That's fine for people who will only ever commute or do short trips. What about an annual or even bi-annual vacation or an emergency that requires you to drive 600 miles? The fact is that battery-powered vehicles that require a lengthy recharge time are not practical for long term future use or wide-scale replacement of gasoline powered vehicles if that is the goal. The only technology that has any promise of providing the flexibility of gasoline without the associated issues of fuel supply is hydrogen. The GM HY-WIRE is a great concept of this technology.
This is a perfectly viable option but, as someone working in computer forensics, the major issue missed in this editorial and the subsequent comments is that most people really can't be bothered with encryption. I have examined many computers with versions of truecrypt and other, less reputable, encryption packages on them that are simply not used. Maybe I was foiled I hear you say and maybe yes I was (in my recollection there were no large unknown files with cryptic looking signatures and unfathomable data structures (normally a big pile of what looks like junk)) but the evidence was still resident (possibly replicated) in the unencrypted portion of the filesystem anyway.
If I were to have the ability and/or inclination to design a system of encryption designed to not arouse suspicion it would have to be something that is there by default like having a separate partition or container file for each user with the encryption tied-in to their user account so when logging in their login credentials are the encryption key and the volume is auto mounted transparently. Maintaining a separate file or partition for each user would assure privacy both within the system and upon any kind of post-mortem analysis (such as a forensic analysis using EnCase, FTK or TSK). These are just my musings and as the author of the article said getting any kind of wide support for such a technology is unlikely and will probably never happen. It's interesting to muse on it however!
It makes me feel safer knowing that you and your ilk are helping to put people that look at pictures OF CHILDREN BEING ABUSED in prison.
Oh wait... no it doesn't.
I would like to get into computer forensics, but I'm afraid I would be spending all my time going after dirty old men, rather than prosecuting real crimes with real victims and damages. Worse than that, I'm afraid I would be forced to attempt to make cases against people who had no intention of downloading illegal content at all (does a 17year 11month old girl look any different from an 18 year old?).
So as someone who has worked in the industry, I ask you: is modern computer Forensics at all about prosecuting serious crime, or is it just playing porno police? What is your caseload like? The idea of having a hand in ruining someones life for looking at a picture of a sexually mature female just seems immoral to me, and I would want no hand in it.
That's a damn fine question and there are cases where it is very borderline but those cases either don't make it to court or there is a plea bargain struck where some kind of community service is involved (generally not with children!). Also, though I would say about 70% of the work the company I work for gets is Indecent Images related there is work involving differing crimes including fraud, drugs, rape, murder and people smuggling. I will not lie and say I agree with the dragnet approach our customers (mostly Police forces) seize computers and often there are many hundreds of superfluous hours of analysis poured into a case that has no merit (I had a case with 70ish exhibits in that took months of processing and ended up completely negative) but, if you can handle trawling through gigs of porn, it is a rewarding career. I would advise you not do an academic qualification in the field but get some (or use your existing) real-world computing experience and build your analytical and written skills then apply for a trainee post if you can find one. Learn the tools if you can afford it (EnCase and FTK are both hellishly expensive but the individual training courses (CF1 and CF2 for EnCase) are fairly affordable and useful for a noob). I wish you luck in your future career should you get into the industry!
Working in digital forensics you hear all the ridiculous defenses dreamed up by crazy suspects and defense lawyers but this one is pretty out there! One case a colleague of mine involved the usual defense of "a trojan did it" but this was his defense for how a CD-R marked "best stuff" had gotten from the spindle on his desk, into his machine, appropriated a copy of the illicit images on his computer (which he then moved to the recycle bin!) and then hidden itself behind a radiator in a jewel case. Amazing what a little knowledge (and I do mean a very can do!
I think Zed needs to read this as he seems to have lost the spirit of open source entirely:
1. Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.
2. Source Code
The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost preferably, downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.
3. Derived Works
The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
4. Integrity of The Author's Source Code
The license may restrict source-code from being distributed in modified form only if the license allows the distribution of "patch files" with the source code for the purpose of modifying the program at build time. The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software.
5. No Discrimination Against Persons or Groups
The license must not discriminate against any person or group of persons.
6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
7. Distribution of License
The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.
8. License Must Not Be Specific to a Product
The rights attached to the program must not depend on the program's being part of a particular software distribution. If the program is extracted from that distribution and used or distributed within the terms of the program's license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the original software distribution.
9. License Must Not Restrict Other Software
The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open-source software.
10. License Must Be Technology-Neutral
No provision of the license may be predicated on any individual technology or style of interface.
