Staged photo, ok, b...
 
Notifications
Clear all

Staged photo, ok, but how much?  

Page 1 / 2
  RSS
jaclaz
(@jaclaz)
Community Legend

Is the reality fake or is the fakity real? 😯

Recently a photo was posted here to exemplify a point (a point that I missed anyway cry )

https://www.forensicfocus.com/Forums/viewtopic/p=6601956/#6601956

The actual original image is a "stock photo" available on Wikimedia, license under Creative Common and dates back to 2013

https://commons.wikimedia.org/wiki/FileDigital_forensics_lab.jpg

in various sizes including a large 4,104 × 2,736 pixels one.

The image has been re-used for a number of digital forensics related articles and as well in a number of sites of firms doing digital forensics or data recovery, among them, this one

https://www.theintercessorgroup.com/digital-forensic-services

has also another one side by side, with a more panoramic view of the same "lab", for which I couldn't find the high resolution version, the largest I could find was this one
https://lifeguarddatarecovery.co.ke/wp-content/uploads/2019/03/lifeguard-lab.jpg
which is - BTW poorly - photoshopped to add the name of the firm on the laminar flaw hood.

Anyway, let's get back to the one image for which the high-resolution copy is available.

It is clear enough to me that the photo is fake/it is staged.

Point of the game (should anyone want to play with me ? ) is to find how many things in the image look improbable, implausible or however "queer".

I found no less than 12 details that do not pass the "common sense" sniff test, can you find more?

jaclaz

Quote
Posted : 26/02/2020 12:58 pm
Dilettante
(@dilettante)
New Member

Is the reality fake or is the fakity real?

ReplyQuote
Posted : 27/02/2020 12:54 pm
jaclaz
(@jaclaz)
Community Legend

@Dilettante
Come on.
https://farid.berkeley.edu/downloads/publications/jdfsl15.pdf

Point was not about the wikimedia image having been photoshopped/altered, but rather that it was staged, i.e. it represents NOT an actual, real data recovery lab (let alone a digital forensics one) but rather a reconstruction of how the photographer/director believes a forensics lab looks like, or, if you prefer a fake laboratory.

In the meantime, another member sent me via PM a link to a video where (around 005m 019 and around 022) the same "laboratory" is seen

https://www.youtube.com/watch?v=d-31x7_ZQYU

And here there is another video (check around 116)
https://www.youtube.com/watch?v=bWIvPFdCtQQ
with the same laboratory, but now - scoop - at around 119 seemingly with real people (without surgical masks, and tyvex suits nonsense), though at 131 we are back to square 1.
And then at 211 amd 229 they are not needed anymore, but then at 236 they are needed again (understanbably as the guy is inspectng a HD platter with a magnifying glass).

And another couple ones
https://www.youtube.com/watch?v=orUyAazB-Nk
https://www.youtube.com/watch?v=4VwE2YlRdqw

And yet another one, featuring the mistery of the disappearing sign
https://www.youtube.com/watch?v=AcBsxAuzx6w
(compare 022 and 042 with 051)

jaclaz

ReplyQuote
Posted : 27/02/2020 1:26 pm
jaclaz
(@jaclaz)
Community Legend

None of the other (grown up) kids seemingly wants to play with me. cry

Maybe it is not evident enough how - besides the "light" approach I took - this kind of misinformation (like all misinformation) is bad for both the real digital data recovery technicians and investigators and the general public.

jaclaz

ReplyQuote
Posted : 29/02/2020 11:52 am
thefuf
(@thefuf)
Active Member

None of the other (grown up) kids seemingly wants to play with me. cry

Maybe it is not evident enough how - besides the "light" approach I took - this kind of misinformation (like all misinformation) is bad for both the real digital data recovery technicians and investigators and the general public.

jaclaz

Also Pelican cases.

ReplyQuote
Posted : 29/02/2020 12:19 pm
jaclaz
(@jaclaz)
Community Legend

Also Pelican cases.

Well, they are preferred by 9 camels out of 10, reportedly wink
https://www.pelican.com/us/en/discover/survival-stories/9-out-of-10-camels-prefer-pelican/

jaclaz

ReplyQuote
Posted : 29/02/2020 3:30 pm
JDCoulthard
(@jdcoulthard)
Member

OK, I will have a stab at this Jaclaz

1. The complete lack of any visible documentation relating to any of the items
2. No labelling of any of the disks to determine where they have originated from
3. An improbable number of disks next to some of the computers - mounting brackets for two internal hard disks in the visible computer on the far right where 5 disks are shown
4. The far right monitor appears to be connected to a computer with no power cable connected, yet is showing an image on screen.
5. Many disks not having power cables connected to them
6. IDE disks with SATA cables apparently connected to them
7. SATA cables not actually being connected to the system board of the associated computer.
8. Impractical location of monitors (might be ok for simple imaging tasks but not long term work performed from a seated position.
9. Unless the door leads to another lab, shouldn't the authorised personnel sign be on the other side?
10. The dude holding the disk platter. Not sure what they would expect to recover from it since it has been removed from the stack.
11. The complete absence of tools in the main work area (there appears to be a few screwdivers in the laminal flow cabinet)
12. No ESD mitigation
13. No coffee cups - no coffee no work 😉
14. No posters
15. Only 2 members of staff "working" on all of the exposed media

I'm sure there is plenty of other things that are just plain wrong with this image….

