OK, aside from the obvious JBT railroading being done to this guy, what does his computer have to do with what he was charged with back in the 60's?

Also, I know it would be rather case specific, but how often are suspects computers seized as evidence? And just what is it that they are looking for?

Illegal porn is pretty obvious, but why do so many comps. get seized? Are they trying to do some kind of "profiling" on you? If you don't have any illegal content on your computer, I don't see the point.

The drive will also contain a record of sites visited online frequently. Depends on how your browser is set up, and how good your comsec is..
-Meplat

That is why everyone should use those programs which deletes all those temp files and history and writes hex zeroes on those area where those files were.

It will likely also contain copies of emails that he has received & sent.  They're fishing.

PGP Encrypt your entire hard drive.  Not sure if the Govt has a backdoor into PGP or not.

And just how is this different that past misdemeanor domestic abusers who can no longer own firearms with the stroke of a pen?

Basically, the guys in the Militia Forum at Ass Web have been begging for this sort of attention by constantly spouting anti-government violent rhetoric and now they are getting it.
It's not ethical, moral, legal or right that the feds are doing this to them, but it is also not unexpected.  If you talk that sort of talk in a public forum long enough, they WILL start digging into your background, and if you have dirt there that gives them an excuse, they WILL use it.

So, assuming you've done/advocated nothing illegal, how does having a record of your sites visited reflect on you? By just coming to gun boards, does that make one "suspected of terrorist activity"?

Extreme example and my tin foil hat is off, btw. Just wondering.

Warlord, is Internet Eraser the program you're referring too?

There are no back doors in all the open source versions of PGP (up to 6.5.8, I beleive).  [url]http://www.ipgpp.com/[/url] and [url]http://www.pgpi.org/[/url].

As for Eraser (excellent program) it is available at [url]http://www.tolvanen.com/eraser/[/url].

[(:|)]

Having talked with some of the guys who work with the Child Abuse Dept for the cops here, they can pull whatever they want off your hard drive, encrypted, formated or what not.  Take it out and shoot it if you are worried about something.

Hey Vampire,
Cops are same as everybody else, they have good ones and hemroidal infastructures.  This is actual the Blind A$$ Turdbrain F$#kers.

No clue, but it could be a conspiracy charge of some sort.  Given his militia association, they may think he's part of some sinister plot.



First of all, they don't know if you don't have illegal content, and won't know without looking.  Your average police officer, even one in the computer crimes division if your PD has one, isn't going to have the kind of training necessary to adequately inspet the computer at the location.  It's becoming more and more common that criminals are using compuers, so if you are searched and you have a PC, it will most likely be confiscated in whole or the hard drive will be removed itself.  They'll most likely start using commercial tools available to them and then move on to higher tools, or if they are not available they may inlist the help of the feds, unless the confiscating agency was the feds themselves.

Analyzing computer data for evidence is not a wholly trivial task.  The investigator first starts with tools like undelete and other pretty high level utilities that do nothing more than what the average citizen is capable of doing to look for incriminating evidence that might have been deleted.  Most people are still unaware that files that are deleted are still on the drive and still viewable by the casual viewer until they are overwritten.

After a file has been deleted and overwritten, it's still possible, using lower-level tools, to extract data from the hard drive that has been deleted and overwritten multiple times.  Using a UNIX toolkit made by computer security legends Wietse Venema and Dan Farmer called The Coroner's Toolkit, one of the testers was able to take a computer he had been using for years as a test bed for various operating systems to test code on.  It started off as a Windows 98 machine, then Win98 was replaced with Linux, then FreeBSD, Linux again, and then Solaris X86.  He then decided to fill up the hard drive and then used TCT to extract information from the hard drive that was part of the original Win98 configuration, files that had been overwritten multiple times using nothing more than software tools.  

Even using software that randomly generates patterns and overwrites the sectors is not a guarantee against the lowest level of attacks.  This is where they actually remove the drive platters and take an MRI image of them.  Then they do an analysis of the contents and in most cases can reconstruct data that has been overwritten or was previously thought destroyed.

They also have tools that allow them to do catalog searches of your hard drive looking for file types that go beyond the name and look for actual file header files and the like.  So, hiding images or what have you as an .doc file, or MP3's as a .txt file won't work.

I spoke with one investigator last year about how they have a pretty extensive file signature database of most of the known child pornography using images confiscated from people's computers.  With this databse, they are able to find that someone had child pornography based simply on a fragment of the original file.

The [b]ONLY[/b] way to guarantee that data on a hard drive is destroyed is total physical destruction.

God Bless Texas

The only problem is that alot of people can be railroaded based on their computers data. Sasy for example, you visit a web site and it brings up an ad for "Illegal Asian Teen Porno" Those pictures are saved on your hard drive regardless of if you leave instantly. Because IE and Netscape cache files, you are now in possession of kiddy porn and an instant felon. This is regardless of whther or not you left the site immediately. Hell, you don't even have to know a person is underage for the police to attempt to railroad you. This is why I believe the Kiddy Porn Laws should be changed to go after those creating it and distributing it. Since, almost anybody who uses the internet extensively will have at some time picked up some kiddy porno ad.

As for overwriting stuff, they are absolutely correct. I had one computer that I used an expensive Software Utility and a Host Computer to run the utility and extract the sectors. I was able to recover data when the drive had been reformatted at least twice and written to. With the right tools, they can recover anything. This computer had been using Windows 98, Then was reformatted and Windows 2000 installed, then again for Windows XP. Voila, I found data from the original Windows 98 as well as data from various Disks and CDs I had used on it before.

For the open source versions, no.  For the newer Windows versions, there have been some attacks against some of the encryption algorithms used, but they are not specifically backdoors.  NAI, the company that owns PGP is selling it off if they haven't already, so who knows what the status of it truly is.

However, you still run the risk of having your keyprhase and or your private key becoming compromised, making all that encryption pointless.  A simple hardware keylogger is enough to get what you need, and most people don't look directly at their keyboard jacks before using their PC.

The Eraser program at tolvanen.com, as Political Science pointed out, is probably the best utility you can use to erase files, but it's not a guarantee.  You still run the risk of having the windows swap file analyzed, as well as a reduced risk against an MRI attack.

But never use a program that simply writes zeroes over the data.  That's no better than putting a layer of transparent tape over a line of print.  You can still see what's below it, even if you put many layers behind it.  Any program should use the Peter Gutmanns suggested patterns for overwriting data.

God Bless Texas

God Bless Texas

If it's the Feds, they'll just burn your house down with you and your computer in it anyway....  :)

GodBlessTexas, you forgot to point out that overwritten data can still be recovered in another attack: the electron microscope.  It can be used to analyze the polarity of the surface of the disk, and to determine how many times the data had been overwritten, but it too has its limitations, depite the fact that it is extremely time-consuming and expensive.

Also, after you overwrite your data, it's a good idea to turn your computer OFF.  Because, occasionally, the RAM will still contain sensitive data that can be re-written onto the swap (page) file of a Windows machine.  Restarting doesn't always clear the RAM like a cold boot does.  Or you can turn your swap file off and add more RAM.  Or you can boot into DOS and overwrite your swap file.

As for Eraser, it goes beyond 1's and 0's, you can actually set a custom overwriting algorithm.  I think it's unnecessary though, because the one's that are default are very thorough.

Oh, cc48510, formatting does nothing to keep deleted files from being recovered.  You have to overwrite them.

Ultimately there's no guarantee of anything in life.  The U.S. Department of Defense uses 7 times overwriting.  When hard drives are disposed of, they format them then overwrite them 7 times, then the surfaces are disolved in acid.  The British overwrite their hard drives, sand the surface off, burn the powder of the former surface, and lock the ashes in a vault for 7 years before dumping.

And they call gun owners paranoid.

[(:|)]

Gee, I wonder why anyone would be doing any complaining or rabble rousing these days.  Free speech isn't illegal, even unpopular talk about fighting back against tyranny.  You make it sound like they brought it all down on themselves.  Being loose-lipped on the gun boards is certainly not a good idea, but individualists have been so marginalized these days that they have nowhere else to go to vent their frustrations and get all blustery.  If you ask me, the feds should encourage people to blow off steam and not let it build up and lead to actual, serious crimes.

A while back I was helping a friend with his computer. Windows 95 wouldn't come up and was erroring all over the place. I just figured it was another Microsoft POS OS Problem. So, I get the original Windows 95 CD and reinstall. The system still won't load. So, I reformat and reinstall. It still won't load. I fdisk, reformat, then reinstall and still no dice. Then, I look at the actual errors/codes and it hits me so I fdisk the computer, shut it down, then boot up, format the drives, and install Windows 95 back on there. Voila, it worked.

Why, becuase he had a Virus in the High Memory Area of his RAM (The area just above 640 KB.) Each time I recreated the system, it was rewritting itself. Shutting down with an FDISKed drive meant the virus had nowhere to write itself to and was annihalated.

Also, Pag Files are not always deleted upon rebooting. In Windows NT (2K and XP. Probably NT4 also) you can set a value in the Local Security Policy MMC Tool (Under Administrative Tools) that will erase your page file each time you shutdown or reboot. That means each time you reboot your Page File is overwritten with whatever is Swapped into it the next time you use the computer.

Even though I only use it on my most sensitive files (Financial Data), you can use Encryption to prevent access to your data. If you use Windows NT/2K/XP you can use NTFS to password protect your HD, then EFS to Encrypt the contents of your files. Beyond that you can Encrypt the EFS Encrypted File with PGP or some other stronger Encryption tool. I generally consider Triple Encryption to be good. But, the more the better. By that I mean, Encrypt the files with several different Alogaritms and memorize the decryption order. For example encrypt with Alog. A, then Encrypt the Alog. A Encrypted File with Alog. B, Then Encrypt the Alog. B/A Encrypted File with Alog. C.

Then again the only way to be sure is to destroy the HD completely.

and after a few minutes/hours  of brute forceing your harddrive  using a supercomputer there in

...only if you choose a weak passphrase.  Remember, for every additional character you add to the end of your passphrase, it takes roughly twice as long to brute force as did all the previous characters.  For example, if successfully brute forcing a 5 character password takes 2 hours, a 6 character password will take roughly 4 hours to crack, and so on.

Although it was never disclosed what the passphrase was, files on Ramsi Yusef's (sp? - the first trade center mastermind), computer were encrypted.  It took government officials over a year to crack the files before they uncovered the plot to blow up 11 U.S. airliners.  One extra character on the passphrase would have taken 2 years...[i]ad infinitum[/i]...

Philip Zimmerman and other academics met and a conference and estimated that NSA's supercomputers cannot crack modern cryptographic programs (given a very secure passphrase) within an individual's lifetime.  Of course that's speculation, but it's speculation done by experts.

It is interesting to note that the FBI used a keylogger on Nicodemo Scarfo's computer to get his PGP passphrase, because earlier stealth raids rendered the incriminating files that they were unable to crack. ([i]E.g.[/i] [url]http://www.wired.com/news/politics/0,1283,45730,00.html[/url])

The trick is in the length (and obsurity) of your passphrase.

[(:|)]

They take his HD, install it on a BATF computer, save a couple child porn pics onto it, and say "look what we've found!" Who's going to be able to say "those weren't on there when you took it!"

Charlie Puckett wasn't one to go around spouting off "anti-government" things. There were even many active duty police officers in the KSM. The feds are going to try to railroad this guy.  Wasn't it the GCA of 68 that prohibited convicted felons from owning firearms? If so, the feds are violating ex-post facto.

