It depends on what you mean by "local forensics people". Most true forensics professionals are pretty good at what they do, and I haven't yet met one that wasn't. People don't typically get jobs like that without going through a decent amount of training and certification.
The mere presence of encrypted data is usually a tip-off to a decent examiner that something interesting is in there. There are even programs and statistical methods for finding different types of encrypted data on a drive. And there are all sorts of ways to recover passphrases...if you have enough evidence to get the suspect to talk, they'll usually give it up. Not every forensic technique is a technical one...
Most of all, there is a lot of data that can't be encrypted to cover one's tracks, especially in the corporate environment where firewalls and other security systems log activity.
I wish you well in your search, but unfortunately the private sector and many consultancies will not employ student interns. It is hard to ask these companies to risk introducing their critical assets to someone with no credentials or past history of being trusted in a position of high responsibility. That said, the GOVERNMENT is without a doubt an exception to this. In fact, the US National Security Agency has a summer internship with their Information Assurance Directorate (INFOSEC) group.
This is a highly-competitive program but they will hire college student who go through the standard battery of background checks (including polygraph). Details can be found here
1) This is no "one" tool accepted in court, many tools are accepted and it is almost always the competency of the examiner and only rarely is the tool that is ever called into question. Companies like Guidance Software (makers of Encase) would like you to think that way...
2) Most dedicated computer forensic tools, especially those for examining hard drive images, can work with any filesystem from FAT12 to xfs on a RAID 5 set. Again, the burden falls on the examiner to know the proper tools/methods for examining these file structures.
3) SATA drives can be copied with any dedicated hardware copier (such as Logicube's MD5 or Solitaire), but dd combined with an SATA interface will work just fine. Any memory image (RAM, IDE, SCSI, SATA, etc.) can be imaged with just dd, even over a network.
4) "Average nerds and hackers are so far ahread of the forensics guys"...what nonsense. Computer forensic analysts are without a doubt some of the most talented people in IT period. Computer forensics is multi-discipline and analysts typically have backgrounds in engineering, programming, criminology, and languages. And why are you assuming that most computer forensics experts are in law enforcement? The best analysts are in the private sector, military, and government intelligence.
Graduating students need to understand that programming (software programming, at least) has become a commodity. Keep in mind that there is simply no degree available that will give a student more insight into the workings of computer systems than one in Computer Engineering. Even Computer Science degrees can't compare in this respect, and although a degree in ANY engineering field is a door-opener in terms of interesting and high-paying technical positions, Computer Engineers are especially prepared for fields in computer security, embedded systems programming, wireless networking, etc. Computer Engineering students study systems engineering as well as software. Programming will almost certainly be part of the job, but in a "I can build a tool" way and not a "I have to code all day" way. Keep the faith...that engineering degree will serve you all your life, whether programming as a profession becomes extinct or not.
Only if your collection is available for downloading by others. The $1000 metric in the NET Act applied to reproduction and distribution only, not simply owning a collection.
Bootleg collections are legal for the same reason. You cannot be arrested for owning a bootleg collection, but you sure as hell can be for handing out unauthorized bootlegs.
Re:Downloading music itself is not illegal...
on
NYT Promotes File Sharing
·
· Score: 2, Informative
It is not copying according to the definitions of USC 17 Subsection 101. Copying, according to the letter of the law, is making a physical copy, not downloading.
"Copies are material objects, other than phonorecords, in which a work is fixed by any method now known or later developed, and from which the work can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device. The term copies includes the material object, other than a phonorecord, in which the work is first fixed."
Downloading copyrighted material is not illegal. Downloading copyrighted material and sharing it is illegal.
"Illegal downloads" are a fantasy perpetuated by the RIAA/MPAA to garnish support for their cause in the media. There is just no such thing.
If the checksum of the original disk ever changes, the evidence is useless. When there are collisions in the algorithm, the checksum cannot prove, beyond a reasonable doubt, that the data has not been tampered with.
Neither of those statements are true. Hashing algorithms are useful for forensic verification but changing a single bit on a disk image will not cause it to be tossed from a case, as long as any changes can be explained as a result of something legitimate the forensic analyst did. Booting the original image (while risky) is sometimes necessary in forensics but it will not, contrary to popular opinion, invalidate the evidence. A slick defense attorney could, however, point to analyst incompetence as the reason and if successful could have the evidence tossed.