The Open Source Definition
Given the fact that most websites will be hosted on a Linux box I would say that using either scp or sftp (both of which use the server's ssh server) is the most secure way to go. It's what I use and there is a GUI tool for those using Windows on the desktop (WinSCP). As for how you would get around this if using a Windows/IIS server I wouldn't have the first clue and my advice would probably be along the lines of "get a man's operating system and stop using asp"!
Absolutely right, and they all got their ideas from this plucky little thing found on old MIT LISP machines which is why the "Windows Key" is often referred to as the "Super Key" in many Linux apps (most notable of the current day is the python compiz/beryl configurator I suppose).
True, unfortunately most users (specifically Windows users) use a privileged user account and changing this behavior is going to take a while methinks.
This is a fine point. I think that the USB device may contain some form of bootable OS however (most likey a Helix derivative) that will run an automated hash comparison thereby never writing to the local disk or booting the OS and leaving the computer in a forensically sound state. This does beg the question as to whether some dumb bobby will have the technical chops to set the device to boot from USB. I don't ever see this getting rolled out on a major scale as it leaves too much room for error and potentially provides a way for people who actually have committed serious offenses getting off.
Officer: I pushed the button, and the computer told me to arrest him.
So they'll be just like cell phone analysts then, ha! (Sorry, that's a digital forensics joke). But seriously that is an accurate assessment. The handful of times I have been to court to give evidence involving an analysis I have performed they have asked me simple but semi-well researched questions. Most officers I speak to can barely spell let alone describe how a device they have no idea about discovered illegal material on a computer they don't know how to use. I do, however, suspect that this device, if ever rolled-out, would be used to "preview" the devices on-site and if it beeped and flashed a green light at them they'd send it off for full analysis.
This is fine in theory but the policy of seizure is generally a yank the power, bag it up and send it to the sweaty geeks (us). So even if the TrueCrypt volume is mounted when seized it will be a big old pile of meaningless binary junk once the pro's get their hands on it! Most of the time I have seen TC installed on a suspect's machine (maybe twice to be honest) I have found the passphrase in a handy text file (normaly named passwords.txt or secrets.doc)!
The police in the UK along with other governmental and non-governmental organizations involved in digital forensics in the UK have built up a mammoth hash database (containing MD5 hashes of known pedophillic/illicit images) I suspect that the device would contain a copy of this database and all images on the device would be hashed and compared to it. This doesn't get around encryption, deleted data, compound files etc and I don't see it being successful but merely a sink hole of public money that will be abandoned when they realize their conviction rate is going down.
As someone working in Digital Forensics in the UK I can honestly say that this is the most inspired piece of wisdom I have seen in a long time. Our company has literally had computers that haven't been switched on in a decade that have been sitting in a garage or attic until the cops decide to seize them. This is good for business but bad for taxpayer expenditure and the expedient discovery of data of evidential worth. The process for seizure of computer equipment in police investigations is essentially "if it has an on-off switch then seize it". There needs to be some training given to officers seizing although I doubt they will as they are scared of the first case of non-seized items containing illicit material.
Although it is primarily used as a forensic analysis tool Guidance Software's EnCase is excellent for data recovery and there is extensive support for many filesystems and operating systems. It's darn expensive but if you are really looking to get data back on a large scale then the long-term investment may be worth it.
I don't think he meant 'modern environment' as in pretty displays; I'm sure he meant a modern commercial project, where using something as low-level as emacs or vi would be counterproductive.
The notion that you can only be productive in an IDE is a specious one. Developers, as I'm sure you are aware, are sticklers for comfort. I happen to be comfortable in a text editor (vim) with shell access. Forcing me to use an IDE would be counterproductive as it is not a comfortable place for me to work. This is not a matter or IDE's being better or plain old editor's being better it is down to personal preference.
no you do not IDE to do that or to put it differently - Emacs is an IDE - it allows to edit, compile and in some cases debug code of (almost) arbitrary size and structure. One can even consider vi as a part of IDE with command line compilers and other tools. You may not consider such environment as integrated but that is your perspective - others have different one.
Absolutely right, the notion that "integrated" means a single program or window with a lot of widgets and toolbars is a pretty narrow view of what an integrated environment is. I could make a similar argument that because I use GNOME Terminal which has multiple tabs it is an IDE (which for me it is). I accept that some people are more effective and comfortable working in an IDE such as Eclipse or Netbeans but I am more comfortable in a terminal that gives me access to text editors, compilers etc. There is no _one_ solution for all that is _better_ it is down to personal preference and working style. If you don't feel comfortable in an "IDE" or in a text editor with shell access then you are not going to be productive.
Slashdot Mirror
My office chair travels at sublught speed.
FTFY, moron.
My office chair travel's at sublught speed.
