then he would have to send the drive in for electron microscope examination.

      The man shit his pants when the situation finally came around that he was unable to retrieve evidence from a ex employee's laptop. I gave them a printout of cookies to all the websites the guy visited and a detailed record of his ill-gotten web useage for the last week he was here. I used my leet haxor skillz and unleased a secret tool called proxy server logs as well in my 20 minutes. He took 7 days to retrieve nothing.

      and at that time I was a lowly know-nothing IT guy.

      moral of the story? if you have 1/2 a brain it is really easy to elude the police in "computer crime" and hide all your evidence easily. the only thing going for the police is that the typical criminal is working with 1/16th of a brain.

      --
      Do not look at laser with remaining good eye.
    24. Re:It's *not* rocket science, guys... by Shads · · Score: 5, Funny

      Sgt.Smith: "Damnit Jones, firefox. Another criminal goes free."
      Lt.Jones: "You you know Smith, I sometimes wonder if we just were competant with computers if we could well, you know, understand basic computer forensics instead of relying on software to do it for us?"
      Sgt.Smith: "Shutup Jones, theres a way we do things here, it's the microsoft way, all other ways are abhorant and methods of the terrorists."
      Lt.Jones: "Good call Smith!"

      *sigh* It's only sad because it could be true. Police forces need to hire security professionals and train them to be computer forensics. Not hire police officers and rely on them to learn the ins and outs of computer security.

      --
      Shadus
    25. Re:It's *not* rocket science, guys... by Total_Wimp · · Score: 5, Insightful

      It is dumb because software isn't to be designed with 'criminal investigator usability' as a design consideration.

      But I wish more software was designed with leaving a small or non-existant trail as a design consideration.

      When I speak on the phone, none of it get's recorded unless someone makes a special effort to do so. I would hope my computing experience could be the same.

      And I really hate the idea that a bunch of you people are thinking I'm some kind of major criminal for wanting it that way. If you happen to be one of the ones that think I should be happy to have everything logged, then please set up a web cam in your bedroom and tape everything that happens. After all, there really isn't any chance of it falling into the wrong hands and law enforcement might need to check those tapes to make sure you're not snorting coke in there. Cops are good people and none of them will laugh about what you're doing witht that banana. I promise.

      TW

    26. Re:It's *not* rocket science, guys... by SeaFox · · Score: 4, Funny

      However, I fail to see how this would create problems for law enforcement.

      Maybe their forensic tools can extract the browser history from the file and the software isn't aware a bookmarks file doesn't have to be named "favorites".

      At least I hope that's the issue.

      Tip for Kiddie Porn addicts: Keep your vids in someplace besides the "My Videos" folder. The authorities will never be able to find them if they're "hidden" in some other folder.

    27. Re:It's *not* rocket science, guys... by Anonymous Coward · · Score: 3, Funny

      I wonder what they would do if they found a computer where Linux was installed and used...

      They'd give the computer back to its owner out of compassion for him being such a geek that he needed to look at pr0n all day in lieu of getting laid.

      At least, that's what happened to me...

    28. Re:It's *not* rocket science, guys... by stryc9 · · Score: 5, Funny
      hahahaha.... lol

      I found this out really quick after the SO moved in. Right after she went to check the website of her university which starts with a 'C' and the first link that pops into the autocomplete bar is Cumfiesta.

      I just bought her a computer of her own.

      --
      www.madeofwinandawesome.com
    29. Re:It's *not* rocket science, guys... by major.morgan · · Score: 4, Interesting

      I teach both networking and computer security. In my classes I have had personal experience with "Computer Crime Investigators". Most of them are officers who have gone to $20-50,000 (not exaggerating) worth of training in a few weeks that they don't understand, got a few "law enforcement only" utilities (Knoppix has better tools) that they can run. They are no better at understanding technology than your average office user. If they can't click a button in their tools and have all of the evidence discovered, analyzed and spit out in a non-technical report - they generally won't get much. Add a sprinkle of encryption and they are baffled. There are those who are quite skilled, but as with most things - they are few and far between.

      For example: I have a friend who works in IT for a law enforcement agency. He constantly gets calls from their computer forensics specialist asking for help on why his station won't boot. Usually it's because he overwrote his boot sector while ananyzing a drive (I don't understand either).

      Unfortunately the prevailing opinion is that teaching a street cop technology is easier than teaching a tech the intracate details of law enforcement. The higher ups don't realize that any IT persons job is basically an daily investigation. I think the answer is to pair up the two, but again, none of these agencies has asked me.

    30. Re:It's *not* rocket science, guys... by zerblat · · Score: 5, Interesting

      The problem is that Mozilla uses Mork to store the history, and Mork databases are more or less impossible to extract usable data from. So you don't really have much of a choice ;)

      --
      Please alter my pants as fashion dictates.
    31. Re:It's *not* rocket science, guys... by Irish_Samurai · · Score: 3, Funny
      I keep all my kiddie porn in C://ROOT on my Windows box. Keeps the FED's out. I Also run a skin that makes windows look like OS X and an IE skin that makes it look like Firefox. My firewall/routers pass is Login/Password - they never guess that

      The Spooks are confused as hell. In fact, the last time I was investigated, one of the Detectives said "Fuck this!", whipped out his own high powered magnet, and aced my computer.

    32. Re:It's *not* rocket science, guys... by XchristX · · Score: 2, Interesting

      In Linux, run a standard installation of KDE. navigate to any file/directory using konqueror, then right click and goto the 'actions' context menu entry, and click on "encrypt & archive file/folder'. It does so using kgpg, KDE's frontend to gpg. You can use a passphrase to encrypt it if you want. That's pretty easy, and can't be crached ab initio by trojans or anything. So why do I have to use windoze?

      --
      l'Homme n'est Rien l'Oeuvre Tout: Gustave Flaubert to George Sand
    33. Re:It's *not* rocket science, guys... by MyLongNickName · · Score: 2, Insightful

      Most do. However, we also want the convenience of auto-fill in fields, URLs that kinda figure out where we want to go based on prior activity. You cannot have those conveniences without making it possible for someone to use it against you. You can make it HARD, but not impossible.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    34. Re:It's *not* rocket science, guys... by Low2000 · · Score: 3, Interesting

      If you are using windows (2000/XP Professional, 2003, Vista), and your a digital forensics professional, and you come accross 'encrypted' NTFS data that has been encrypted using the parents encryption method, do the followign.

      Right click the directory you want to un-encrypt, select properties, security, and press teh advanced button.

      Select the 'Owner' tab, then add your user account and administrator as owners. Remove all other owners.

      Check Replace owner on subcontainers and objects

      Switch the the Permissions tab and select 'Replace permission entries on all child objects with entires shown here that apply to child objects'

      Select 'OK' and go grab a doughnut... ... in a few minutes you should be done.

      I'm honestly not trying to aid would be 'hackers' or anything. I mostly just worry people use windows encryption thinking it's useful if their system has been compromised. It's not...

      There is actualy a MS KB article out there that explains this process a little better then I did but I'm a bit lazy today.

    35. Re:It's *not* rocket science, guys... by prockcore · · Score: 2, Interesting

      Don't look impossible to me. The fact that no-one on that thread seems to know what UTF-16 is explains why they're having so much trouble with a relatively simple format.

