Impact of Biometric devices on Computer Forensics.

Hi mark,

the reason i asked this question about the biometric devices is because i want to base my research on them, but before i started my research i wanted to know how these biometric devices work and how they can be accessed without the users fingerprint or incase of a broken scanner. but more importantly before i started my research i wanted to know if there was a method of doing so out there already. but i guess due to the newness of the technology a method needs to be found.

about the work placement post, no i havent got a reply for that one yet, i guess there is no one out there who wants to take me on for work experience, as yet?

Imran

I'm new to this forum so I'm just reading through the old threads hence the late reply. imrankhan, I notice that you're from stafford, are you studying at Staffordshire Uni and if so what is your opinion of it?

Hi everyone.

I would like to open this thread again, still looking at biometric devices embedded on devices and the problem they can cause for forensic investigations. Back to the original question but replace the hard drive with a mobile phone, we have a broken sensor or the user of the phone AWOL, what sort of techniques, software, hardware are available to bypass biometric security.

Before I get asked to provide links to prove that there are biometric mobile phones , heres one for all of you

http//www.pantech.com/curiosity/content_467.jsp

and this a facial recognition phone

http//www.physorg.com/news3233.html

Imran R. Khan

A criminal would have to be incredibly stupid to use a hard
drive protected by a fingerprint scanner.

btw, Harlan, do you know if the details of the 1991 case where
AFOSI put back together the 5.25" floppy is online?

That sounds very interesting.

Thanks.

> btw, Harlan, do you know if the details of the 1991 case where AFOSI put
> back together the 5.25" floppy is online?

A few minutes on Google found this
http//www.certconf.org/presentations/2003/files/keynotes.html
http//public.afosi.amc.af.mil/global/mar_apr_05/mar_apr_05.pdf (starts on page 12)

Harlan

From the link you provided, it looks as though the biometric device simply protects the hard drive from physical and electronic access. The simplest answer to your question seems to be…just open the case.
H. Carvey
"Windows Forensics and Incident Recovery"
http//www.windows-ir.com
http//windowsir.blogspot.com

oops… diging the old topic out but was going through the archive so feel comenting!

NOT REALLY!

Biometric devices generate a certain & unique checksum (say a digital HASH) based on the uniq input features. if this hash is used as the PASSWORD ITSELF, say in windows XP with EFS (encrypted file system) enabled & some files encrypted with it. YOU GOT TO HAVE THE password hash to decrypt the content & access it(unless there is some unprotected data recovery agent lying somewhere in the hdd)

….the reason i asked this question about the biometric devices is because i want to base my research on them, but before i started my research i wanted to know how these biometric devices work and how they can be accessed without the users fingerprint or incase of a broken scanner.

We've being discussing fingerprints on touch screen phones here bis and here ter and whilst researching I did look at biometric issues associated with mobile handsets that use fingerprint security.

What became clear is how entirely tenuous fingerprint security could be. Below is a list of potential reasons why fingerprint security activated on a handset may produce failed authentication after the user has profiled the handset with his/her fingerprint during registration at the outset

- Fingers are wrinkled, wet or sweaty after taking a bath, etc.
- Fingers are sweaty or oily enough to obscure ridges of fingertip, or fingers are soiled with dirt or oil
- Rough or damaged (cut, inflamed, etc.)
- Extremely dry or tendency to get dry
- Became fat or thin to cause fingerprint to change
- Fingerprint unclear by wearing away
- Surface in a condition extremely difficult from that at the time of fingerprint registration
- Moving finger too fast or slow over the finger sensor
- Where handset is connected to a PC and PC not grounded or only grounded after the handset and PC are connected and switched ON
- Static discharge

One mobile phone that I came across with fingerprint security and standard terminal security code, the handset manual had this to say

"If fingerprint authentication failed 5 times consecutively, the temrinal security code entry screen appears." Interestingly, the handset manual states the fingerprint security and terminal security code cannot be active at the same time. The manual also states terminal security code default is 0000. Consequently, if the user fails to change the default terminal security code and only uses fingerprint security, if that then fails it may not be too difficult to work out to enter 0000 when the terminal security code screen appears. I do not have this handset so I have not conducted any tests, but if this is a security loophole and should it works - and I can't see why it shouldn't if the manufacture accepts authentication can fail and offers another route to access - then this may be one aspect to consider when looking at circumvention of fingerprint security and how that might assist forensic examination.

Two other shortcomings I have seen in fingerprint (USB "secure" flash drives, or fingerprint door locks) devices are the size of the fingerprint signature collected, and interface between the device and the scanner/reader are accessible.

Some only use as your example, four to eight bytes (32 to 64 bits) of data as the unique signature. Worse, because of the limited space in small USB devices, and cheap implementation, the locking algo is built into the reader, not the underlying controller - allowing brute force injection without any lock out. Some are even worse, and a simple high/low (lock/unlock) is sent from the scanner/reader.

Like many others perhaps, the HP Compaq nx6125 has fingerprint access technology and I did wonder, when I saw it when it first came out, whether it was safe? The mobile phone I was discussing above suggests to me that maybe device access using fingerprint technology isn't worth using for mobile devices given the potential to fail authentication and the loopholes in the security architecture.