Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Linux-Based "Breath Test" For Porn On PCs

Posted by timothy on from the child-porn-claims-the-ultimate-smear-tactic dept.

Gwaihir the Windlord writes "A university in Western Australia has started beta testing a tool that's described as 'a random breath test' to scan computers for illicit images. According to this article it's a clean bootable Linux environment. Since it doesn't write to the hard drive, the evidence is acceptable in court, at least in Australia. They're also working on versions to search for financial documents in fraud squad cases, or to search for terrorist keywords. Other than skimming off the dumb ones, does anyone really expect this to make a difference?" The article offers no details on what means the software uses to identify suspicious files.

2 of 345 comments (clear)

  1. Helix by davrodg · · Score: 5, Informative

    Helix can do most of the "breath test" functionality referred to, and is a great forensic Linux distro. Helix is also considered a viable method in which to capture data that is consistent with the chain of custody that is required for evidence to be presented to a Judge. Check it out... http://www.e-fense.com/helix/Download.html

  2. Re:About the only way I it COULD work... by LeafOnTheWind · · Score: 5, Informative

    Actually, no. This method does not work - which is what I said at the time. Because this misinformation is apparently still around, I decided to run a test.

    I took a large file (1600x1200 px) and then applied a basic red-eye reducing algorithm to various spots on the image. The result: visually, exactly the same image.

    Then I turned to my trusty Apple Preview. I resized each photo to 9% of its original size (144x108 pixels), and the proceeded to turn the color saturation down to 0 (black and white). I then saved each file in a compressionless TIFF format. Lastly, I computed the md5 hash for each file.

    Result?
    MD5 (smlimg3.tiff) = d300d23ce0ca2d6dcc7188665b1e2ada
    MD5 (smlimg4.tiff) = a1cf7d59f9bf4ccceb6651c5f08750dd

    Let me say this once more, in case anyone else who blindly accepts anything they read on the internet has heard this: THIS TECHNIQUE DOES NOT WORK. To compare two SIMILAR images, one needs to use an image comparison algorithm - of which there are many. Hashing ONLY works on two images which are EXACTLY the same.

    If you doubt the test or the results, I would be glad to email you all of my test pictures so you can see them and calculate their md5s for yourself.