Commodore 64 Confuses Austrian Police

toomanyairmiles writes, "It seems that Wolfgang Priklopil, the communications technician who kidnapped Austrian pre-teen Natascha Kampusch, relied on a Commodore 64 as his primary machine. Interestingly this is presenting some problems to the Austrian computer forensics people. Major General Gerhard Lang of the Federal Criminal Investigations Bureau told reporters it would 'complicate investigators' efforts' and would be difficult to transfer the files to modern computers 'without loss.' Could this be the latest in the criminal world's security strategy? Can we expect to see Spectrums, Archimedes, and Atari STs turning up in police investigations soon?"

Why go that far?

[Locke2005]

Any box that doesn't run Windows confuses most investigators. Yep, all their tools are Windows-specific.

Re:Question

[Anonymous Coward]

If it has a word processor and the ability to print what more do many people need?

Is a notebook and pencil obsolete purely because it doesn't incorpoate AJAX and Flash?

Having worked for some time for an IT services company for home users I can assure you that people really do use, nay depend, on obsolete equipment.

Re:Why go that far?

[iluvcapra]

Quickly becoming a meme:

Only a terrorist wouldn't use Windows.

Re:Question

[MyNameIsFred]

... but to say that it would be difficult to transfer files "without loss" is disingenuous at best...

I assume that Austrian law requires some sort of chain of custody for evidence similar to that required under American law. Thus, the transfer is probably difficult because they do not have "certified tools" for the transfer. In the US, it is my understanding that simply copying the files with the copy command is not sufficient. That defense lawyers can question how the transfer was made, whether the copy is an accurate representation of the original, etc. I presume similar problems under Austrian law.

Re:Question

[homer_ca]

How about spare parts and supplies? Floppy drives and keyboard switches will wear out. How reliable are those 20 year old floppy disks? You can't exactly pop over to Office Depot for single density 5 1/4 floppies.

I find it more amusing..

[Anonymous Coward]

how this article is labeled as "Laugh, it's funny", even after the fact that the suspect committed suicide in a somewhat grotesque way.

Too bad no one took a shit on him for an extra "laugh"

missing the point

[dirtyhippie]

The article, and most of these comments, are missing the point. The point isn't that you can't get the data off the hard drive - the investigators aren't that stupid - it's that they can't get previoiusly deleted or overwritten files off the hard drive using their standard techniques, because there is no way to image both a drive and the magnetic clues that these folks use.

Re:Followup

[ShawnDoc]

It also points out one of the problems with purchasing DRM'd media files. Since you are locked into a certain format, what do you do when technology changes and you can't convert your media into the new format or the company behind the DRM folds and there's no way to port the authentication system to a new system? My parents dubbed their records onto tapes. And recently I've helped my mom convert records and her old tapes into MP3 format. Something that couldn't be done if DRM existed then.

Re:Question

[Arakageeta]

The guy kidnapped a little girl and kept her for 8 years. He's obviously a nut case. I don't think you can back his choice to use a Commodore 64 with reason.

Re:Followup

[SachiCALaw]

There may be no statute of limitations, but if the computer (and thus the evidence in the computer) is in the hands of the government, the government will be subject to statutory and constitutional limits that prohibit undue delay in prosecutions. The government would need to prove that it had just cause for failing to bring a prosecution within the time set by law, and laziness in getting the evidence from an old computer would probably not be a valid excuse.

Re:Why go that far?

[Danga]

Any box that doesn't run Windows confuses most investigators.

You are far from correct. A lot of forensic investigators I have talked to actually use linux at times to do things such as image drives which is safer to do on linux than Windows and they are not straight Windows users.

Yep, all their tools are Windows-specific.

The reason they do use Windows tools most of the time is because the tried and true forensic applications are developed for Windows such as Forensic Toolkit Pro http://www.accessdata.com/products/ftk/ [accessdata.com] and EnCase http://www.guidancesoftware.com/products/ef_index. asp [guidancesoftware.com] and since they work and have been well tested on Windows it makes little sense to increase the likelyhood of problems by porting these applications to other OS's. The other big reason most tools are Windows centric is obviously because Windows is the most widely used OS and people like to use what they already have and know.

Windows may not be the greatest OS, and I know people love to bash it, but that does not mean the Windows tools developed for forensic investigations are of low quality. I work as a software developer in this field so I have a decent view on what the situation is and your comment was way far off.

Re:Question

[carnifex0]

The computer crimes unit in the department that I work for (as an IT flunky) seized a C64 about 2 years ago in a kiddie porn case, along with a good number of 5 1/4" disks, but no working drive. They send a global email looking for anyone with old C64 hardware, and I donated my 1541 drive to the cause.

I'm not sure what the outcome was, but I know they still have the C64 up and running in their office.

It does present some interesting complications, from what (little) I know about the forensic examinations they do, they go to great pains not to alter the contents of the original media, using apps like EnCase [guidancesoftware.com] to snapshot drives they're working with.

homer_ca How reliable are those 20 year old floppy disks?

I'm not sure, but I have an unopened (still shrinkwrapped) box of 10 5 1/4's in my office that I've been considering tossing on eBay just for fun. Buy 'em and find out!

Re:Question

[Anonymous Coward]

I can't speak for C64 users, but as an ex-Amigan, I can tell you that I could have easily lived the past decade with one. Frankly the only reason I got rid of mine back in the day was to afford a 486 so I could play Doom. ;-) But I quickly got tired of PC games, DOS and Windows, hence went playing around with Linux soon after. And then the upgrade bandwagon started, with the p120, the AMD K6, etc. Good old AmigaDOS+Workbench ran fine one a 7.15MHz 68000-class CPU with only a couple megs 'o ram. Meanwhile on Windows or Linux/X11 I needed gobs 'o ram to make the system not swap when I started the BIg Ass Application of the day (Netscape, Office, whatever.) whereas in Amigaland the apps were much more efficiently coded.
So basically I wasted a lot of money and time, and if I could go back I'd keep the A1200 (and just run Linux on that if I really wanted to at some point).

Re:Question

[dfghjk]

I guess if I wanted to pirate VHS movies I might see the use of that.

Re:Question

[Grishnakh]

In Austria, yes. But I wouldn't be surprised if defense attorneys are required for dead people in the USA soon. It's almost to the point where you need to consult an attorney before you flush the toilet.

Re:Why go that far?

[Dun Malg]

Two words- Null Modem and Hyperterminal will transfer all the files stored on 5.25" floppies for that Commodore 64 (or even stored on cassette tape) to their Windows machines just fine. It's just ASCII after all, no big problem.

Hah. It's amazing how modern computers have made us forget how little we used to have, and how much of it was proprietary as well. First, it's not ASCII, but PETSCII. Granted, the only serious difference is that lower and uppercase are swapped, but it's still worth noting. Second, The C64 User Port is capable of serial communications, but it isn't RS-232. It requires a level converter to bring it up from the simple TTL signals it puts out. Third, the C64 has essentially no significant operating system functionality upon powerup. It's not a simple matter of typing "cat PERVFILES > /dev/UserPort" or some such. You have to either find someone who knows how to write a disk-to-serial dumper, or maybe find a terminal program you can do a text send with. Do you know how to access a file on a C64 disk?

Re:Tag: Lamers

[oz_paulb]

Seriously: Do a block image copy of every floppy disk.

How would you suggest they go about doing that 'block image copy'? Should they use the 1541 drive? Do they understand enough about the drive to make it do the copy?

I don't believe a standard PC drive will read Commodore disks. The Commodore used "GCR" encoding, where PC drives have always used "FM/MFM". These encodings are incompatible with each other.

Also, I know that some Commodore drives would adjust the spindle speed to get more bits packed into outer tracks - I don't know if the 1541 drive did this, though.

I assume there must be a machine that'll do a true bit-by-bit copy of a disk (and, presumably one that would copy to a medium compatible with a PC).

Disclaimer: I haven't looked at PC disk controllers in years - maybe recent controllers have changed in a way that they can understand "GCR" (but I don't see why the design would have changed to support this, as it's not needed on a PC).

- Paulb

Re:Followup

[johansalk]

What you do then is quite simple; you'll have to re-buy your media files, and I presume that's a reason why the companies seem to like it so much .

Re:Commodore 64 has an RS-232 interface.

[God of Lemmings]

Yes, but if that schmuck had a BSEE he/she wouldn't, except in the rarest of circumstances, be a cop. The investigators would have to use their brains and find someone who can do the work.

Re:Followup

[Midnight Thunder]

It also points out one of the problems with purchasing DRM'd media files.

From the point of view of big media, this is not a problem. For them it suits them just fine. Unfortunately for the buying public this is a major issue.

Re:Followup

[NoMaster]

Unfortunately for the buying public this is a major issue.

No, unfortunately, not is . It will be , but by that time it'll be all-pervasive - basically, too late to do anything about it.

I know the common thing to do is berate corporations for having no long-term vision - but the RIAA/MPAA/??AA do. They've perfected the technique of hovering around that fine line between "too fast, and people will notice" and "too slow, and we'll be obsoleted before we achieve our objectives".

