Forensic Analysis of the Stolen VA Database

Posted by ryuzaki0 on Monday July 3, 2006 @07:10AM from the overconfidence-perhaps dept.

An anonymous reader writes "As you have probably heard, the FBI has recovered the stolen Veteran's Administration laptop. The FBI even said "A preliminary review of the equipment by computer forensic teams determined that the database remains intact and has not been accessed since it was stolen." This article looks at what the FBI forensic lab is doing to determine the sensitive information hasn't been accessed and how the thieves might have covered their tracks — thereby rendering the forensic results useless."

1 of 144 comments (clear)

Min score:

Reason:

Sort:

Re:Correct, useless by Homology · 2006-07-03 07:40 · Score: 4, Interesting

> Yeah, especially if they had done what I would have done: boot from CD and copy files out the ethernet port to another HD.

What most forget (i.e. dont know) is that a modern IDE drive collects alot of
information (number of recycles, hours used, errors, bla bla), at least
if S.M.A.R.T is enabled. I'm sure that this information is helpful.

In any case, booting from CD and copy files from the harddisk may very well
leave traces that this maight have happened, contrary to what people believe.