Slashdot Mirror
Alternative Browsers Impede Investigations
rbochan writes "Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""
This is one of the dumbest articles I've read in a while...
From TFA:Implying that 'alternate browsers' such as Firefox and Opera, 'hide' data? Shenanigans! These other browsers don't 'hide' anything...you just have to know where to look.
Also from TFA:You can't be serious. If it's this easy to thwart the authorities, maybe I should tender my resume.
God help these 'professionals' if a suspect's computer happens to run Linux...which brings up a disturbing thought...is the presence of a 'non-standard' browser or OS now going to be 'suspicious' to investigators, because they can't seem to penetrate its 'arcane secrets'?
____
~ |rip/\/\aster /\/\onkey
Heaven forbid that they have to learn to deal with a different file layout. I mean, it's not like these are supposed to be skilled professionals practicing their trade here...
sed "s/SJW.*$/... never mind. I was about to say something stupid, and also, I'm a troglodyte./Ig"
In other news, bad guys hide in secret hideouts, which makes it hard for the Police to do their job.
It sounds like a lot of the people doing this kind of investgation aren't actually computer experts, but using pre-packaged software or following a list of directions someone has tailored for IE.
Effectively, they're professional script kiddies working for the common good instead of against it.
The lesson? Training. You wouldn't put a detective in the morgue and hand him a scalpel, and you wouldn't drop him in a science lab. You'd hire a coroner, you'd hire someone trained in forensic science. If you're going to search someone's computer for evidence, hire an expert or train someone to become an expert.
Firefox and Opera store information on typed URLs in a different file than IE does, and the files are somewhat tough to decipher
You would think since Firefox is open-source, it would be a trivial matter to determine the format of the cache files by examining the source code.
And then I realized that they were serious.
Now I weep for them.
RTFA again for the best results.
...Firefox... on Linux! "Find what they've been browsing? Hell, we can't even find C: !"
As a criminal defense attorney specializing in computer crimes, I can say authoritatively that the investigators are typically poorly trained. Most that I have dealt with are not IT or CS degree holders. In fact, the norm is for it to be a police officer who has taken a 2 week course in Encase, nothing more. Their knowledge of operating systems is lacking to say the least. Of course, this can result in some poor schmuck being convicted for something he didn't do, both because the cops don't know any better, and the juries - who typically take the word of the police as gospel down here in Arizona, know even less and rely on the uninformed testimony of law enforcement.
http://www.theregister.co.uk/2004/01/28/a_visit_fr om_the_fbi/
A visit from the FBI
By Scott Granneman, SecurityFocus
Published Wednesday 28th January 2004 13:05 GMT
[snip]
I teach technology classes at Washington University in St. Louis, a fact that I mentioned in a column from 22 October 2003 titled, "Joe Average User Is In Trouble". In that column, I talked about the fact that most ordinary computer users have no idea about what security means. They don't practice secure computing because they don't understand what that means. After that column came out, I received a lot of email. One of those emails was from Dave Thomas, former chief of computer intrusion investigations at FBI headquarters, and current Assistant Special Agent in Charge of the St. Louis Division of the FBI.
Dave had this to say: "I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are." He then offered to come speak to my students about his experiences.
I did what I think most people would do: I emailed Dave back immediately and we set up a date for his visit to my class.
It's not every day that I have an FBI agent who's also a computer security expert come speak to my class, so I invited other students and friends to come hear him speak. On the night of Dave's talk, we had a nice cross-section of students, friends, and associates in the desks of my room, several of them "computer people," most not.
Dave arrived and set his laptop up, an IBM ThinkPad A31. He didn't connect to the Internet - too dangerous, and against regulations, if I recall - but instead ran his presentation software using movies and videos where others would have actually gone online to demonstrate their points. While he was getting everything ready, I took a look at the first FBI agent I could remember meeting in person.
[snip]
Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them!
Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.
[snip]
It's the silliest thing I've read about non-IE browsers, and how they're BAD since I read this one.
... homicide investigators admitted they were stumped when a murderer used an aluminum bat to bludgeon his victim to death rather than the standard lead pipe.
... traces from a pipe ... lead is what makes it a crime scene."
Said an officer who wished to remain anonymous: "We're not even sure there was a murder without some trace of lead at the scene. A bullet
In some states, parole for sex offenders can require that they don't look at pornography.
Their parole office will drop by periodically and check their PC. They have some sort of forensic software that does this.
I've heard some jurisdictions require that you only run Windows on your computer as a condition of your parole. Logically this translates to going back to prison for owning a knoppix cd.
There simply aren't the resources to train all parole officers in computer forensics, expose them to various obscure operating systems, or to perform regular offline analysis of offenders hard drives.
The resources are (probably) there for big cases, but when there are probably close to half a million sex offenders on parole - it's just not practical.
I love it. Think of the advertising potential.
Male voiceover
"Microsoft, used by 100% of all sex offenders. Its not only the law, it their punishment."
Oh! I just fell off my chair.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.