ReplyQuote
Posted : 01/03/2020 9:30 am
jaclaz
(@jaclaz)
Community Legend

2. No labelling of any of the disks to determine where they have originated from

2.1) but a couple of them have "bad HD" written with a felt tip pen …

4. The far right monitor appears to be connected to a computer with no power cable connected, yet is showing an image on screen.

Actually the far right monitor in itself (the image it is showing) represents a large part of the reasons
4.1) Hiren's Boot CD?
4.2) HXD as a hex editor?
4.3) set with a width of 0x13?
4.4) viewing sector 0 (a bootsector of FAT32 non partitioned) of 31250360 sectors (a 16 GB stick)
4.5) actually first computer (on the right) is not connected to anything, not to power and has also no video card
4.6) BTW there are on the right 4 monitors and 6 computers, so if neither of the first two computers on the right, the one without power and video card and the one that is only partially visible are not connnected to the first monitor, they don't match computers, i.e. the guy is staring at the "wrong" monitor

But - from the beginning let's call it 0) - either this is a clean room or it isn't (it isn't you cannot have that kind of false ceilings in a clean room) and of course in a clean room you don't have any need of a laminar flow hood [1] but you need the "bunny suits" and surgical masks, whilst in a non-clean room they make no sense whatsoever if not - maybe - for the single guy actually working at the hood with an open hard disk (i.e. the one that in the photo is NOT wearing a mask).

On the other hand, the one that is - maybe - imaging (perfectly closed) disks has it, wears gloves (presumably not to leave fingerprints wink ) and has a tuft of hair coming out of the suit hood, and is working at a keyboard, which brings us to
17) one single wireless keyboard and mouse (which is already a big issue if the batteries go down or they lose connection) for several computers?

18) no writeblockers/PC-3000's, connectors, cables, or similar devices on sight

About point
9) What (the heck) is behind the door? "Access to Authorized personnel ONLY" signs are OUTSIDE the "cleanroom" …
(if we take into account the other photo and the videos there is another door in the room on the left, as well with a sign "Access to Authorized personnel ONLY")[2]

jaclaz

[1] It isn't very visible in the photo, but it is well visible in some of the videos, on the back of the hood it is written in large, friendly letters "Class 10 Certified ISO 4 Cleanroom", let's number this as 16).
Do you remember the Batman TV series of the '60's?
https://www.thevintagenews.com/wp-content/uploads/2016/01/211.jpg
https://www.thevintagenews.com/wp-content/uploads/2016/01/51.jpg

[2] in the videos we can see that the same room has also a window 😯 (but then on that side of the room there is no need of masks and bunny suits)

ReplyQuote
Posted : 01/03/2020 11:49 am
JDCoulthard
(@jdcoulthard)
Member

I believe the Bat-Molecular Dust separator is from the motion picture where the members of the UN are turned into cat litter?

ReplyQuote
Posted : 01/03/2020 2:11 pm
jaclaz
(@jaclaz)
Community Legend

I believe the Bat-Molecular Dust separator is from the motion picture where the members of the UN are turned into cat litter?

Right you are
https://en.wikipedia.org/wiki/Batman_(1966_film)

But to be picky it was - as clearly labeled wink - a Super Molecular Dust Separator.

jaclaz

ReplyQuote
Posted : 03/03/2020 8:55 am
4Rensics
(@4rensics)
Active Member

- No UKAS over your shoulder
- No cops annoying you asking dumb questions
- No waiting 12 hours for cellebrite/encase (insert tool here) to finish decoding
- No Greggs bags
- Nobody is swearing at their screen
- Nobody is on Google or Forensic Focus searching for answers for problems they are having

Do you want me to go on? D

4F

ReplyQuote
Posted : 03/03/2020 10:48 am
JDCoulthard
(@jdcoulthard)
Member

But to be picky it was - as clearly labeled wink - a Super Molecular Dust Separator.

jaclaz

You are right, but it should be the Bat Super Molecular Dust separator to go with the Bat-Copter, Bat-Cycle and Bat-Boat!

ReplyQuote
Posted : 03/03/2020 11:45 am
jaclaz
(@jaclaz)
Community Legend

You are right, but it should be the Bat Super Molecular Dust separator to go with the Bat-Copter, Bat-Cycle and Bat-Boat!

Yep, but on the other hand we have the batcave and the batpoles (without hyphens), the batscilloscope and the brain-wave batanalyzer, and the more simple "television" and "anti-crime computer" (without bat)
https://www.thevintagenews.com/2016/05/29/gadget-labeling-level-batman-batman-labeled-gadgets-television-series-1960s-2/

We can conclude that device naming was not ISO 9001 compliant (let alone validated)

jaclaz

ReplyQuote
Posted : 03/03/2020 12:19 pm
JDCoulthard
(@jdcoulthard)
Member

Indeed, a complete lack of a Bat-Quality Management System in place. Perhaps Bruce Wayne told UKAS to stick one up their Bat-Poles? 😉

ReplyQuote
Posted : 03/03/2020 2:23 pm
jaclaz
(@jaclaz)
Community Legend

Indeed, a complete lack of a Bat-Quality Management System in place. Perhaps Bruce Wayne told UKAS to stick one up their Bat-Poles? 😉

I thought Wayne industries actually owned UKAS.

jaclaz

ReplyQuote
Posted : 03/03/2020 6:15 pm
Page 1 / 2
Share: