Full Disclosure mailing list archives
Re: FBI Says Data on VA Laptop Not Accessed
From: "Jon O." <jonorb () gmail com>
Date: Thu, 29 Jun 2006 17:18:22 -0700
On 6/29/06, Brian Eaton <eaton.lists () gmail com> wrote:
Would any of the forensics experts out there care to comment on the claims in this story? http://tinyurl.com/m43cw
Good question. I addressed this question at the link below, I won't reprint the whole article here, but this is something to consider: http://blog.zonelabs.com/blog/2006/06/forensics_looki.html While it's good they got the *hardware* back, recovering the laptop it self doesn't mean the data wasn't stolen. Speaking to this concern, another report stated this: The FBI, in a statement from its Baltimore field office, said: A preliminary review of the equipment by computer forensic teams d etermined that the database remains intact and has not been accessed s ince it was stolen. A thorough forensic examination is underway, and t he results will be shared as soon as possible. The investigation is on going. As a former Computer Forensic Specialist, I wanted to explain what's p robably going on with this laptop now that the FBI has the system and is forensically examining it. This explanation assumes the data was pr esent on the hard drive (not a CD-Rom or other storage medium). ... Worst case scenario: The laptop thieves really know what they are doing. They remove the hard drive from the laptop, and mount it read-only (no modifications to the file system) on another computer, access the sensitive data and re-insert the hard drive into the stolen laptop. This is the same process the forensic examiner would use to prevent the examination from modifying the data contained on the laptop -- and this is why I mentioned what the FBI might look for during the physical examination -- marks on the screws or finger prints on the internal hard drive casing (which gloves would obviously prevent). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FBI Says Data on VA Laptop Not Accessed Brian Eaton (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Gary E. Miller (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Valdis . Kletnieks (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Gary E. Miller (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Brian Eaton (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Michael Holstein (Jun 30)
- Re: FBI Says Data on VA Laptop Not Accessed Cardoso (Jun 30)
- Re: FBI Says Data on VA Laptop Not Accessed Michael Braun (Jun 30)
- Re: FBI Says Data on VA Laptop Not Accessed Valdis . Kletnieks (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Gary E. Miller (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Jeremy Bishop (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Mike Klein (Jun 29)
- Re: FBI Says Data on VA Laptop Not Accessed Jon O. (Jun 29)