      You want a hard file format? Try Quark. SPIFSPOCSPIFSPIT, this means something to quark... but damned if anyone knows what.

      (I'm not talking about xpresstags either, that's a cakewalk compared to quark's binary format)

    36. Re:It's *not* rocket science, guys... by bitslinger_42 · · Score: 2, Interesting

      Granted, a supposed expert who can't figure out proxy logs and cookies isn't very much of an expert, but he does have a point. I do computer forensics for one of my clients, and not only have I never run into a single case where the suspect deliberately hid their activity in the 7 years I've been doing this, but most of them are so unbelieveably stupid that they:

      • surf porn at work
      • during business hours
      • in open cubicles
      • with the monitor facing the hallway
      • when tour groups are going through the building
      • and when tech support is at the next desk

      For the vast majority of cases I've seen, finding evidence isn't really the problem. Explaining what the evidence means to HR/Legal is MUCH more difficult.

    37. Re:It's *not* rocket science, guys... by bitslinger_42 · · Score: 2, Insightful

      Ahh, but the LEOs have a point. In my job, finding suitable evidence to convince HR is a far cry from finding suitable evidence that'd convince a jury of people who aren't smart enough to talk themselves out of jury duty that the cookie file, combined with this bunch of bits that were supposedly deleted and the mumbo-jumbo from the proxy logs means this particular person actively downloaded the picture of the squirrel-porker.

      And that's completely ignoring the whole law thing. I mean, maintaining chain of custody and making sure that only things that are looked at were supposed to be according to the wording of the subpoena are positively trivial. Especially when dealing with crimes that cross jurisdictions and/or state lines. Given the tendency of most geeks to try to get around this little problem (DMCA anyone?), it is probably much more likely that you can teach an existing LEO computers than you can find a true geek and make him not only understand, but also ABIDE BY the law :-)

    38. Re:It's *not* rocket science, guys... by brunes69 · · Score: 2, Insightful

      When I speak on the phone, none of it get's recorded unless someone makes a special effort to do so. I would hope my computing experience could be the same.

      And I really hate the idea that a bunch of you people are thinking I'm some kind of major criminal for wanting it that way. If you happen to be one of the ones that think I should be happy to have everything logged

      This is a really bad analogy, because you can't undo a phone conversation.

      The ability to correct mistakes is one of the reasons personal computing became so popular in the workplace to begin with. Kind of hard to go back to a known good state without keeping a history.

      This is why machines have hard drives.

    39. Re:It's *not* rocket science, guys... by k12linux · · Score: 5, Informative

      Yep, you're right zerblat. I went to search.cpan.org and did a search for Mork. And I have to agree law inforcement couldn't possibly come up with a perl prog like this one:

      ------------
      #!/usr/bin/perl -w

      use File::Mork;

      my $mork = File::Mork->new('history.dat', verbose=> 1)
          || die $File::Mork::ERROR."\n";

      foreach my $entry ($mork->entries) {
            while (my($key,$val) = each %$entry) {
                  print "$key = $val\n";
            }
            print "\n";
      }

      ------------
      BTW, I do realize that your post was sarcastic... as is this one.

      Works perfectly if run in the same directory as history.dat and produces output like:

      ID = 388D
      URL = http://www.google.com/
      Hostname = google.com
      LastVisitDate = 1125064549
      FirstVisitDate = 1125064549
      Name = Google

      It should be left to guru perl coders making $500,000/yr or more to do fancy things like convert timestamps to dates.

      I guess it's a good thing that there are no tools available for Windows that auto-clear IE history, cookies or cache files! What would law enforcement do??

    40. Re:It's *not* rocket science, guys... by Macgrrl · · Score: 2, Funny

      Not so sure about the kiddie porn side of things, but when I used to do Mac repairs, I used to make a point of leaving the 'hidden' directory of porn visible on the desktop after a data recovery. Normally hidden by making the directory 'invisible' in the finder, easily located by simply looking at folder sizes and drilling down until you reach a folder which contains both 5Gb of data but only 500Mb visible data. :)

      --
      Sara
      Designer, Gamer, Macgrrl in an XP World
    41. Re:It's *not* rocket science, guys... by smeenz · · Score: 4, Funny


      Now THIS is funny - from the File::Monk man page:


      THE UGLY TRUTH LAID BARE ^

      Extracted from mork.pl

      In Netscape Navigator 1.0 through 4.0, the history.db file was just a Berkeley DBM file. You could trivially bind to it from Perl, and pull out the URLs and last-access time. In Mozilla, this has been replaced with a "Mork" database for which no tools exist.

      Let me make it clear that McCusker is a complete barking lunatic. This is just about the stupidest file format I've ever seen.

                    http://www.mozilla.org/mailnews/arch/mork/primer.t xt
                    http://jwz.livejournal.com/312657.html
                    http://www.jwz.org/doc/mailsum.html
                    http://bugzilla.mozilla.org/show_bug.cgi?id=241438

      In brief, let's count its sins:

              * Two different numerical namespaces that overlap.
              * It can't decide what kind of character-quoting syntax to use: Backslash? Hex encoding with dollar-sign?
              * C++ line comments are allowed sometimes, but sometimes // is just a pair of characters in a URL.
              * It goes to all this serious compression effort (two different string-interning hash tables) and then writes out Unicode strings without using UTF-8: writes out the unpacked wchar_t characters!
              * Worse, it hex-encodes each wchar_t with a 3-byte encoding, meaning the file size will be 3x or 6x (depending on whether whchar_t is 2 bytes or 4 bytes.)
              * It masquerades as a "textual" file format when in fact it's just another binary-blob file, except that it represents all its magic numbers in ASCII. It's not human-readable, it's not hand-editable, so the only benefit there is to the fact that it uses short lines and doesn't use binary characters is that it makes the file bigger. Oh wait, my mistake, that isn't actually a benefit at all.

      Pure comedy.

    42. Re:It's *not* rocket science, guys... by Macgrrl · · Score: 2, Interesting

      In Victoria is is illegal to sell X-rated material or own more than 50 X-rated titles Note it is not illegal to BUY X-rated material.. Kiddie porn is always illegal to possess or distribute.

      The only places in Australia where you may legally sell X-rated materials are in the two territories; i.e. Northern Territory and Australian Capital Territory (where our nation's capital is located).

      --
      Sara
      Designer, Gamer, Macgrrl in an XP World
  2. Quick People! by fembots · · Score: 2, Funny

    Switch back to IE, it's the best Homeland Security Friendly browser on earth!

    While the summary sounds like a "problem", the article clearly indicated that someone has already figured how to deal with these alternative browsers and is sharing with the law enforcement agents.

    --
    Rock that crushes, Paper & Scissors that don't matter.
    1. Re:Quick People! by neuro.slug · · Score: 2, Funny

      I can see it now:

      "When you use Firefox, you are supporting terrorism!"

      It's the kind of funny that makes you want to laugh and cry simultaneously.



      -- n
  3. Dear god no! by Rei · · Score: 5, Insightful

    Heaven forbid that they have to learn to deal with a different file layout. I mean, it's not like these are supposed to be skilled professionals practicing their trade here...

