Forensics on PDAs, notes from the field

Fri Aug 13 11:11:36 PDT 2004

On Fri, 13 Aug 2004, Morlock Elloi wrote:

> The purpose would be that they do not figure out that you are using some
> security program, so they don't suspect that noise in the file or look for
> stego, right?
> 
> The last time I checked the total number of PDA programs ever offered to public
> in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be
> trivially checked for. Any custom-compiled executable will stand out as a sore
> thumb.

How? Not if you get something like a Sharp Zaurus and compile your own
environment.  "Hey, I want to get as much performance out of this shitty
little ARM chip as I can."

> You will suffer considerably less bodily damage inducing you to spit the
> passphrase than to produce the source and the complier.

What makes you think they'll have enough of a clue as to how to read the 
files off your PDA without booting it in the first place?  99% of these 
dorks use very expensive automated hardware tools that do nothing more 
than "dd" your data to their device, then run a scanner on it which looks 
for well known jpg's of kiddie porn.  

If you're suspected of something really big, or you're middle eastern,
then you need to worry about PDA forensics.  Otherwise, you're just
another geek with a case of megalomania thinking you're important enough 
for the FedZ to give a shit about you.

> Just use the fucking PGP. It's good for your genitals.

And PGP won't stand out because.... ?

----------------------Kaos-Keraunos-Kybernetos---------------------------
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  :                                                             \|/
 + v + :    War is Peace, freedom is slavery, Bush is President.
-------------------------------------------------------------------------