Nitschke: Beyond good and evil.

Matthew X profrv at nex.net.au
Tue Apr 27 05:33:51 PDT 1999 

Nitschke: Beyond good and evil.
"We lost two computers, many, many disks and files, all of them 
electronic," said Dr Nitschke shortly after the Darwin raid. "Not much in 
the way of paper material, but some drugs that are part of this medical 
practice.

"When they turned up, they drove in en masse and came straight in. I was 
working at my computer, which is now gone."

Dr Nitschke said anything the police couldn't open was "bolt-cuttered".

Dr Nitschke said Exit Australia had temporarily lost contact with its clients.

"I've got heaps of patients, I contact them a lot and need that stuff back 
as fast as possible," he said.

"The police said they would work quickly and give me a copy of my disks. 
They said they would hold on to (the original) material for as long as they 
needed it."

They work fast phill,regular speed freaks.(actually drug squad 'B' in Vic.are!)
For next time and interested bystanders...Tricks of the trade (FROM 
Computer forensics tips

By Michael Jackman, TechRepublic
07 August 2002.Znet)Extract...

Incident response staff will need to understand the tricks used to thwart 
investigators and hide evidence. These tricks might include:

Hiding data within files, such as .gif and .jpg pictures, a practice called 
steganography.
Altering filenames and extensions to disguise evidence as innocent files, 
such as renaming a pornographic .jpg to gotmail.wav.
Hiding files in unlikely places.
Using Zero Link files (in Unix) that don’t associate with any directory.
Modifying operating system utilities so that certain data is not listed or 
found during keyword searches.
Sabotaging a computer so that, if it is investigated, a logic bomb will be 
triggered. Saboteurs also give hostile programs friendly names such as 
find.exe.
Erasing files or disk space with file shredding utilities.
These techniques represent just some of the tricks investigators are up 
against. Don’t wait until an incident has happened—create an incident 
response procedure now and invest in training and tools. If you wait for an 
incident to happen before acting, your company (and your reputation) will 
be damaged. In the meantime, these tips will help you determine whether an 
investigation is being conducted professionally.

Additional resources

1. Web sites

High Technology Crime Investigative Association—This organisation accepts 
members from law enforcement, corporate management, and corporate security 
staff. However, anyone may download its newsletter containing forensic tips 
and information. The June 2002 issue, for example, contained tips on how to 
recover deleted Outlook e-mail by corrupting and then rebuilding a copied 
Outlook .pst file.

LC Technology International makes sophisticated data recovery tools and 
provides forensics training and investigative services.
The Department of Justice offers guidelines for searching and seizing 
computers.
SecurityStats.com provides digests of the latest statistics and analyses 
relating to computer security. These stats will help you justify a 
forensics budget to cover equipment, staff, and training.
The Department of Justice Cybercrime Web site has news, articles, and other 
information.

Same DoJ?-JUDICIARY COMMITTEE REPORT CALLS FOR INDEPENDENT COUNSEL TO 
INVESTIGATE THE INSLAW CONTROVERSY

--------------------------------------------------------------------------------
The ("INSLAW Affair") report concludes that there appears to be strong 
evidence, as indicated by the findings of two Federal court proceedings, as 
well as by the Committee investigation, that the Department of Justice 
"acted willfully and fraudulently," and "took, converted and stole," 
INSLAW's Enhanced PROMIS by "trickery, fraud and deceit."

More information about the cypherpunks-legacy mailing list