Forensic Analysis of the Stolen VA Database 144
An anonymous reader writes "As you have probably heard, the FBI has recovered the stolen Veteran's Administration laptop. The FBI even said "A preliminary review of the equipment by computer forensic teams determined that the database remains intact and has not been accessed since it was stolen." This article looks at what the FBI forensic lab is doing to determine the sensitive information hasn't been accessed and how the thieves might have covered their tracks — thereby rendering the forensic results useless."
Worst Case Scenario (Score:5, Informative)
Worst case scenario: The laptop thieves really know what they are doing. They remove the hard drive from the laptop, and mount it read-only (no modifications to the file system) on another computer, access the sensitive data and re-insert the hard drive into the stolen laptop. This is the same process the forensic examiner would use to prevent the examination from modifying the data contained on the laptop -- and this is why I mentioned what the FBI might look for during the physical examination -- marks on the screws or finger prints on the internal hard drive casing.
Is this just some guy's blog entry? (Score:4, Informative)
While it's nice a forensic specialist can lend some insight, it's misleading to suggest this is what the FBI is actually doing.
Paranoia (Score:1, Informative)
I think my tinfoil hat is on a bit too tight.
Regarding the article links, especially the second link, hopefully the FBI can show the other departments a thing or two about computer security.
At the recycling company I work at, we get dozens of hard drives full of data every day. An unscrupulous person could make a great deal of money off of just thrift store-level personal data, but you rarely see that kind of thing getting done. The typical thief is uneducated, particularly about the mystical inner workings of a computer, but I suspect that is about to change in the New Era of identity theft. I have almost no doubt that a typical thief jacked that laptop to look at MySpace in the park or some other ridiculously pedestrian abuse of hardware...
Re:Worst Case Scenario (Score:5, Informative)
Re:Easy cheesy (Score:4, Informative)
Unfortunately, I doubt anyone at Microsoft has ever thought of this nor even bothered to patent something so "novel."
Re:So in short, it's a bit of a gamble. But not mu (Score:2, Informative)
Ghosted CD bootup, copied in read-only mode on another system - piece of cake to most hackers and almost any high school kid who knows anything about system ops - and that's a LOT of them.
But as far as the original perp goes, to be honest, I would doubt that the perp is a low-brow thief. More likely, the thief, if there WAS a thief, was someone on the inside at the VA, who knew EXACTLY what he, or she, was doing and what he, or she, was taking, and for exactly what purposes.
With that many identities on the drive, the cash value of the data alone is astronomical. And for someone on the GSA payscale, that's a LOT of incentive to pull an inside job. Look for people who quit the VA in the next year or so and seem to hit it big at a casino or playing the ponies. Watch their accounts and their spending habits. Outgo will NOT equal income for someone - or several someones. And THAT will be your pool of "most likely to have copped the laptop" people.
But, by then, the damage will have been done to a large number of the people whose information was stolen anyway.
Once again, the government proves that its security measures are far behind those of the real world's.
Lee Darrow, C.H.
Re:Wow, the FBI discovered MAC times. (Score:4, Informative)
Re:Worst Case Scenario (Score:2, Informative)