Nitschke: Beyond good and evil.
Matthew X
profrv at nex.net.au
Tue Apr 27 05:33:51 PDT 1999
Nitschke: Beyond good and evil.
"We lost two computers, many, many disks and files, all of them
electronic," said Dr Nitschke shortly after the Darwin raid. "Not much in
the way of paper material, but some drugs that are part of this medical
practice.
"When they turned up, they drove in en masse and came straight in. I was
working at my computer, which is now gone."
Dr Nitschke said anything the police couldn't open was "bolt-cuttered".
Dr Nitschke said Exit Australia had temporarily lost contact with its clients.
"I've got heaps of patients, I contact them a lot and need that stuff back
as fast as possible," he said.
"The police said they would work quickly and give me a copy of my disks.
They said they would hold on to (the original) material for as long as they
needed it."
They work fast phill,regular speed freaks.(actually drug squad 'B' in Vic.are!)
For next time and interested bystanders...Tricks of the trade (FROM
Computer forensics tips
By Michael Jackman, TechRepublic
07 August 2002.Znet)Extract...
Incident response staff will need to understand the tricks used to thwart
investigators and hide evidence. These tricks might include:
Hiding data within files, such as .gif and .jpg pictures, a practice called
steganography.
Altering filenames and extensions to disguise evidence as innocent files,
such as renaming a pornographic .jpg to gotmail.wav.
Hiding files in unlikely places.
Using Zero Link files (in Unix) that dont associate with any directory.
Modifying operating system utilities so that certain data is not listed or
found during keyword searches.
Sabotaging a computer so that, if it is investigated, a logic bomb will be
triggered. Saboteurs also give hostile programs friendly names such as
find.exe.
Erasing files or disk space with file shredding utilities.
These techniques represent just some of the tricks investigators are up
against. Dont wait until an incident has happenedcreate an incident
response procedure now and invest in training and tools. If you wait for an
incident to happen before acting, your company (and your reputation) will
be damaged. In the meantime, these tips will help you determine whether an
investigation is being conducted professionally.
Additional resources
1. Web sites
High Technology Crime Investigative AssociationThis organisation accepts
members from law enforcement, corporate management, and corporate security
staff. However, anyone may download its newsletter containing forensic tips
and information. The June 2002 issue, for example, contained tips on how to
recover deleted Outlook e-mail by corrupting and then rebuilding a copied
Outlook .pst file.
LC Technology International makes sophisticated data recovery tools and
provides forensics training and investigative services.
The Department of Justice offers guidelines for searching and seizing
computers.
SecurityStats.com provides digests of the latest statistics and analyses
relating to computer security. These stats will help you justify a
forensics budget to cover equipment, staff, and training.
The Department of Justice Cybercrime Web site has news, articles, and other
information.
Same DoJ?-JUDICIARY COMMITTEE REPORT CALLS FOR INDEPENDENT COUNSEL TO
INVESTIGATE THE INSLAW CONTROVERSY
--------------------------------------------------------------------------------
The ("INSLAW Affair") report concludes that there appears to be strong
evidence, as indicated by the findings of two Federal court proceedings, as
well as by the Committee investigation, that the Department of Justice
"acted willfully and fraudulently," and "took, converted and stole,"
INSLAW's Enhanced PROMIS by "trickery, fraud and deceit."
More information about the cypherpunks-legacy
mailing list