Forensics on PDAs, notes from the field

Major Variola (ret) mv at cdc.gov
Wed Aug 11 18:21:59 PDT 2004


Saint John of Cryptome has a particularly tasty link to
http://csrc.nist.gov/publications/drafts.html#sp800-72
which describes the state of the art in PDA forensics.

There is also a link to a CDROM of secure hashes of
various "benign" and less benign programs that the
NIST knows about.  Including a list of "hacker" programs.
Including stego.   Pigs use this to discount commonly-distributed
software when analyzing a disk (or, presumably, your PDA's
flash).  See http://www.nsrl.nist.gov/
also http://www.nsrl.nist.gov/Untraceable_Downloads.htm

Obvious lesson: Steganography tool authors, your programs
should use the worm/HIV trick of changing their signatures
with every invocation.  Much harder for the forensic
fedz to recognize your tools.  (As suspicious, of course).

The NIST CDROM also doesn't seem to include source
code amongst its sigs, so if you compile yourself, you may avoid their
easy glance.

Notes from the Field:
My paper & image handling kiretsu job has a fellow working
on secure Linux disk-drive delete --even if you pull the plug, on power
up it finishes the job.   Nice.  Thank you, HIPAA, banks, etc.





More information about the cypherpunks-legacy mailing list