evidence on computers (how does this work?) - Science, Technology & Computers

Home | Community | Message Board

You are not signed in.
New Account

Forum Index Search Posts Best Posts Active Topics Galleries FAQ User List Calendar Chat Store Random Growery

General Interest >> Science, Technology & Computers

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Pages: < Back | 1 | 2 [ show all ]

Seuss
Error: divide byzero

Registered: 04/27/01
Posts: 23,195
Loc: Caribbean
Last seen: 46 minutes, 15 seconds

Re: evidence on computers (how does this work?) [Re: MZA]
#15801627 - 02/13/12 02:34 AM (3 months, 14 days ago)

> Your ISP will be able to see your MAC address in their logs

MAC addresses don't route. Depending upon what you have between you and your ISP, it is unlikely that the ISP will see anything beyond the MAC address of your gateway router.

> Under duress you give the password to your dummy OS and they cannot tell that you have other incriminating stuff encrypted on there.

Unless they notice that you have a very large drive and a very small OS partition... If I am analyzing a drive, this will stick out like a sore thumb. The first thing I do is make a forensic image of the drive to another drive. Because of this, the first thing I check is the drive size so that I can purchase a duplicate drive that is large enough to hold the data. After I make a copy, I look at the partition table(s) and boot sectors to determine what type of OS, partitions and sizes, filesystems, etc, are on the drive. Oddness here will definitely spike my interest.

> and hdparm itself only takes about 1-3 seconds.

I've found that to completely reset SDD cells back to factory default takes about a minute per GB using security-erase via hdparm. Unfortunately, most BIOS block ATA security-erase, so you have to go through a bit of extra effort to make this work.

--------------------
Just another spore in the wind.

Post Extras:

imachavel
Stranger

Registered: 06/06/07
Posts: 5,619
Loc: Florida - not listed
Last seen: 3 hours, 29 minutes

Re: evidence on computers (how does this work?) [Re: MZA]
#15802348 - 02/13/12 09:36 AM (3 months, 14 days ago)

if the mac address is stored in the registry, then the i.p. address is as well. Man sometimes I amaze myself with such silly ness. Did I ask that?

I think I was trying to be more specific, and you answered my question. The mac address is stored in the registry. So reformatting and re installing the OS will wipe out and create new registry entries, therefore a new i.p. address will have to be requested. What I was asking was if the public i.p. address would change. If the mac address of the computer will change, then a new public i.p. must surely be given out as well :cool:

Post Extras:

Seuss
Error: divide byzero

Registered: 04/27/01
Posts: 23,195
Loc: Caribbean
Last seen: 46 minutes, 15 seconds

Re: evidence on computers (how does this work?) [Re: imachavel]
#15802385 - 02/13/12 09:48 AM (3 months, 14 days ago)

> The mac address is stored in the registry.

The MAC address comes from hardware. It might be stored in the Windows registry, but there is no real reason for it to be.

> So reformatting and re installing the OS will wipe out and create new registry entries, therefore a new i.p.

It completely depends upon how the computer acquires an IP address. I often use DHCP to hand out IP addresses based upon the MAC address of the computer. In this case, you will always have the same IP address, even after an fresh install.

> If the mac address of the computer will change

The MAC address is like a hardware serial number tied to a network interface. Unless you change the network hardware (ethernet card, etc), or forge the address, they don't change.

> then a new public i.p. must surely be given out as well

Wrong.

--------------------
Just another spore in the wind.

Post Extras:

iateshaggy
i haxor 360s

Registered: 05/20/05
Posts: 4,009
Loc: 612 Warf Avenue, next to....
Last seen: 21 hours, 5 minutes

Re: evidence on computers (how does this work?) [Re: Seuss]
#15803270 - 02/13/12 01:19 PM (3 months, 14 days ago)

on a side note, where i live, we are forced to clone our mac addy to the router or the isp (cox) wont let us on their network. not really a hard thing to dummy, but something to remember.

--------------------
You are a filipina sex goddess who wants to fuck me until I fall asleep, so then you can tickle my balls and see if the legend of my diamond filled nutsuck is true. I am a white man from costa rica, who smells like lime jello.

I can flash/jtag/repair 360's, pm for details.

Post Extras:

DieCommie
El Guapo

Registered: 12/11/03
Posts: 22,835
Loc: Street of Dreams

Re: evidence on computers (how does this work?) [Re: Seuss]
#15803838 - 02/13/12 03:24 PM (3 months, 13 days ago)

Quote:

Seuss said:

> Under duress you give the password to your dummy OS and they cannot tell that you have other incriminating stuff encrypted on there.

