Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forensic Analysis of the Stolen VA Database

Posted by ryuzaki0 on from the overconfidence-perhaps dept.

An anonymous reader writes "As you have probably heard, the FBI has recovered the stolen Veteran's Administration laptop. The FBI even said "A preliminary review of the equipment by computer forensic teams determined that the database remains intact and has not been accessed since it was stolen." This article looks at what the FBI forensic lab is doing to determine the sensitive information hasn't been accessed and how the thieves might have covered their tracks — thereby rendering the forensic results useless."

3 of 144 comments (clear)

  1. trust by Lord+Ender · · Score: 3, Interesting

    Sure, the filestamp could be "last accessed: before this thing was stolen."

    But there is no way they can be sure the drive was not removed, imaged (dd if=/dev/hdc1 of=SSNDBimage), then put back.

    Now, if they can do something like looking at the scratches in the IDE pins in the HD, to see how many times it has been plugged in to something, I would be seriously impressed. That would be unprecedented in forensics, as far as I know.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  2. Re:Correct, useless by Homology · · Score: 4, Interesting

    > Yeah, especially if they had done what I would have done: boot from CD and copy files out the ethernet port to another HD.

    What most forget (i.e. dont know) is that a modern IDE drive collects alot of
    information (number of recycles, hours used, errors, bla bla), at least
    if S.M.A.R.T is enabled. I'm sure that this information is helpful.

    In any case, booting from CD and copy files from the harddisk may very well
    leave traces that this maight have happened, contrary to what people believe.

  3. Re:Easy cheesy by HiThere · · Score: 3, Interesting

    I'm no conspiracy theorist - but in true reality, this smells like other countries making hardware under specifications that do not match ours - and therefore may pose a security risk to us. Yea - I know, far-fetched. Damned far-fetched. But think about it. The greatest threat/companoin to us right now truly is China - they hold the majority of our worldwide currency, and they produce a damned-good percentage of our products. If they withdrew, and took our money with them, and left us our debt - we'd be in some DEEP shit. We'd be 3rd-world classification without any warning.

    Try it this way: Many companies, in this country and others, cut corners where they don't think it will show. One of the things they do is claim to be compliant with standards that they haven't actually done the hard parts of being compliant with. ...

    Actually, sometimes it isn't that "innocent", like the non-compliant CDs, but frequently it's done without malice, but only greed as a driver.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.