    --
    sed "s/SJW.*$/... never mind. I was about to say something stupid, and also, I'm a troglodyte./Ig"
  4. Browser concerns by bigwavejas · · Score: 2, Interesting
    It seems to me this is the least of their problems. Finding the potential wrongdoer is much more difficult than actually locating data on their computer. With anonymous surfing methods Tor and drive encryption technologies TrueCrypt I would almost consider an unencrypted/ unsecure system a "non-issue."

    /search/*.jpg, *.html, *.gif, *.etc...

    Firefox and Opera may use a different method of file structure/ naming, but they *do* have a fundamental process and that process does not vary from system to system.

    --
    "Simplify, simplify, simplify!" Thoreau
  5. If you use Firefox... by 1zenerdiode · · Score: 4, Funny

    ...the terrorists have already won.

    1. Re:If you use Firefox... by kfg · · Score: 4, Funny

      I'm afraid I do worse than that. I encrypt all of my text files with something called "Pig Latin."

      The poor bastards in law enforcement are powerless against it, and I am evil, evil, evil for not living my life with an eye toward making it pathetically easy for any traffic cop to fully investigate me for anything, as any good PATRIOT should.

      Muuuuuuuhahahahaha!

      KFG

  6. In other news... secret hideouts by Anonymous Coward · · Score: 5, Funny

    In other news, bad guys hide in secret hideouts, which makes it hard for the Police to do their job.

  7. TOR by IAR80 · · Score: 3, Funny

    Damn I have deployed TOR for nothing. Installing Firefox was enough.

    --
    http://ebgp.net/ccc/
  8. Professional white-hat script kiddies by Kelson · · Score: 5, Insightful

    It sounds like a lot of the people doing this kind of investgation aren't actually computer experts, but using pre-packaged software or following a list of directions someone has tailored for IE.

    Effectively, they're professional script kiddies working for the common good instead of against it.

    The lesson? Training. You wouldn't put a detective in the morgue and hand him a scalpel, and you wouldn't drop him in a science lab. You'd hire a coroner, you'd hire someone trained in forensic science. If you're going to search someone's computer for evidence, hire an expert or train someone to become an expert.

    1. Re:Professional white-hat script kiddies by sTalking_Goat · · Score: 2, Insightful
      Not saying all Cops are evil (Meter-maids on the other hand...), but the next time someone steals your stuff and you find a cop who gives damn beyond filing the inital report let me know...

      They're too damn busy for the "little stuff", but not to busy to cross the street to write me a ticket for riding my bike on an empty sidewalk.

      --

      My days of not taking you seriously are certainly coming to a middle...

  9. Profit! by pwnage · · Score: 3, Funny
    I have decided to submit a patent for this. "A Method of Obfuscation of Law Enforcement Data through the use of Better Internet Browsing Software."

    Help me out, /.!!!

    1. Submit patent.
    2. ???
    3. Profit!

    --
    Reminder: Apple owns 1/255th of the internet.
  10. This explains everything! by N3wsByt3 · · Score: 2, Funny

    Now I understand why the police or 'special' agencies can't find their terrorists: they rely on MS in general, and IE in particular! ;-)

    --
    --- "To pee or not to pee, that is the question." ---
  11. Um, Duh? by NorbMan · · Score: 5, Interesting
    From TFA:
    Firefox and Opera store information on typed URLs in a different file than IE does, and the files are somewhat tough to decipher

    You would think since Firefox is open-source, it would be a trivial matter to determine the format of the cache files by examining the source code.

    1. Re:Um, Duh? by Kelson · · Score: 2, Insightful

      Quick question: is the average detective familiar with C or C++?

      No?

      What good is the source code going to do him?

    2. Re:Um, Duh? by Dr.Dubious+DDQ · · Score: 2, Insightful

      None...but if they divert some of the money they spend on, say, hiring Psychics(tm) hiring a programmer (or for that matter just "someone skilled with computers") THAT person may be helped by it, and can certainly develop some simple "how to find where Firefox puts stuff" training for them.

      --
      Hacker Public Radio is our Friend
    3. Re:Um, Duh? by Coryoth · · Score: 2, Insightful

      hiring a programmer (or for that matter just "someone skilled with computers") that person may be helped by it, and can certainly develop some simple "how to find where Firefox puts stuff" training for them.

      If they can hire a programmer who has a clue then just get him to write a script for Encase that automatically searches out and displays Firefox, Opera, Safari, and other browser caches and logs. It would not be very hard at all. Distribute said script to all the police departments, and have the forensics monkeys click a menu item to find all the web caches and logs regardless of the browser used.

      Jedidiah.

      --
      Craft Beer Programming T-shirts
  12. I laughed by Approaching.sanity · · Score: 5, Funny

    And then I realized that they were serious.

    Now I weep for them.

    --
    RTFA again for the best results.
  13. Are they kidding? by Guysmiley777 · · Score: 2, Insightful

    Have they SEEN how IE stores history data? You want to talk about hidden data, sheesh.

    --
    Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.
  14. Wait a second! by Brandon+K · · Score: 4, Funny

    So with a few low-res pictures of some metal objects in Iraq we can determine they have biological weapons... but the 'trained professionals' working for the police can't figure out how to find Firefox's internet logs?

    1. Re:Wait a second! by dascandy · · Score: 2, Informative

      The article doesn't say that.

      There are professionals at the police that don't know a bit from a byte and thus don't ever research those things. They're paid for reading through the outcome of automated searches, to solve many cases. They pay money to others to make the searchability happen.

      The others realise that adding firefox to the list would double the complexity (possibly slightly more) and add a 4% increase in computers they can research. Offset by the fact that most criminals don't know that there is a thing as firefox, why would they care?

      Hence this "article" which doesn't tell you anything but the bleeding obvious.

      Signed, somebody who had his last day at the digital police education center (dunno the english name) last monday.

  15. Totally hose 'em up... by JackTripper · · Score: 5, Funny

    ...Firefox... on Linux! "Find what they've been browsing? Hell, we can't even find C: !"

  16. Guilt by association... by amcdiarmid · · Score: 3, Funny

    Let me see now (Jon Stuart grin), the police haven't learned how "alternative" browsers store data. Users of these "alternative" browsers even have been known to "flush" their data caches. This , um, "flushing" is a suspicious behavior - AND these "alternative" browsers are resistant to spyware that we normally use to "spy" on our "citizens."

    I say, if these "citizens" don't want to be "spied" on, they are SUSPICIOUS! SEND THEM TO GUANTANAMO!

    Meanwhile, in Soviet Russa...

  17. In a word: by commo1 · · Score: 2, Interesting

    Good.

    That's one of the reasons I use Firefox, Thunderbird, Sunbird, etc...

    Security by obscurity is not essentially valid, but it can be useful.

    The government can't force people to organize their thoughts or ideas written down on legal pads with sworn oaths as to dates & times, why should ANY information be handed to them. I run may trace eliminators, for this purpose. I encrypt my file system. If this is going to slow them down or prevent them from gathering evidence, it's done it's job. Just another reason not to buy into the Microsoft way. (I'm not being facetious, it's true: Microsoft has an agenda to be on the side of the law, they HAVE to be lobbying quietly to get stuff like this out and laws passed to enforce it.)

  18. does this say something about education? by millahtime · · Score: 2

    I would say this says something about the level of education and intellegance of authorities. They aren't very educated and smart. If the techie authorities can't handle browser differences how are they supposed to find info on computers are trying to hide.

    If I were the authorities I would be insulted by this article and it implying they aren't smart.

    --
    Evolution or ID?
    1. Re:does this say something about education? by MoonBuggy · · Score: 2, Insightful

      The problem here (and elsewhere) is that people seem to treat computer related problems as a whole different concept to anything else.

      To condense some of the comments on the original CNet page: you wouldn't expect the cop to identify the cause of death in a murder investigation, you'd leave it to an expert (the coroner). You wouldn't expect the cop to check a car engine for tampering, you'd leave it to an expert (a mechanic). As such, there shouldn't be any expectation that the cop should have to go through the logs of ceased machines. Assuming you did leave it to an expert (coroner, mechanic or computer engineer), you'd sure as hell expect them to know their job - the mechanic shouldn't be confused if you bring them a Toyota rather than a Ford, the coroner shouldn't be confused because a person was diabetic, the computer engineer shouldn't be confused because the machine had Firefox or even, god forbid, Linux or BSD installed.

  19. It's not the software . . . by crimguy · · Score: 5, Informative

    As a criminal defense attorney specializing in computer crimes, I can say authoritatively that the investigators are typically poorly trained. Most that I have dealt with are not IT or CS degree holders. In fact, the norm is for it to be a police officer who has taken a 2 week course in Encase, nothing more. Their knowledge of operating systems is lacking to say the least. Of course, this can result in some poor schmuck being convicted for something he didn't do, both because the cops don't know any better, and the juries - who typically take the word of the police as gospel down here in Arizona, know even less and rely on the uninformed testimony of law enforcement.

    1. Re:It's not the software . . . by arkanes · · Score: 2, Interesting
      I don't know how gullible juries are in Arizona, but seriously, can't you exploit this?

      "Officer MacGruff, are you an expert in computer forensics? Can you summarize your education? Can you describe your methodology?"

      This reminds me of the whole speed camera thing in AU, where they lost a major court case because, given 8 weeks, they couldn't find an expert willing to testify on the relability of hashes as MACs. Not because the testimony wasn't believed, mind, but that they didn't have any.

    2. Re:It's not the software . . . by kent_eh · · Score: 2, Informative

      investigators are typically poorly trained
      Specifically, poorly trained in tech matters. (one would hope, not poorly trained in investigation/law enforcement and the kind of stuff that should be their "core competancies")
      I work for a phone company, and often work with various police agencies' "special investigation" units. The officers that I deal with are usually 6-8 year veterans, and have been rotated into SI for a 3-4 year stint. When they have to deal with the interface hardware that they have at our locations, they are typically lost. They show up with dog-eared manuals, and a file full of notes from the last guy that had their job, and try to make sense of E&M signalling, or a serial interface on a Cisco box. Often these guys, while competent police officers, can't program their VCRs at home.
      Fortunately, the IT guys at their offices are usually willing to help them out, and since we know that they are out of their depth, we lend a hand, as far as we are permitted (security reasons).

      --

      ---
      "I can't complain, but sometimes still do..." Joe Walsh
  20. "you want to frustrate law enforcement, use a Mac" by Anonymous Coward · · Score: 5, Interesting

    http://www.theregister.co.uk/2004/01/28/a_visit_fr om_the_fbi/

    A visit from the FBI
    By Scott Granneman, SecurityFocus
    Published Wednesday 28th January 2004 13:05 GMT

              [snip]

    I teach technology classes at Washington University in St. Louis, a fact that I mentioned in a column from 22 October 2003 titled, "Joe Average User Is In Trouble". In that column, I talked about the fact that most ordinary computer users have no idea about what security means. They don't practice secure computing because they don't understand what that means. After that column came out, I received a lot of email. One of those emails was from Dave Thomas, former chief of computer intrusion investigations at FBI headquarters, and current Assistant Special Agent in Charge of the St. Louis Division of the FBI.

    Dave had this to say: "I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are." He then offered to come speak to my students about his experiences.

    I did what I think most people would do: I emailed Dave back immediately and we set up a date for his visit to my class.

    It's not every day that I have an FBI agent who's also a computer security expert come speak to my class, so I invited other students and friends to come hear him speak. On the night of Dave's talk, we had a nice cross-section of students, friends, and associates in the desks of my room, several of them "computer people," most not.

    Dave arrived and set his laptop up, an IBM ThinkPad A31. He didn't connect to the Internet - too dangerous, and against regulations, if I recall - but instead ran his presentation software using movies and videos where others would have actually gone online to demonstrate their points. While he was getting everything ready, I took a look at the first FBI agent I could remember meeting in person.

              [snip]

    Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them!

    Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.

              [snip]

  21. Another article with the same logic by baryon351 · · Score: 5, Interesting

    It's the silliest thing I've read about non-IE browsers, and how they're BAD since I read this one.

    1. Re:Another article with the same logic by maxwell+demon · · Score: 4, Insightful

      I guess those people locking their door are all bad guys as well. After all, the fact that they lock the door shows clearly that they are thiefs, and just want to protect those things they've stolen. So the result of more people locking their doors will be an increase of stealing from those good citizens who leave their door open.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:Another article with the same logic by WiFiBro · · Score: 3, Informative

      site /.-ed.
      google cache: http://66.102.9.104/search?q=cache:JMB0PlWzQEUJ:ww w.danaquarium.com/article.php%3Fstory%3D2005020905 570523+

    3. Re:Another article with the same logic by Badfysh · · Score: 2, Informative
      From TFA:

      (this is satire. don't believe anything you read on the internet)

      --

      I was conned by an old man in a cloak. It turns out those *were* the droids I was looking for.

    4. Re:Another article with the same logic by Knuckles · · Score: 2, Insightful

      that article had to be a joke.

      Probably, cuz it says "This is satire" right there in the footer :)

      --
      "When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
  22. Dumb law enforcement vs. dumb criminals by code65536 · · Score: 4, Insightful

    This is going to be moot if the law enforcement is dealing with people who are serious about what they're doing. I'm sure that if someone is planning an elaborate high-profile attack, they would have the sense to be careful as well, so it won't matter if you use IE or if you use Firefox or if you use Lynx--it's not that hard to wipe out all traces of activity from your computer no matter what browser you use. So I doubt that this is going to be of any help in dealing with smart criminals.

    And if the law enforcement can't figure out how to write a simple tool to decipher the files that are left behind from alternative browsers (especially one like Firefox that is open-source, meaning that the format of such files would be easy to determine), then that's just, well, pathetic.

    And finally, I think that this is a good thing. Most people in this world will probably never ever have to deal with law enforcement. But they do have to deal with snooping parents, snooping friends, snooping girlfriends, snooping spouses, snooping bosses, etc., so I welcome this as good news. ;)

  23. New Firefox Ad: even the popo can't touch this by drgonzo59 · · Score: 4, Insightful
    If the police has problems looking through the firefox files, I think I'll remove all the IE browsers from my lab and install Firefox or Opera.

    In other words, they seem to be slamming Firefox, but actually it is pretty good advertisement for Firefox. They should put on their front page.

    "Even the brightest police investigators can't look at your browser history! Get Firefox today, the most secure browser."

    1. Re:New Firefox Ad: even the popo can't touch this by WiFiBro · · Score: 4, Funny

      say mrgonzo, what are you doing in your labs???