Also, MD5 collision have been known about for years, and are an acceptable issue within forensics. DNA typing has collisions as well, but since collisions are in a statistical range that is nearly unassailable, a match still meets the "reasonable doubt" standard in criminal court.
Slashdot Mirror
Many criminals are idiots, but not all idiots are criminals...
The mere presence of encrypted data is usually a tip-off to a decent examiner that something interesting is in there. There are even programs and statistical methods for finding different types of encrypted data on a drive. And there are all sorts of ways to recover passphrases...if you have enough evidence to get the suspect to talk, they'll usually give it up. Not every forensic technique is a technical one...
Most of all, there is a lot of data that can't be encrypted to cover one's tracks, especially in the corporate environment where firewalls and other security systems log activity.
This is a highly-competitive program but they will hire college student who go through the standard battery of background checks (including polygraph). Details can be found here
1) This is no "one" tool accepted in court, many tools are accepted and it is almost always the competency of the examiner and only rarely is the tool that is ever called into question. Companies like Guidance Software (makers of Encase) would like you to think that way...
2) Most dedicated computer forensic tools, especially those for examining hard drive images, can work with any filesystem from FAT12 to xfs on a RAID 5 set. Again, the burden falls on the examiner to know the proper tools/methods for examining these file structures.
3) SATA drives can be copied with any dedicated hardware copier (such as Logicube's MD5 or Solitaire), but dd combined with an SATA interface will work just fine. Any memory image (RAM, IDE, SCSI, SATA, etc.) can be imaged with just dd, even over a network.
4) "Average nerds and hackers are so far ahread of the forensics guys"...what nonsense. Computer forensic analysts are without a doubt some of the most talented people in IT period. Computer forensics is multi-discipline and analysts typically have backgrounds in engineering, programming, criminology, and languages. And why are you assuming that most computer forensics experts are in law enforcement? The best analysts are in the private sector, military, and government intelligence.
Graduating students need to understand that programming (software programming, at least) has become a commodity. Keep in mind that there is simply no degree available that will give a student more insight into the workings of computer systems than one in Computer Engineering. Even Computer Science degrees can't compare in this respect, and although a degree in ANY engineering field is a door-opener in terms of interesting and high-paying technical positions, Computer Engineers are especially prepared for fields in computer security, embedded systems programming, wireless networking, etc. Computer Engineering students study systems engineering as well as software. Programming will almost certainly be part of the job, but in a "I can build a tool" way and not a "I have to code all day" way. Keep the faith...that engineering degree will serve you all your life, whether programming as a profession becomes extinct or not.
Only if your collection is available for downloading by others. The $1000 metric in the NET Act applied to reproduction and distribution only, not simply owning a collection. Bootleg collections are legal for the same reason. You cannot be arrested for owning a bootleg collection, but you sure as hell can be for handing out unauthorized bootlegs.
It is not copying according to the definitions of USC 17 Subsection 101. Copying, according to the letter of the law, is making a physical copy, not downloading. "Copies are material objects, other than phonorecords, in which a work is fixed by any method now known or later developed, and from which the work can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device. The term copies includes the material object, other than a phonorecord, in which the work is first fixed."
Go read the law. I have, and IAAL.
Downloading copyrighted material is not illegal. Downloading copyrighted material and sharing it is illegal. "Illegal downloads" are a fantasy perpetuated by the RIAA/MPAA to garnish support for their cause in the media. There is just no such thing.
Neither of those statements are true. Hashing algorithms are useful for forensic verification but changing a single bit on a disk image will not cause it to be tossed from a case, as long as any changes can be explained as a result of something legitimate the forensic analyst did. Booting the original image (while risky) is sometimes necessary in forensics but it will not, contrary to popular opinion, invalidate the evidence. A slick defense attorney could, however, point to analyst incompetence as the reason and if successful could have the evidence tossed. Also, MD5 collision have been known about for years, and are an acceptable issue within forensics. DNA typing has collisions as well, but since collisions are in a statistical range that is nearly unassailable, a match still meets the "reasonable doubt" standard in criminal court.
I always thought Elves were imaginary anyway...