I have received 6 emails since saturday that contained the virus.

yeah i just got a e-mail with that BS attachment course im webbased e-mail so it doesnt do squat to me. also im nut dumb enought to post anything i dont want spread around.
course my spelling skills royally suck

Thanks for the info on computer security! I'm still new to most of this stuff, so that was some pretty important reading.

I got sent the BadTrans worm on 2 different email accounts, but deleted them quick (preview wasn't open). Keyboard does seem to be working slower for some reason, but that might be because of that eraser program I downloaded while ago. I don't list my email on message boards as a precaution. So I didn't get it from anyone here.

Hope you didn't mind me "borrowing" your post Imbroglio.  




           

That does not work for Windows OS build on NT technology.  You could add all the physical memory you like, but your system will crash everytime without that pagefile.

No, as a matter of fact I didn't, though I am unsurprised you would say that.
As a matter of fact, these were my exact words:
"It's not ethical, moral, legal or right that the feds are doing this to them, but it is also not unexpected."
Saying it is predictable isn't the same thing as saying it is their fault.

I've gotten several copies of it, but since I don't read my e-mail with Outlook (or any other windows e-mail program) I don't have to worry about it.  Windows virii/worms don't tend to hurt UNIX boxes. [:D]

However, work is a different story.  I'm just waiting for someone at work to get it.

God Bless Texas

Indeed, I had forgotten about that one.



Sage advice.  



I didn't make it clear by my post, but I knew that, which is why I seperated the sections.  I was referring to those other "secure delete" utils that simply do nothing more than overwrite the files with ones and zeros.  Eraser uses Gutmann's algorithms.

God Bless Texas

Cops seize computers partly to look for fishing, but mostly as a form of harrassment.  Businesses can be out of business.  Students can fail classes as work is lost.  Etc.

I know from experience that when dealing with the FBI, they will only seize the computer if it's the only option.  If a company's computer is compormised and then used to commit a crime and they fully cooperate, then the feds will generally do all they can to get an image of the drive for foresnic work as opposed to confiscating the actual machine itself, especially if the machine is key to a company's survival.  However, a company that doesn't cooperate will generally get the machine seized.  They generally play nice if you do.

I got one of my earliest job promotions because the FBI showed up at my work one morning to "interview" the sysadmin and the CTO about some mysterious hacking/data deletion at an ISP used by an employee of the company.

God Bless Texas

I feel pretty secure using a 2000+ bit passphrase.



That is correct.  Under current case law, the Fifth Amendment does not protect you from being forced to submit to an iris scan, thumbscan, or other external biometric measurements.  However, they CANNOT force you to divulge your password/passphrase/encryption key, as it would be considered incriminating oral testimony.  That is why they use keyloggers.

[(:|)]

if you want to protect yourself buy a degausser machine. if you have your original reload cd's after you blank out the hard drive you may reload all the original software as your original equipment came with. (say once a month)
or you may lay your cpu on its side on top of the degausser and if they raid you flip the switch and by the time they get to your cpu theres nothing left on the drives to get its blank, period.  
its safe to leave the machine in place unless you apply the power to the electro magnets on the machine. by the way do not get your watch and take your wallet out of your pocket and set it away from the machine if you plan on turning it on as it will erase anything that has a magnetic strip on it.
or if you want, keep 2 hard drives around as they only take less than 10 minutes to change out. keep the sterile one in the machine for the investigators and have the back up with all of your good info and anything else you do not want them to find. keep the hard drive you want to keep out of the wrong hands on the machine and when you hit the power everything is permently erased in less than 10 seconds.

or if you have a concrete basement keep your cpu on the cement and just lay some termite on it. presto no more info.
I do not have anything to hide but if you do it would be pretty stupid not to cover your ass!!!!!

I'm surprised people are mentioning PGP for encrypting hard drives.  I guess maybe some commercial versions do that??

