BreachExchange mailing list archives
Re: (article) "We recovered the laptop!" ... so what?
From: "Max Hozven" <mhozven () tealeaf com>
Date: Sun, 11 Feb 2007 22:27:33 -0800
Or boot up on a Symantec Ghost boot disk, then blast the data over to a network drive or a connected USB drive. -Max -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of sawaba Sent: Sunday, February 11, 2007 9:09 PM To: blitz Cc: dataloss () attrition org Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so what? You don't even have to mess with mirroring it. You can create a Linux boot disk, specifically set up with scripts that search for juicy data, and then upload them to your server over Wi-Fi. On a fairly new laptop, you should have data (if there's any data to be had) within 30 minutes. You'll be done in an hour or two unless there is a huge amount of data you want to grab. And because you are mounting the Fat32 or NTFS volume read-only, no dates (or any other data for that matter) are changed. Ta-da, look ma, noone touched it. --Sawaba On Sat, 10 Feb 2007, blitz wrote:
How much trouble to set the date and time before the copy as well? and
then
back? Love USB 2.0.... As you and I know, mirroring the drive makes no changes to it. I
think
they're blowing smoke out their posterior porthole, HOPING it wasn't accessed. Sure the screws weren't tampered with....right...ever seen a
nylon
screwdriver? Ive got a toolbox with perhaps a dozen, regular, Phillips
and
Roberts. At 00:15 2/10/2007, you wrote:Wow, I've done my share of forensic investigations, and for the FBI
to
make this kind of claim is more than a little embarrassing. I
remember
reading the story when it originally came out, rolling my eyes, and
moving
on. Now that I take a closer look, it seems even more ridiculous, in part thanks to their official press release: http://www.fbi.gov/pressrel/pressrel06/laptop071306.htm--snip
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 570 incidents over 7 years. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 570 incidents over 7 years.
Current thread:
- Re: (article) "We recovered the laptop!" ... so what? Max Hozven (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 12)
- <Possible follow-ups>
- Re: (article) "We recovered the laptop!" ... so what? Herve Roggero (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? Al Mac (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? blitz (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Herve Roggero (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 13)
- Message not available
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 17)