    2. Re:New Firefox Ad: even the popo can't touch this by drgonzo59 · · Score: 2, Informative

      killing mice, performing experiments on them, western blots and such, in other words hard core terrorist activity...

    3. Re:New Firefox Ad: even the popo can't touch this by HTH+NE1 · · Score: 2, Interesting

      Remember the ruling that if you advertise your software as having the function of violating copyright you are liable for contributory infringement?

      Now extend that to advertising your software as creating barriers to law enforcement investigations. Conspiracy to obstruct justice in an investigation to which national security is attached?

      The one thing they should not do is promote this as a feature of their browsers!

      Meanwhile, with the open source browsers, this should give ideas to people who do want to hide this information to modify the source to make the information even more obfuscated and how to make attempts to use the browser itself to extract the information cause the data to self-destruct. The more unique your build, the better.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    4. Re:New Firefox Ad: even the popo can't touch this by hosecoat · · Score: 2, Funny

      what are you, a cop?

    5. Re:New Firefox Ad: even the popo can't touch this by gid13 · · Score: 4, Funny

      It's DOCTOR gonzo, he didn't spend 6 years in gonzo medical school to be called MISTER, thank you very much!

    6. Re:New Firefox Ad: even the popo can't touch this by Anonymous Coward · · Score: 2, Funny

      Other way around. It was a large donation.

  24. About time. by aquabat · · Score: 2, Funny

    It's about time someone linked the use of open source software to the War on Terror(TM). I was beginning to wonder if the authorities were asleep at the wheel...

    --
    A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
  25. This is a great idea! by JavaRob · · Score: 2, Funny

    Somehow we just never realized this... we should also encourage businesses to only use ONE accounting method, so that embezzlement investigations can be simpler. There should only be a single gun manufacturer, with only one kind of gun available... imagine how much simpler investigations would be? "Well, we already know it was a Glock 32 handgun...".

    What are people thinking, that businesses and products might exist to serve the needs of the people paying for and using them? What nonsense! Only law enforcement matters!

    Seriously, even if this were a serious question, don't investigators get MORE useful data in the variations of people's setup? The more unique your suspect's setup, the easier it may be to track them.

    And of course it's perfectly simple to find the Firefox cache -- can someone just drop them an email? They can print it out, tack it to the wall, and quit with the whinging.

  26. In other news.... by microcars · · Score: 4, Funny
    Terrorists and Mafia switch to Macs

    Police, baffled by the lack of a blue "e" can't figure out how they used the Internet.

    "And there's no START button! How are we supposed to find anything?"

    --
    I like microcars
  27. Why should we believe this? by drrobin_ · · Score: 3, Insightful

    I question the trust that slashdotters seem to have in this new story. Why should we believe it?

    The general police forces have managed to get a new story published on how they can not deal with any sort of semi-modern technology. Why should we believe it?

    If I were the police, and I'm sure the police have at least one or two people smarter than me. then I would go to great lengths to get this story published. Why? Not because I can't figure out Firfox, be because I -can- figure out Firefox.

    If my suspect thinks that I am too dumb to understand Firfox, then my suspect is far less likely to use powerful encryption. Without the powerful encruption, I -can- read Firefoxes files, and a significant proportion of criminals will think they are safe when they are not.

    Hell, I'm not even law enforcement but I still find it obvious how this story is a great advantage for the law enforcement community.

    --
    to accept the praise of personal wisdom is an affront to the very ideal i hold dear.
  28. So what's your solution? by commodoresloat · · Score: 4, Funny

    Seriously, what do you propose? Educate them? This is national security that is potentially at stake here, people. We cannot simply turn to the logical solution. There's only one way to deal with this problem and that is to nip it in the bud. All non-IE browsers should be outlawed forthwith and anyone caught using them should be sent to Guantanamo for interrogation.

  29. Cnet is MS Shill by twiddlingbits · · Score: 2, Funny

    Just remember CNET is an MS Shill, has been for a long time. Someone at MS decided to take a shot at other browsers in a way they though no one would complain to much about. After all we are good law abiding sheep ^H^H^H^H^H citizens who need police friendly software and DRM to protect us from the evil terrorists, right?? While we are being protected from the terrorists, the hackeers/scammers and spammers are cleaning up! Just change the name of your Firefox directory to Donut Store Locations and they'll find it in a flash!

  30. Safari's the worst of them all. by tritone · · Score: 4, Informative

    From Apple's website:

    "Using Safari's new Private Browsing feature, no information about where you visit on the Web, personal information you enter or pages you visit are saved or cached. It's as if you were never there."

  31. Dramatization by jettoki · · Score: 2, Funny

    Investigator: Okay, I'm at the desktop.
    Tech Support: Now, click on the icon that looks like a blue, lower-case E.
    Investigator: Um.. I'm not finding anything, chief.
    Tech Support: That's okay, take your time.
    Investigator: No, really. There are no blue E's. Just something that looks like.. an exploding basketball? Or an orange fetus, maybe?
    Tech Support: Wait, wait. No E?
    Investigator: No E.
    Tech Support: I'm sorry, sir, but you'll need to create a customer service ticket. In the meantime, try running Windows Update.
    ...
    Investigator: Christ, we're dealing with a professional!

  32. script kiddies are vermin, Color of hat regardless by infonography · · Score: 3, Insightful
    Windows is already investigation friendly, it stores it's history in system dependant files throught the file system. If some whinner at HS is having issues about other browsers it's likely that in this administraton there is somebody paying somebody to do the whinning (i.e. M$). If somebody want's to mandate a browser then they can kiss my pucker.

    Nobody should ever make it easy for script kiddies (especially because they have a Chicken Inspector Badge).

    --
    Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
  33. Goody for me by MatD · · Score: 2, Funny

    I run BeOS. Now the feds can never catch me Bwahahahahah.

    --
    Since when did operating systems become a religion?
  34. And In Other News by MightyMartian · · Score: 4, Funny

    Detroit, MI - The American Union of Automechanics is complaining loudly that different makes and models of cars use different parts. "It makes our job very difficult." said Winston Q. Crescenthead. "I mean, we have to work on a Vega, and then turn around and try to fix one of these new Toyota 4Runners. Some of these cars even use different kinds of wrenches. You should see the tools I have to use." Other mechanics have shared similar horror stories. "I got some little British roadster in the shop. It's taken six months of deep psychotherapy, and I think I might be up to the task of putting air in my kid's bicycle tire." The AUA is demanding that Congress pass law a forbidding the sale or use of any vehicle other than a 1972 Chevy Nova.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  35. The one thing that has always bugged me... by TodLiebeck · · Score: 2, Interesting

    The one thing that has always bothered me about such "forensic analysis" in computer crime investigation is the fact that it is fairly trivial for a competent developer-type person to artificially create this information and tell any story s/he wants. If someone wanted to frame a person for a computer crime they could even develop a trivial piece of malware that would actually visit target sites from a person's computer over time, such that even the ISP's and target host's logs would confirm the user's activity. Such a program could be configured to activate only when a user was at a computer. The only technical challenge to creating such a piece of software would be finding a means to install it, but it's common knowledge that there are a great variety of means (both social and technical) to accomplish this step.

    It would be my guess that it would be fairly difficult to convince a jury that the real criminal was an "evil program" running behind the scenes. The only real hope for a defendant in such a scenario would be to find some flaw in the malware program to suggest its existence (for example, if it activated when the defendant was out of town and his/her spouse was using the machine).