Unless they notice that you have a very large drive and a very small OS partition... If I am analyzing a drive, this will stick out like a sore thumb. The first thing I do is make a forensic image of the drive to another drive. Because of this, the first thing I check is the drive size so that I can purchase a duplicate drive that is large enough to hold the data. After I make a copy, I look at the partition table(s) and boot sectors to determine what type of OS, partitions and sizes, filesystems, etc, are on the drive. Oddness here will definitely spike my interest.

I dont think you need a small OS partition. From my limited knowledge on it, you will see my partition of the whole disk. The junk data that is actually the real OS is contained in that same partition.

http://www.truecrypt.org/docs/?s=hidden-volume

??

Post Extras:

MZA
Stranger

Registered: 09/26/09
Posts: 147
Loc: FL
Last seen: 6 days, 7 hours

Re: evidence on computers (how does this work?) [Re: Seuss]
#15804167 - 02/13/12 04:23 PM (3 months, 13 days ago)

Quote:

Seuss said:
> Your ISP will be able to see your MAC address in their logs

MAC addresses don't route. Depending upon what you have between you and your ISP, it is unlikely that the ISP will see anything beyond the MAC address of your gateway router.

I thought that ISPs could block use from a specific computer's MAC address? Blocking a router's MAC address doesn't seem very practical, wouldn't they just shut down the user's account? And I know that MAC addresses don't route, but I'm pretty sure your router gets information about the MAC addresses that are connected to it, I don't see why the ISP wouldn't grab this info as well.

--------------------
My high's takin' signs and the shit's about to kick
I'm gaspin' for air, my vision disappears,
I'm blinkin' and I'm thinkin'--Yeah!

Waiting for the sun on a Spanish caravan
Solar eclipse and I feel like starin' man
Who's that man in the windowpane
Got somethin' on his tongue and it's startin' to stain

Post Extras:

5HTSynaptrip
Dopamine Enthusiast

Registered: 09/14/08
Posts: 3,824
Loc: Ohio

Last seen: 3 days, 3 hours

Re: evidence on computers (how does this work?) [Re: Seuss]
#15805341 - 02/13/12 07:30 PM (3 months, 13 days ago)

Quote:

Seuss said:

I've found that to completely reset SDD cells back to factory default takes about a minute per GB using security-erase via hdparm. Unfortunately, most BIOS block ATA security-erase, so you have to go through a bit of extra effort to make this work.

I've done the secure ATA erase probably 5 times total on my two SSD's, and it has always completed almost immediately after initiating the command. It's obviously different for SSD's, but I thought the secure erase caused the NAND to be affected by a certain voltage that essentially wipes the cells in a second or two.

edit: Yeah, the frozen status from the BIOS can be a problem for laptops, but if you simply unplug the power prior to the POST you're good to go. The HAF X for instance has a quick-swap, two drive bay that allows you to easily disconnect the molex from the PCB. Takes a few seconds either way if you have access to the cable powering the drive.

--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
:awecid:

Edited by 5HTSynaptrip (02/13/12 07:32 PM)

Post Extras:

Jump to top.

Pages: < Back | 1 | 2 [ show all ]

General Interest >> Science, Technology & Computers

Similar Threads	Poster	Views	Replies	Last post
how do i network 2 computers to transfer files using cat5????	agoutihead	862	16	02/05/07 04:24 PM by Krishna
Same IP adress as another computer? HELP!!!!! ( 1 2 all )	SomeGuy	258	29	12/21/11 07:22 AM by SomeGuy
Lets put it all together: HoW tO mAkE YouR CoMPutEr SaFe???	ivi	737	15	07/18/03 10:18 AM by wingnutx
offline registry editor needed	imachavel	232	3	08/15/11 06:27 AM by imachavel
Is there anyway to backup windows XP registry from linux?	OJK	301	0	10/17/05 05:35 AM by OJK
Registry Errors	cateyes	95	6	12/11/11 06:49 PM by cateyes
I need to clear space on my computer	AlmostAsCoolAs	256	4	12/25/10 11:54 AM by flangenips
Reformating My computer. what steps would you take to protect it? ( 1 2 all )	kadakuda	1,017	25	04/05/05 08:47 PM by OJ

Extra information

You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, Diploid, koraks, automan, johnm214
358 topic views. 0 members, 7 guests and 1 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic ]

del.icio.us digg Furl MyWeb reddit StumbleUpon