That's fine for people who will only ever commute or do short trips. What about an annual or even bi-annual vacation or an emergency that requires you to drive 600 miles? The fact is that battery-powered vehicles that require a lengthy recharge time are not practical for long term future use or wide-scale replacement of gasoline powered vehicles if that is the goal. The only technology that has any promise of providing the flexibility of gasoline without the associated issues of fuel supply is hydrogen. The GM HY-WIRE is a great concept of this technology.
Ah, you are most likely right.
If so, don't forget to pay your $699 fee to SCO!
The cool thing is that its so true and you have the right to say so. Wait...
This needs modding up.
This is a perfectly viable option but, as someone working in computer forensics, the major issue missed in this editorial and the subsequent comments is that most people really can't be bothered with encryption. I have examined many computers with versions of truecrypt and other, less reputable, encryption packages on them that are simply not used. Maybe I was foiled I hear you say and maybe yes I was (in my recollection there were no large unknown files with cryptic looking signatures and unfathomable data structures (normally a big pile of what looks like junk)) but the evidence was still resident (possibly replicated) in the unencrypted portion of the filesystem anyway.
If I were to have the ability and/or inclination to design a system of encryption designed to not arouse suspicion it would have to be something that is there by default like having a separate partition or container file for each user with the encryption tied-in to their user account so when logging in their login credentials are the encryption key and the volume is auto mounted transparently. Maintaining a separate file or partition for each user would assure privacy both within the system and upon any kind of post-mortem analysis (such as a forensic analysis using EnCase, FTK or TSK). These are just my musings and as the author of the article said getting any kind of wide support for such a technology is unlikely and will probably never happen. It's interesting to muse on it however!
It makes me feel safer knowing that you and your ilk are helping to put people that look at pictures OF CHILDREN BEING ABUSED in prison. Oh wait... no it doesn't.
FTFY. Oh... and you're welcome pal!
Oh man, you're not my boss are you? If he ever saw that plan he'd learn to code pretty fast!
I would like to get into computer forensics, but I'm afraid I would be spending all my time going after dirty old men, rather than prosecuting real crimes with real victims and damages. Worse than that, I'm afraid I would be forced to attempt to make cases against people who had no intention of downloading illegal content at all (does a 17year 11month old girl look any different from an 18 year old?).
So as someone who has worked in the industry, I ask you: is modern computer Forensics at all about prosecuting serious crime, or is it just playing porno police? What is your caseload like? The idea of having a hand in ruining someones life for looking at a picture of a sexually mature female just seems immoral to me, and I would want no hand in it.
That's a damn fine question and there are cases where it is very borderline but those cases either don't make it to court or there is a plea bargain struck where some kind of community service is involved (generally not with children!). Also, though I would say about 70% of the work the company I work for gets is Indecent Images related there is work involving differing crimes including fraud, drugs, rape, murder and people smuggling. I will not lie and say I agree with the dragnet approach our customers (mostly Police forces) seize computers and often there are many hundreds of superfluous hours of analysis poured into a case that has no merit (I had a case with 70ish exhibits in that took months of processing and ended up completely negative) but, if you can handle trawling through gigs of porn, it is a rewarding career. I would advise you not do an academic qualification in the field but get some (or use your existing) real-world computing experience and build your analytical and written skills then apply for a trainee post if you can find one. Learn the tools if you can afford it (EnCase and FTK are both hellishly expensive but the individual training courses (CF1 and CF2 for EnCase) are fairly affordable and useful for a noob). I wish you luck in your future career should you get into the industry!
Working in digital forensics you hear all the ridiculous defenses dreamed up by crazy suspects and defense lawyers but this one is pretty out there! One case a colleague of mine involved the usual defense of "a trojan did it" but this was his defense for how a CD-R marked "best stuff" had gotten from the spindle on his desk, into his machine, appropriated a copy of the illicit images on his computer (which he then moved to the recycle bin!) and then hidden itself behind a radiator in a jewel case. Amazing what a little knowledge (and I do mean a very can do!
I think Zed needs to read this as he seems to have lost the spirit of open source entirely:
1. Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.
2. Source Code
The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost preferably, downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.
3. Derived Works
The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
4. Integrity of The Author's Source Code
The license may restrict source-code from being distributed in modified form only if the license allows the distribution of "patch files" with the source code for the purpose of modifying the program at build time. The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software.
5. No Discrimination Against Persons or Groups
The license must not discriminate against any person or group of persons.
6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
7. Distribution of License
The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.
8. License Must Not Be Specific to a Product
The rights attached to the program must not depend on the program's being part of a particular software distribution. If the program is extracted from that distribution and used or distributed within the terms of the program's license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the original software distribution.
9. License Must Not Restrict Other Software
The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open-source software.
10. License Must Be Technology-Neutral
No provision of the license may be predicated on any individual technology or style of interface.
