- js reader version
- view hidden posts
- tags and related articles
Friday, May. 25, 2007 at 7:59 AM
I spent today dressed up in my monkey incognito suit at the 2007 ISSA Symposium in Phoenix. There were lots of great presentations and interesting security folks to exchange information with.
One presentation was particularly informative and a bit humorous for me.
The information was presented by an FBI Special Agent on the basics of forensics. It was a very good summary - however the best part was the questions asked afterward. This is the part that made me chuckle (those of you that know how I feel about encountering encryption during an investigation know why I'm laughing).
This is a paraphrase of the conversation from my memory and the notes that I made on a drink napkin (that will teach me to not bring my laptop).
Attendee: "How do you deal with encrypted media and information during an investigation?"
Special Agent: *grimaces*
Special Agent: "For the most part encryption is a dead end for us, unless the evidence deals with a matter of National Security / Terrorism."
Attendee: "So what do you do if it involves National Security?"
Special Agent: "We don't work on it. We send it to a sister agency *cough* NSA *cough* that takes care of that for us. They have no problem dealing with such things."
Let me put this into perspective for you all based on the SA's other comments:
1) If an attacker breaks into your systems and encrypts all of your data and the damage is greater than 0k, they'll investigate but they won't recover your data. You are $%@! out of luck.
2) If you're a warez kiddy, KP connoisseur, or gang member and you encrypt your stuff and don't leave the passphrase in an easily recoverable place (and they don't recover the passphrase via social engineering or interviewing techniques), they aren't going to attempt to break your encryption.
3) If you're a terrorist, or threatening the President, or building a dirty bomb... your encrypted data will be put on a special plane and flown to the NSA in a matter of hours. It will be broken. You will be prosecuted/tortured/shot/mysteriously disappear. :-)~
Some other comments that were interesting:
The FBI still has their "mega contract" with Microsoft. They have infinite Microsoft resources to help them figure out how to get to your stuff if you've used a Microsoft encryption solution.
The FBI has particular trouble with Apple's Filevault encryption if the passphrase is of "excellent" quality. That tells me they have thousands of monkeys doing brute-force attempts on filevault sparseimage files. Interesting.
These comments made me feel better.
It would appear that I'm not the only one that gets rather pissed off when I find an encrypted file or filesystem during a forensic investigation - but I drink much better coffee.
* * * * *
Report this post as:
LATEST COMMENTS ABOUT THIS ARTICLE
Listed below are the 10 latest comments of 2 posted about this article.
These comments are anonymously submitted by the website visitors.
|does not compute
||Friday, May. 25, 2007 at 3:07 PM
||you need proof?
||Friday, May. 25, 2007 at 3:36 PM
GUIDE TO REBEL CITY LOS ANGELES AVAILABLE
lausd whistle blower
Help KCET and UCLA identify 60s-70s Chicano images
UCLA Luskin: Casting Youth Justice in a Different Light
Change Links April 2018
Nuclear Shutdown News March 2018
Join The Protest Rally in Glendale on April 10, 2018!
Join The Protest Rally in Glendale on April 10, 2018!
Spring 2018 National Immigrant Solidarity Network News Alert!
Anti-Eviction Mapping Project Shows Shocking Eviction Trends in L.A.
Steve Mnuchin video at UCLA released
Actress and Philanthropist Tanna Frederick Hosts Project Save Our Surf Beach Clean Ups
After Being Told He's 'Full of Sh*t' at School Event, Mnuchin Demands UCLA Suppress Video
Resolution of the Rent Strike in Boyle Heights
What Big Brother Knows About You and What You Can Do About It
Step Up As LAPD Chief Charlie Beck Steps Down
Our House Grief Support Center Hosts 9th Annual Run For Hope, April 29
Don’t let this LA County Probation Department overhaul proposal sit on the shelf
Echo Park Residents Sue LA Over Controversial Development
Former Signal Hill police officer pleads guilty in road-rage incident in Irvine
Calif. Police Accused of 'Collusion' With Neo-Nazis After Release of Court Documents
Center for the Study of Political Graphics exhibit on Police Abuse posters
City Agrees to Settle Lawsuit Claiming Pasadena Police Officer Had His Sister Falsely Arre
Professor's Study Highlights Health Risks of Urban Oil Drilling
Claims paid involving Pasadena Police Department 2014 to present
Pasadenans - get your license plate reader records from police
LA Times Homicide Report
More Local News...
Biodiversité ou la nature privatisée
The Market is a Universal Totalitarian Religion
Book Available about Hispanics and US Civil War by National Park Service
The Shortwave Report 04/20/18 Listen Globally!
The Republican 'Prolife' Party Is the Party of War, Execution, and Bear Cub Murder
Paraphysique de la dictature étatique
Book Review: "The New Bonapartists"
The West Must Take the First Steps to Russia
Théorie générale de la révolution ou hommage à feu Mikhaïl Bakounine
The Shortwave Report 04/13/18 Listen Globally!
“Lost in a Dream” Singing Competition Winner to Be Chosen on April 15 for ,000 Prize!
The World Dependent on Central Banks
Ohio Governor Race: Dennis Kucinich & Richard Cordray Run Against Mike DeWine
March 2018 Honduras Coup Again Update
Apologie du zadisme insurrectionnel
ICE contract with license plate reader company
Black Portraiture(S) IV: The Color of Silence...Cuba No...Cambridge Yes
Prohibiting Micro-Second Betting on the Exchanges
Prosecutors treat Muslims harsher than non-Muslims for the same crimes
Amy Goodman interview on cell phone safety
Mesa, Arizona police officer kills unarmed white man
Israeli leaders should be prosecuted for war crimes
Paraphysique de l'autorité
Two Podcasts on fbi corruption
Fbi assassins assault & try to kill DAVID ATKINS
EPA Head Scott Pruitt: Of Cages And Sirens
More Breaking News...