    It concerns me that somewhere, someday, someone might go to prison as a result of the forensic analysis of his/her computer when in fact the criminal act was committed by a third party solely for the purpose of landing his/her victim in prison.

  36. In a related story ... by khasim · · Score: 5, Funny

    ... homicide investigators admitted they were stumped when a murderer used an aluminum bat to bludgeon his victim to death rather than the standard lead pipe.

    Said an officer who wished to remain anonymous: "We're not even sure there was a murder without some trace of lead at the scene. A bullet ... traces from a pipe ... lead is what makes it a crime scene."

  37. priceless by milimetric · · Score: 2, Funny

    that's too funny. Ok, so lets for one second "suppose" that for some really funny reason what TFA says is true. IE doesn't hide anything and Firefox and Opera do.

    This is, just by the way, not true. IE puts some hidden stuff in that Content.IE5 folder which seems to not exist on your hard drive (it's not hidden or operating system protected) but pops up if you type it into the address bar after your temporary files. OOOOOh, that's fucking straightforward.

    So AAAnyway, let's "suppose" that this is all backwards and that somehow Firefox hides data. Think about that for a moment? What are they proposing? That everyone switch to IE so that it's easier for the FUCKING GOVERNMENT TO SEARCH THROUGH OUR SHIT? LOLOLOLOLROTFLMAO. Moreover, lets suppose that all reason and rationality has just jumped out of a 10 story building, if everyone does switch to IE to enable the government to better monitor us, are the terrorists and people with shit to hide going to do the same thing? NO MAN, HOLY FREAKING GOD, NO. THAT'S THE WHOLE FUCKING POINT OF BEING A THIEF AND A PIRATE AND A FUCKING TERRORIST.

    Article summary: terrorists are uncooperative with authorities because they use a file structure which is non standard and harder to search.

    AHAHAHAHAHAHAHAHA. I almost pissed my pants. Dude, the fucking government should be worried about how to recover files from hard disks that have been literally blown up in explosions to cover up data. Jesus christ. CNET is like, really dumb.

  38. CS degrees? by matt+me · · Score: 2, Funny

    These guys have degrees in Counter-Strike? Shit! The 1337 and policing our nation - you know those terrorists are wallhacking.

  39. yes it does by commodoresloat · · Score: 4, Informative

    Actually it does suck, and I say this as an OS X fan. I don't want my home directory encrypted. Why should I encrypt my mp3s and photo collection? But I do want the option of encrypting a folder. The amount of data that really needs encryption is tiny compared to the amount of stuff on my hard drive.

    1. Re:yes it does by Moofie · · Score: 2, Insightful

      Huh. I keep my MP3's in a shared directory, so that's not a problem for me.

      One of the things about encryption: If you encrypt everything, it's harder for an attacker to determine what's important and what's not. If I can encrypt my entire home directory at essentially no cost, why not do it?

      --
      Why yes, I AM a rocket scientist!
  40. Ummm - it's not offline by grahamsz · · Score: 5, Interesting

    In some states, parole for sex offenders can require that they don't look at pornography.

    Their parole office will drop by periodically and check their PC. They have some sort of forensic software that does this.

    I've heard some jurisdictions require that you only run Windows on your computer as a condition of your parole. Logically this translates to going back to prison for owning a knoppix cd.

    There simply aren't the resources to train all parole officers in computer forensics, expose them to various obscure operating systems, or to perform regular offline analysis of offenders hard drives.

    The resources are (probably) there for big cases, but when there are probably close to half a million sex offenders on parole - it's just not practical.

    1. Re:Ummm - it's not offline by mfrank · · Score: 2, Insightful

      So, how hard is it to hide a 4 GB flash drive full of porn?

    2. Re:Ummm - it's not offline by scdeimos · · Score: 2, Insightful

      That's just as good an excuse as saying "you need to buy Office 95 because we can't read your Office XP files with our copy of Office 95."

      It's up to the government to get with the times and update their forensics software. If their software vendor can't do it for them (no pun intended) then change vendors.

    3. Re:Ummm - it's not offline by dougmc · · Score: 2, Interesting
      It's up to the government to get with the times and update their forensics software.
      I wouldn't suggest holding your breath waiting for that to happen.

      If you're a normal citizen, not out on parole or having to register as a sex offender or something, use whatever OS and browser you want. They haven't make this illegal yet.

      If you've been convicted of child porn violations, or have to register as a sex offender, you're screwed already, and nobody's likely to really care. Our legal system has a nice habit of continuing to punish people for things like this indefinitely (in spite of the Constitution's `no cruel and unusual punishments' section) and I don't see this changing any time soon. Even if all you did was get caught peeing behind a bush.

      NOBODY is going to make the police update their equipment just to give you more freedom in what OS or browser you use. (And you should be glad that they allow Windows XP, and not 95 or 3.1.)

    4. Re:Ummm - it's not offline by Albinofrenchy · · Score: 2, Insightful

      No one's likely to care because your scum. Making someone use windows isn't cruel or unusual.

      We show too much kindness to rapist and child molesters. Did you know that a person who molests a child still has parental rights so long as it was their child they molested? The victims of these kinds of crimes are punished indefinitely, I don't see why the stigma against the offenders should be any less

      --
      "A man is but the product of his thoughts what he thinks, he becomes." -Mahatma Gandhi
    5. Re:Ummm - it's not offline by jonadab · · Score: 3, Insightful

      Umm, if they want to require convicted sex offenders to use only approved software on their computers, I guess I can live with that. (They let them have access to the _internet_ while on parole? Convicted sex offenders? Isn't that, like, lenient *enough*? I think that's really fairly generous, to allow them that, under the circumstances, considering that there really aren't adequate resources to monitor it very closely at all.)

      But as far as regular, non-convicted type people, I don't think it's reasonable to consider using an alternative browser to be "making trouble" for potential investigators. I mean, if having the web browser cache in a different place makes investigation hard, what would happen if a suspect had, I don't know, a Mac, for crying out loud? If the investigation doesn't warrant getting somebody who knows enough to find the browser cache in a slightly atypical place, is it even worth investigating the computer at all?

      I mean, what would happen if the suspect had an MSIE icon on the desktop, and used it for normal stuff, but for subversive or illegal activities used something else, something with *no* shortcut icon on the desktop or in the start menu? You know, like a copy of Netscape 4 tucked away in a hidden directory underneath C:\WINDOWS\SYSTEM16\ someplace?

      C'mon, either *investigate* the computer, or else don't, but just casually going through the single most obvious place, does that really count as an investigation? That's the electronic equivalent of getting a warrant, looking for stolen merchandise on the kitchen table and in the bedroom closet, and ignoring the attic and basement. What kind of investigator operates that way? Seriously, act like your job might actually matter and be worth doing, or something.

      --
      Cut that out, or I will ship you to Norilsk in a box.
    6. Re:Ummm - it's not offline by Anonymous Coward · · Score: 4, Insightful

      We show too much kindness to rapist and child molesters.

      Welcome to Oops!

      Here, we have aa drunken frat boy who took a whiz in a parking lot. Public indecency, sex offender. Over here, we've got a highschooler who mooned his principal on graduation day. Sex offender.

      So lets all say it together! "OOPS!"

      Keep that in mind while you're busy waving around your burning crosses and what not. Not everyone who is a "sex offender" is a child rapist, or even really all that offensive.

    7. Re:Ummm - it's not offline by dougmc · · Score: 4, Insightful
      We show too much kindness to rapist and child molesters.
      Well, when they start `sex offender' type registration for all serious offencers, not just `sex offencers', I'll agree with it a bit more.

      But for now, you can murder somebody, and you don't have to register, but mooning somebody, peeing outside, or being 20 and having sex with a 17 year old who said she was 19 can get you labeled as a sex offender for life (depends on the state) and that's just plain wrong.

      Did you know that a person who molests a child still has parental rights so long as it was their child they molested?
      I suspect that varies from state to state. In any event, even if you molest your child, you're still their parent, so it would seem appropriate that you should still have `paternal rights' (which is a remarkably vague concept anyways.)

      They (Child Protective Services and similar government organizations) don't generally take children away from their parents and never ever give them back except maybe in the most extreme cases. Being placed in a foster home or orphanage, especailly forever, is seriously disruptive to a child's life, so they're not going to do that if there's any other alternative. They'll have to look at each case individually and try and work out what's best for the children. In most cases, that probably involves staying with the parent(s), and instead getting counselling for the parents or something.

      Infants generally have no problems getting adopted. But once the kids grow up a bit, things change, especially if they're not white. Few people want to adopt them, and so they get shuffled between foster parents and orphanages. Not a good way to grow up.

    8. Re:Ummm - it's not offline by Anonymous Coward · · Score: 2, Insightful

      Except the stigma also affects those who get wrongly accused or for example, has sexual relations with a 17 year old when the 17 year old lied about their age.

  41. What about Lynx by rtb144 · · Score: 2, Funny

    What if I look at pr0n with Lynx?

    --
    Sie ist tunbar!
    1. Re:What about Lynx by HermanAB · · Score: 2, Funny

      Ooooooohhhh, I can see her semicolon!

      --
      Oh well, what the hell...
    2. Re:What about Lynx by binford2k · · Score: 2, Funny

      Better than seeing her period, I suppose.

  42. No, it doesn't. by jd · · Score: 2, Funny

    It shows they're criminals because it forces Law Enforcement to use non-standard methods of entry (like through a window).

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  43. Mod Parent Up by yRabbit · · Score: 2, Insightful

    That was my thought, after seeing "And the data formats haven't changed that much since the days when Netscape was the dominant browser.".
    It's not like Firefox is open source or anything.</sarcasm>

    From article:
    Firefox and Opera store information on typed URLs in a different file than IE does, and the files are somewhat tough to decipher, Lewis said. He showed his students--mostly law enforcement agents and private investigators--how to do it.
    Look at the source for the browser, silly.

    "Each browser has its intricacies," he said. "You can find some details online, but often it is difficult."
    You have to wonder if they're talking about the same Firefox browser here.

    Eh, not that I've poked around the source or would know what to do once I found the bit telling how it stores its cache or anything. But still..

    1. Re:Mod Parent Up by dirty · · Score: 2, Funny

      Don't bother with the source. Look at the file history.dat in the Firefox user profile. Guess what it contains. After hours of work I wrote a program to decipher the data:

      cat history.dat | grep '=http://'

      Hard work! Yes there is a lot of data other than strict URLs in there, and some of them span lines, so a simple grep isn't perfect, but it's not hard to get a basic list, and like other people have said, Firefox is open source it would be easy to write a program to pull all of this data.

      --

      -matt
    2. Re:Mod Parent Up by zaxus · · Score: 2, Informative

      You do realize that the 'cat' in this case is redundant, right? Grep will open files you specify, as follows:

      grep '=http://' history.dat

      No cat neccessary.

      --
      /. zen: Imagine a Beowulf cluster of Beowulf clusters...
  44. Firefox by DrIdiot · · Score: 2, Funny

    By using Firefox or Opera, you are supporting global terrorism and "open-source" communists! Switch to IE, now called Freedom Browser!

  45. My Response by Goo.cc · · Score: 3, Insightful

    Boo Hoo!

  46. Forget about locking doors... by MrDomino · · Score: 2, Funny

    If you wear pants, that means that you've got something to hide.

  47. I agree by grahamsz · · Score: 2, Informative

    Hide a linux lapatop with wireless in a closet somewhere and use vnc to access it. Hell, just use a disk on your neighbours wlan.

    You can find clues of these things though. Look at the vnc history, try pinging the broadcast address on the subnet, look in the arp cache, see if there are clues in the registry that another drive was mounted.

    I suspect it would be very hard to thwarte a computer forensics expert, but i'm sure the VAST majority of petty criminals can be caught by someone with a weeks worth of training.

    1. Re:I agree by jonadab · · Score: 3, Insightful

      > I suspect it would be very hard to thwarte a computer forensics expert

      An encrypted filesystem would presumably make their job rather harder.

      Of course, that only works for ex-post-facto forensics. If someone plants a hidden camera where it can see your screen and keyboard for a week, your encrypted filesystem has accomplised, to a first approximation, nothing.

      Of course, the *best* way to avoid having computer forensics experts crack your computer is to just be innocuous, i.e., just don't do anything that will make computer forensics experts want to investigate your computer. Granted, not everyone can do this; if, for instance, you are an executive for a major international corporation, you should probably assume that at some point someone will attempt to investigate you and/or your computers -- if not law enforcement, then the competition or a freelance information seller. So you do want to think at least briefly about the question, "Who would want to break into my computer, and what will it cost me if they succeed?" In my case I've concluded, at least for the time being, "Maybe some neighborhood kid fooling around" and "Not much if I have offsite backups." YMMV.

      --
      Cut that out, or I will ship you to Norilsk in a box.
  48. Yeah and then a few weeks later... by JoeCommodore · · Score: 2, Informative
    you start up your Mac and find all your settings and documents have magically dissapeared whithout hope of recovery because there is a glitch in the filevault file. :-/

    Yeah, it happened at work, and it was not pretty.

    --
    "Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
    1. Re:Yeah and then a few weeks later... by elemental23 · · Score: 3, Informative

      To counter that with my own anecdotal evidence, I've used File Vault on my laptop since Panther was released and have never had the slightest problem.

      --
      I like my women like my coffee... pale and bitter.
  49. Standardizing Bank Robbery by DynaSoar · · Score: 3, Funny

    ""Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""

    Allegations in an article over at Police Magazine propose that alternate vehicles such as motorcycles and buses impede bank robbery law enforcement and investigation efforts because they "use different shapes, different numbers of seats, and different logos for the manufacturers that investigators are after", which can "cause trouble for get-away car examiners".

    Obviously, only Dodge Chargers, like the "General Lee" should be allowed to criminals, to make them easier to catch.

    --
    "I may be synthetic, but I'm not stupid." -- Bishop 341-B
  50. A theory... by Jodka · · Score: 2, Interesting

    After looking over the site, I suspect that "The High Technology Crime Investigation Association (HTCIA)" is a front; it is really a for-profit money-making venture, not a legitimate professional association, as it presents itself. For a genuine professional association, they make too strong an effort to convince us that's what they are. It would work like this: A few guys collect the attendance and membership fees, keeping a big profit for themselves. The fees are paid by governments. The conference attendees, mostly law enforcement officials, receive some stupid advice. Masquerading as a professional organization instead of a for-profit business creates good will, helping them to fleece taxpayers.

    The content of the training seminars is especially suspicious. Really, how easy is it to uncover the "secret" history files of "alternative" web browsers? I timed myself, and it took me about 90 seconds using Google to work out some good keywords and find the answer. See the first link in my google search.

    Something else suspicious about this professional training: Because the source code for Firefox is available for free to the public, which is not the case with Internet Explorer, it should be easier, not more difficult, to uncover where and how Firefox logs history.

    --
    Ceci n'est pas une signature.
  51. Re:What's a security expert worth? by 5um0F1 · · Score: 3, Interesting

    I spent 2 years doing electronic crime analysis, and as all law enforcement, the pay and conditions suck. Lack of resourses and lack of understanding the requirements to constantly update skills/knowledge adn training (from the non-technical bean counters ) make life difficult. Add this to report writing and presenting evidence in court to clueless laywers and all in all you have a shit-house job. But on the plus side, chicks dug it !!

  52. You gotta be kidding... by bergeron76 · · Score: 3, Interesting

    Firefox is OPEN SOURCE! That means the file formats are OPEN. Microsoft IE is CLOSED SOURCE, meaning you need to reverse engineer everything to figure out where stuff lives.

    That said, I wonder what would prevent someone from creating a wireless fileserver and embedding it behind their drywall. Using an NFSmount or Share, an evildoer's PC wouldn't hold anything evil when the FED's nabbed it.

    Realistically I bet it would though - They can do some pretty amazing things with Forensics these days, and I wouldn't be surprised if they could take a ram chip and see previous states of 0's and 1's.

    --
    Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
  53. Let's Play "Follow the Money!" by Mekkis · · Score: 3, Interesting

    I work in computer forensics and it isn't that goddamned hard to develop tools to process different kinds of databases, encrypted or otherwise. Besides, I'm certain that if it were in the interests of "National Security", Federal investigators could get ensure cooperation between developers of FireFox or Opera and the contractors who actually do the forensics work.

    All you have to do is play "follow the money" and it quickly sounds like Micro$oft is using the God-and-Country argument to win by default the Second Browser War. Considering how invested Micro$oft has been in the US Justice Dep't. (one of former USAG John Ashcroft's biggest campaign contributors and still heavily involved to this date) it would be unsurprising if they were the ones pulling the strings on the issuance of a statement like this.

    What ought to happen is for the Dep't. of Homeland Security to proclaim Internet Explorer as the single largest cause of "electronic terrorism" because of Micro$oft's half-assed security measures.

    That'd shut them up real quick...

  54. evil! by cahiha · · Score: 3, Interesting

    Even worse, those non-IE browsers make it really hard for police to install spyware and keylogging software on the user's computer. With IE, they just insert a little bit of code into any web page and they are done, but Opera and Firefox put up obstacles to that kind of legitimate law enforcement activity! Evil! Terrorism!

  55. Re:Any aspiring 8th grade journalists out there? by Tidal+Flame · · Score: 2, Funny

    I don't know anyone personally, but I can tell you that you've come to the right place! ;)

  56. Re:It's *not* secure, guys... by Jetson · · Score: 2, Interesting
    And your point?

    The point was that it's now possible to encrypt data so that other people can't read it unless they have appropriate credentials.

    True story:
    One of my coworkers thought NT4+NTFS was an incredibly secure platform. So I put a Knoppix CD in the drive, rebooted, mounted the NTFS partition, went to his profile directory and showed him the contents of his cookies. I then explained to him that NTFS security was cooperative, meaning that the security was based on the idea that a security flag in the filesystem would say "please don't read this file" and the operating system would respect that request. As soon as you find a way to ignore that flag then anything resembling security is out the window (pardon the pun).

  57. oh boo hoo by j0nb0y · · Score: 2

    Cry me a river. How about hiring real computer science/computer security experts to be examiners, instead of using the good ole boy system? Maybe then they will be able to figure out the trivial differences between different caching systems of different browsers.

    If they're having so much trouble with just a different browser, I can't imagine what they would do when faced with a different operating system like Linux or (God forbid) Mac OS X.

    --
    If you had super powers, would you use them for good, or for awesome?
  58. Bwahaha. If your a sex offender you HAVE to use M$ by crovira · · Score: 5, Funny

    I love it. Think of the advertising potential.

    Male voiceover

    "Microsoft, used by 100% of all sex offenders. Its not only the law, it their punishment."

    Oh! I just fell off my chair.

    --
    MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
  59. A good article by Kernel+Kurtz · · Score: 2, Informative
    Security Focus had a series of articles on web browser forensics a few months back that demonstrated the use of various tools.

    Part 1

    Part 2

  60. Evidence. by Kaenneth · · Score: 2, Insightful

    Using an off-the-shelf undelete utility or such to find evidence of wrongdoing may be sufficent in order to fire or investigate someone, but any competent laywer would rip that 'evidence' to shreds.

    To get a serious felony conviction, evidence has to meet defined standards. For example, recently many DUI's got tossed out in my area because the officers did not properly document the temperature of the equipment.

    All evidence needs a documented, trusted, chain of custody. If you suspect an employee of storing kiddie porn on a company computer, and you do anything with that computer before the police get it, the evidence loses a lot of value.

    Proper forensic software; just like Breathalyzers, DNA/Fingerprint equipment, and anything else used to collect/store potential evidence needs to be known and trusted, and used by certified forensic folks, because it's not a mad scramble to get as much data as possible, it's an attempt to prove a crime was commited beyond a reasonable doubt.

    As an example, it would be difficult to convict someone for having a few peices of child porn in their cache... how many of you have goatse somewhere on your hard drive, does that mean you willfully went there? But if hundreds of photographs are stored in a deliberate fashion, you might have something.

    The feds have a nice little chip, weighing under 1 ounce that goes inside of an existing keyboard attached to the wires leading to the PC that logs keystrokes to a buffer for later retrieval. Handy for getting passwords to encrypted drives and such.

  61. They aren't stupid by glesga_kiss · · Score: 2, Interesting
    I don't know where the article is getting its info from, but it's wrong. Computer Forensic people aren't daft; they know what they are doing. There was computer audit proceedure document that hit the net about a year ago, I think it was even posted on /.

    At the time, I read through it and noted some "smart" things. They know about dead-mens switches etc; they NEVER boot up the PC. The drive gets removed and hooked up to a scanning system. The scan then looks for anything dodgy or the officer can browse it. If the software needs updated to include bookmarks/history from other sources, then I'm sure it's not all that big a deal to add this in. Even then, bookmarks & history? They are all too easy to clean and/or fake.

    If you think the computer forensic expects boot up the PC and try to save your bookmarks to a floppy, you are sadly mistaken.

    What worries me more is that computer evidence is so easilly fakeable yet is often seen as gospel by the courts. It would be easy to create "logs" showing bad activity from someone you don't like. If I ever get hastled from the RIAA, the court will be presented with "evidence" that shows the guys bringing the suit were paedophiles, just to show how ridiculus the idea of third-parties producing "evidence" from a remote system claiming you downloaded "X on date Y". The forensic guys have been trained and undoubtably have sworn and oath or signed a contract to be honest. Some anti-p2p company hasn't and it is also in there commercial interest to provide more of this evidence. Worrying times...