CSO: How to Protect...
 
Notifications
Clear all

CSO: How to Protect Your Privacy from Computer Forensics

12 Posts
8 Users
0 Likes
529 Views
(@seanmcl)
Posts: 700
Honorable Member
Topic starter
 

No comment.

http//www.csoonline.com/article/512793/How_to_Protect_Your_Privacy_from_Computer_Forensics?source=CSONLE_nlt_update_2010-01-07

 
Posted : 07/01/2010 8:51 pm
(@kovar)
Posts: 805
Prominent Member
 

Greetings,

The author is a corporate investigations manager. I wonder what his position would be if all the employees where he worked used these tools?

An enormous amount of sensitive data certainly does end up on eBay, craigslist, and the like, but a corporation could take care of that by ensuring that drives are wiped or destroyed prior to sending them out for recycling.

-David

 
Posted : 07/01/2010 9:52 pm
Beetle
(@beetle)
Posts: 318
Reputable Member
 

Greetings,

The author is a corporate investigations manager. I wonder what his position would be if all the employees where he worked used these tools?

An enormous amount of sensitive data certainly does end up on eBay, craigslist, and the like, but a corporation could take care of that by ensuring that drives are wiped or destroyed prior to sending them out for recycling.

-David

I wonder if he has talked to his (if he has one) CSO about this. How would they ever be able to detect who made their IP "walk out the door". roll

 
Posted : 07/01/2010 11:11 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

Eh, nothing in there is news. CCleaner, Eraser and BootNuke are ancient, fossilized news.

In my experience, most just try to e-mail the IP to their gmail or Y! account from the corporate mail system. It leaves prints the size of a mammoth on about a dozen other systems, besides the employee's machine.

I think the author just needed a few more "wrote articles for …" on his CV.

 
Posted : 09/01/2010 3:15 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I agree with jhup…I mean, really, XP has it's own built-in anti-forensics features and I don't see anyone up in arms about that. There's always someplace else to look, and if you've looked in all those places and there's no data…then that's your answer. Besides, in a corporate environment, shouldn't there be tighter controls on what user's can access?

 
Posted : 09/01/2010 3:39 am
Beetle
(@beetle)
Posts: 318
Reputable Member
 

That's what I was getting at. I was trying to be 'ironic'. Frankly I am surprised at an article like that showing up in CSO, it practically condones circumventing any efforts to detect policy violations or misuse. If your systems are so loosely configured so someone can install or run executables at their whim…

On our 'corporate' platform unless you are in the admin group you can't install or run any non-platform software. Our system is also configured that only certain users can access the 'net and even then the proxy will block access to web-based email, streaming video, internet telephony, etc.

It is so tight I once tried to access Dartmouth University for a Word file that had a single instance of the word 'hacking' in it – blocked.

For those who may be interested our proxy servers run Websense.

 
Posted : 09/01/2010 3:49 am
(@jelle)
Posts: 52
Trusted Member
 

I still keep trying to convince every crime TV series writer not to include the part about where they use fingerprints to catch the bad guy… What if the criminals find out that that's one of the ways we can catch them…?!

No, on a serious note and without wanting to sound too cynical or ironical here I'm not that worried about any negative effects of his knowledge sharing.

These are great tips for people who want to sell or dump their old computer (not necessarily companies, but also just people wanting to get rid of their home PC) - and as jhup already states not real news, these tools have been around for a while. I also have the impression that his intended target audience is this average home user afraid of unintentionally leaking personal data (not really sure why it would have to be published at a 'CSO' website then though).

People who really want to hide something would need to use more advanced tricks to completely erase all traces on all possible systems (and in reality almost always make a mistake or simply don't even use these tools (hey, we still catch criminals by using fingerprints, even though you can buy gloves for a couple of dollars and the use of fingerprints is more or less common knowledge)).

As keydet89 already says especially in a corporate environment, you don't get away with just running cccleaner - there are a lot more places to find possibly relevant data.

And to come back to the fingerprints example trying to hide our knowledge is just a poor effort of 'security by obscurity' - IMHO we won't prevent any crimes by doing that.

 
Posted : 10/01/2010 5:34 pm
(@seanmcl)
Posts: 700
Honorable Member
Topic starter
 

I was more amused by the inconsistencies. The tag line was preventing identity theft but the body of the article discussed FTK and EnCase. I've worked on some identity theft cases and I have yet to see a miscreant who had a license for either.

So, on the one hand, you are talking about protecting one's identity and, on the other, referring to how to obscure your data from tools used, predominantly, by legitimate investigators.

That is what I found to be confusing.

 
Posted : 10/01/2010 8:37 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I was more amused by the inconsistencies. The tag line was preventing identity theft but the body of the article discussed FTK and EnCase. I've worked on some identity theft cases and I have yet to see a miscreant who had a license for either.

So, on the one hand, you are talking about protecting one's identity and, on the other, referring to how to obscure your data from tools used, predominantly, by legitimate investigators.

That is what I found to be confusing.

Wait a minute, do you mean that you have proof that identity thieves don't use Encase or FTK, or are you saying that you have proof that identity thieves do not use properly licensed software, and use instead cracked/hacked versions of 'em?
😯

wink

jaclaz

 
Posted : 10/01/2010 9:29 pm
(@seanmcl)
Posts: 700
Honorable Member
Topic starter
 

Wait a minute, do you mean that you have proof that identity thieves don't use Encase or FTK, or are you saying that you have proof that identity thieves do not use properly licensed software, and use instead cracked/hacked versions of 'em?

I don't have proof that identity thieves don't license or run hacked versions of FTK or Encase, but based upon how those with whom I have been in contact operate, I would guess it is pretty unlikely.

I suppose we could ask Guidance or Access whether they have received any license renewal application with a return address of a Federal prison.

 
Posted : 10/01/2010 10:25 pm
Page 1 / 2
Share: