forensics
Latest
Wired: 'iPhone takes screenshots of everything you do'
On your iPhone or your iPod touch, when you press the Home button, there's a nice little animation that takes you back to the home screen. To create that animation, your iPhone takes a screenshot of whatever it is you're doing, and uses it for the transition. Sounds innocent, right? Not so much, says data forensics expert Jonathan Zdziarski (thank you, clipboard). The screenshot is presumably erased from the iPhone after the application closes, but is any digital file really gone after you delete it? Survey says no. Forensics experts have mined for these screenshots, successfully recovering evidence against criminals accused of rape, murder, and drug deals. They can also recover data from the iPhone's keyboard and web caches, too. In his presentation, Zdziarski also demonstrated how to bypass an iPhone's passcode in order to own the device and access personal data. Time-consuming? Sure (it took JZ about an hour and involved a custom firmware build). Impossible? No. As with all things digital (and networked), your privacy is largely illusory. Time to go Don Draper on this one and just use Field Notes books, my stack of business cards, and the rotary dial. [Via Wired.] Thanks, Kenny!
Microsoft gives cops COFEE: free computer forensic tools
Cops doing computer forensic work already have a ton of tools to choose from, but Microsoft is doing its part to help out as well -- the company just revealed that it's been distributing a special thumb drive to cops in 15 countries to help them identify and extract information from suspects' computers. The drive, called COFEE for Computer Online Forensic Evidence Extractor, is in use by more than 2,000 officers, including some in the States, and Microsoft is giving it away for free, saying that its doing it not for profit but to "help make ensure the Internet stays safe." COFEE contains more than 150 commands that can be used to collect information, decrypt passwords, and poke through network activity, which helps alleviate the problem of having to remove and transport a suspect's computer for evidence purposes -- officers can just plug in the drive. There's no word on when Microsoft will start widely distributing the drives, but we'd assume it'll be soon.[Thanks, Yoshi]
iPhone forensics market developing
Apparently something big is going down in the iPhone forensics world. TUAW has learned that about a half dozen different firms are actively hunting for developers who can assist law enforcement in reading data off unjailbroken iPhones, both the private and public partitions. We've been in touch with third-party Mac developers who have been contacted. Want a gig as an iPhone CSI? You'll need a good working knowledge of the iTunes protocol and a way to communicate directly with the iPhone without altering any data that could be used for evidence.
WiebeTech HotPlug lets cops move desktops without shutting them down
We've seen some interesting computer forensics gear from WiebeTech before, like the Mouse Jiggler USB key that prevents a system from locking the screen or going to sleep by subtly shaking the mouse cursor, and the company's latest addition to the investigator's toolkit, the HotPlug LT, solves an equally basic problem: how to move a desktop without powering it down. The HotPlug allows cops to seize machines without powering them down by switching power to a UPS, using some interesting power-management voodoo. The investigator simply plugs the HotPlug into the computer's powerstrip, and then unplugs the strip and plugs it into the UPS -- and takes the whole system away. If the machine is plugged directly into the wall, WiebeTech also has options for directly piercing the power cable or hijacking the outlet itself. Bottom line: the Man's getting your machine, like it or not. Peep a vid of the HotPlug in action after the break.
SubRosaSoft's MacLockPick extracts personal info from OS X
While actually picking locks is no large task these days, cracking into one's highly encrypted information in OS X could prove problematic if the culprit had something to hide. SubRosaSoft's USB key purportedly allows "law enforcement professionals to perform live forensics on Mac OS X systems," and once the software on the included drive is ran, it automatically extracts data from the Apple Keychain and system settings to "provide the examiner fast access to the suspect's critical information with as little interaction or trace as possible." The program then compiles the details into a database and stores it back on the drive's internal memory, which can supposedly be read back on Windows, Linux, or OS X machines at base. Before the devious ones in the crowd get too excited, though, we should probably warn you that interested consumers will be forced to "provide proof that they are a licensed law enforcement professional," and even then, it will run you anywhere between $399.95 to $499.95 depending on your exact profession. But hey, we're sure you know a private investigator or police officer who can hook you up, right?[Via DragonSteelMods]
WiebeTech CD/DVD Imager a godsend to pirates, forensic analysts
Because we can't seem to get enough of robots, so how about we show you one that actually does something useful? Too boring, you say? What if we handed you a stack of 50 DVDs and CDs and told you to rip the image, archive 'em and, while you're at it, take a picture of each label. Now you want a robot to lord over, don't you? Lucky for you, our favorite Kansas hard drive maker and friend of forensics analysts everywhere, James Wiebe has come to your rescue with the WiebeTech CD/DVD Imager. So remember kids, this new bot may not be as fun to say as the robotic "welly wanger", but it's probably a bit more practical if you're about to fire off a few hundred copies of your latest tape (on CD) and can front the $2399 one of these will set you back.[Via MacMinute]