Re:Followup

[westlake]

Since you are locked into a certain format, what do you do when technology changes and you can't convert your media into the new format or the company behind the DRM folds and there's no way to port the authentication system to a new system?

You do what everyone has done since the days of Edison's wax cylinders. You buy into whatever format is convenient and practical for the moment and let the archivists worry about preservation of the analog and digital masters.

Re:This is retarded

[Bri3D]

One issue. The methods that the police use to transfer data off of confiscated storage must be screened before they can be used in a manner which satisfies the court. Otherwise the defense could just question the manner in which the data was transferred, claim it was tampered with by the police, and the case is blown. I doubt googling emulators is an approved or accepted method.

Re:Why go that far?

[MajroMax]

Actually, we're smart enough to mount read only.

What, using Linux? Here's a clue for you:

EXT3-fs: INFO: recovery required on readonly filesystem. EXT3-fs: write access will be enabled during recovery.

Not if you use an IDE cable with the write pins removed.

Re:Question

[radish]

Or you could just, you know, do what the rest of us do and dupe netflix discs with DVD Shrink. Considerably simpler, quicker, and produces much better results. Oh, and there's no DRM on a VHS tape - it would have to be called ARM.

Re:Commodore 64 has an RS-232 interface.

[Anonymous Coward]

Priklopil threw himself under a train minutes after the girl escaped; there's not going to be any court case.

except ...

[hany]

Except that those same media companies may in the future with high probability consider providing say Britney Spears' "tracks" (sorry, if I spelled her name wrong) for re-purchase as a "not interesting from operating profit point of view" thus consumers will be unable to repurchase thus they lose their beloved tracks. Or become criminals.

Feel free to replace "Britney Spears" with any other name from current "popular music" (or even past "popular music").

Oh so very relevant...

[Phil John]

...the police suspect that he may have had an accomplice. Apparently the normal M.O. for this type of criminal relies on having another person in the mix (lookout during original kidnap, looking after victim if other needs to go anywhere for an extended period etc.).

Marc Dutroux (the Belgian Paedophile) had several accomplices - one of whom was directly responsible for Julie and Melissa's death by not feeding them whilst Dutroux was in prison on another charge.

Re:Clues? How about relevance?

[MichaelSmith]

The kidnapper is dead. It's a little late to be looking for clues!

Its one of those "without a trace" scenarios. Maybe the dead kidnapper has girls buried in basements all over Austria. You have to crack the C64 file system before they starve to death.

Re:Commodore 64 has an RS-232 interface.

[shaitand]

Am I the only one sitting here and wondering if anyone on this forum ever used a C64? They need a 5 1/4 floppy drive and a C64 emulator. The C64 stores all the data and programs on floppies, if the system has even been powered off they aren't going to get anything from the machine itself.

Personally I suspect the investigators just have a bunch of MCSE's who run prepackaged forensic tools and have never seen a C64 and don't know how one works.

Re:Question

[BoogieChile]

Yes, for security, one.

Money, for two.

Yes, you can get the operating system to run on all this lovely modern hardware for free, but you don't get the hardware for free, do you? Well, obviously not you personally, possibly (being a geek an' all), but for the average guy. Not saying that this kidnapper guy is average, obviously...but if you had a computer that did everything you wanted, you didn't care about the fancy pictures and graphics, 40 columns of text in two colors is fine for some people.

So, all you spend money on are cassettes and disks - can you even BUY 5+1/4 inch floppys anymore?

For twenty years.

Rather than spending between oh, say from 500 up to 2 grand (on average) what, three, four years?

I could guess that if you're such a tightass that you have to steal a girlfriend, brainwash her into loving you rather than do it proper and spend money on diamond rings and things, it's probably not such a far step to never upgrading your computer. what say that he was obsessive over it? He might have kept it immalucate, and there you go, folks! A computer that lasted for twenty years!

What else...As far as why this particular guy stuck with his old crumble-door, well, given the state of his mind to do what he did in the first place, there could be aaaaaaaalll sorts of reasons why..SOme of them you may well REALLY not want to know about.

And finally, if they really want the data that bad, they have the resources (and the technology) to rubuild it. If they really want the data, they could even break out the electron microscopes (I reckon the grains in a floppy disk woudl make this a non-trivial task - the disks were only 170KB, you know...

Fear for retrocomputing

[RomulusNR]

Could this be the latest in the criminal world's security strategy? Can we expect to see Spectrums, Archimedes, and Atari STs turning up in police investigations soon?"

No, what this means is that soon, anyone who owns or purchases an old piece of computing will either have to submit to a background check or be put on a DHS watchlist. Because there is no reason for a normal person to own an old piece of technology other than for nefarious purposes.