The program I've usually seen mentioned for that is ScramDisk.  There should be a link from http://[url]http://www.samsimpson.com/[/url].  Looks like there's a Linux version in development (or maybe released) at http://[url]http://www.scramdisklinux.org/[/url]

The Usenet newsgroup  [red]alt.security.scramdisk[/red] discusses this software.  There's a known-vulnerabilities FAQ somewhere out there as well.

ScramDisk allows you to create an encrypted file on your hard drive which can be mounted as if the file were a hard drive.  Run ScramDisk, click on the virtual drive, and enter a password, and presto -- that file appears as an (for example) E: drive that has a bunch of files in it.  Exit ScramDisk, and the E: drive disappears.

The file can be encrypted with any of several military-strength algorithms.  You can also have ScramDisk do steganography -- saving the encrypted data as part of a large image or sound file, so that the image or sound is still viewable/playable -- sort of a LordTrader "post without posting" move. [:D]

BTW, surprisingly enough, source code is still available for ScramDisk (the "agent" for it went commercial a while ago).  So, the software is publicly reviewed and is more trustworthy than the commercial stuff which is "secret" closed source.

yeah but if your getting busted u wont have time to deguas the drive most likely

encryption works best when communicating over an unsecute network. Jane listening in won't be able to know what you say until she cracks your keys which will take many many years using several supercomputers working on it togeather.

Carnivore gets around this by intercepting the request to where ever you want to connect to and pretends to be them. You actually make a secure connection with carnivore and carnivore makes a secure connection to where ever you wanted to go origonally. You can figure out the rest from here.

Back to disk encryption. The others are correct in that data can be recovered from hard drives, floppy disks, and any other media unless you turn the physical media into dust. Data has been recovered even from floppy disks that were cut into little bits.

If you are paranoid, your pest bet is a thumb/micro drive which plugs into your USP port. You can carry the info from you and if you want to get rid of it you can flush it down the toilet and let it go into the sewer (assuming it doesn't get cought in the pipes and found) or thrown in a public garbage when nobody is looking.

If you realize that there is someting you want to get rid of as they are bashing down your door, you're screwed.

Encryption doesn't work too well for files on your hard drive, probably because they can recover the origonal unencryped verson or temp cashe.

Securely eracing a file is good for keeping punk hackers from finding important stuff or preventing your mom from finding your porn after you have burned it to a CD and given copies to your perverted friends, two of which are female.

I also work for dod and turn them in every week.
you may be right about the case but as you also know it only takes a few minutes to take that hard drive out and put it on the degaus table and turn it on. if you are not around or they trick you like the tread started stated it does not matter but if I had a drive with all that info on it . it would not be in my cpu unless I needed it to do some work and then it goes back into hiding.
whats wrong with termite if you leave the drive in the cpu. if you can get to the machine the side just pops off and in goes the termite or if pressed for time you can just set it on the top and hope it does the job. easy to make or you can buy it legally pre-made. also works great on anything else you want to destroy.

Wow.  I thought that the secure SSL/SSH connection was made to the target site.  If Carnivore were between you and the target, I thought that Carnivore would see nothing more than a jumble.  Do you have any links concerning Carnivore making the secure connection?  I would be very interested in knowing more about this.



Yes, but they can legally force you to submit your biometric info, but they can't force you to divulge your passphrase.  It's a matter of personal preference, I guess, but there are legal advantages to using a passphrase key system as opposed to a biometric key system.



With "on-the-fly" encryption (like Scramdisk or PGP disk), this is not the case.  The encryption changes the contents of the encrypted file/drive as you are woring in the intelligible mirror.  The only place that discernable info might reside is in the RAM.  Yanking the plug solves that, and nothing is left on the drive other than the encrypted file/drive (unless it hits your swap file, but that can easily be prevented).

Please pass along any links about Carnivore facilitating the secure connection.  That's news to me, but it makes sense.

[(:|)]