The Open Source Definition
Given the fact that most websites will be hosted on a Linux box I would say that using either scp or sftp (both of which use the server's ssh server) is the most secure way to go. It's what I use and there is a GUI tool for those using Windows on the desktop (WinSCP). As for how you would get around this if using a Windows/IIS server I wouldn't have the first clue and my advice would probably be along the lines of "get a man's operating system and stop using asp"!
also: swfdec
Absolutely right, and they all got their ideas from this plucky little thing found on old MIT LISP machines which is why the "Windows Key" is often referred to as the "Super Key" in many Linux apps (most notable of the current day is the python compiz/beryl configurator I suppose).
GP is probably using a British layout which differs slightly from the US standard. There's an article about it on Wikipedia.
True, unfortunately most users (specifically Windows users) use a privileged user account and changing this behavior is going to take a while methinks.
This is a fine point. I think that the USB device may contain some form of bootable OS however (most likey a Helix derivative) that will run an automated hash comparison thereby never writing to the local disk or booting the OS and leaving the computer in a forensically sound state. This does beg the question as to whether some dumb bobby will have the technical chops to set the device to boot from USB. I don't ever see this getting rolled out on a major scale as it leaves too much room for error and potentially provides a way for people who actually have committed serious offenses getting off.
Officer: I pushed the button, and the computer told me to arrest him.
So they'll be just like cell phone analysts then, ha! (Sorry, that's a digital forensics joke). But seriously that is an accurate assessment. The handful of times I have been to court to give evidence involving an analysis I have performed they have asked me simple but semi-well researched questions. Most officers I speak to can barely spell let alone describe how a device they have no idea about discovered illegal material on a computer they don't know how to use. I do, however, suspect that this device, if ever rolled-out, would be used to "preview" the devices on-site and if it beeped and flashed a green light at them they'd send it off for full analysis.
This is fine in theory but the policy of seizure is generally a yank the power, bag it up and send it to the sweaty geeks (us). So even if the TrueCrypt volume is mounted when seized it will be a big old pile of meaningless binary junk once the pro's get their hands on it! Most of the time I have seen TC installed on a suspect's machine (maybe twice to be honest) I have found the passphrase in a handy text file (normaly named passwords.txt or secrets.doc)!
The police in the UK along with other governmental and non-governmental organizations involved in digital forensics in the UK have built up a mammoth hash database (containing MD5 hashes of known pedophillic/illicit images) I suspect that the device would contain a copy of this database and all images on the device would be hashed and compared to it. This doesn't get around encryption, deleted data, compound files etc and I don't see it being successful but merely a sink hole of public money that will be abandoned when they realize their conviction rate is going down.
Maybe they shouldn't seize so many computers.
As someone working in Digital Forensics in the UK I can honestly say that this is the most inspired piece of wisdom I have seen in a long time. Our company has literally had computers that haven't been switched on in a decade that have been sitting in a garage or attic until the cops decide to seize them. This is good for business but bad for taxpayer expenditure and the expedient discovery of data of evidential worth. The process for seizure of computer equipment in police investigations is essentially "if it has an on-off switch then seize it". There needs to be some training given to officers seizing although I doubt they will as they are scared of the first case of non-seized items containing illicit material.
Although it is primarily used as a forensic analysis tool Guidance Software's EnCase is excellent for data recovery and there is extensive support for many filesystems and operating systems. It's darn expensive but if you are really looking to get data back on a large scale then the long-term investment may be worth it.
I don't think he meant 'modern environment' as in pretty displays; I'm sure he meant a modern commercial project, where using something as low-level as emacs or vi would be counterproductive.
The notion that you can only be productive in an IDE is a specious one. Developers, as I'm sure you are aware, are sticklers for comfort. I happen to be comfortable in a text editor (vim) with shell access. Forcing me to use an IDE would be counterproductive as it is not a comfortable place for me to work. This is not a matter or IDE's being better or plain old editor's being better it is down to personal preference.
no you do not IDE to do that or to put it differently - Emacs is an IDE - it allows to edit, compile and in some cases debug code of (almost) arbitrary size and structure. One can even consider vi as a part of IDE with command line compilers and other tools. You may not consider such environment as integrated but that is your perspective - others have different one.
Absolutely right, the notion that "integrated" means a single program or window with a lot of widgets and toolbars is a pretty narrow view of what an integrated environment is. I could make a similar argument that because I use GNOME Terminal which has multiple tabs it is an IDE (which for me it is). I accept that some people are more effective and comfortable working in an IDE such as Eclipse or Netbeans but I am more comfortable in a terminal that gives me access to text editors, compilers etc. There is no _one_ solution for all that is _better_ it is down to personal preference and working style. If you don't feel comfortable in an "IDE" or in a text editor with shell access then you are not going to be productive.