Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!
|
 funegi
Stranger
 
Registered: 04/14/11
Posts: 224
Loc: lat: right, long: hi
Last seen: 3 minutes, 44 seconds
|
 evidence on computers (how does this work?)
#15787471 - 02/10/12 06:17 AM (3 months, 17 days ago) |
|
|
you always hear on the news that the authorities find evidence on people's computers.
for instance, the powell case right now, certain pornographic images were "found on his computer" that lead authorities to recomend psycho-sexual evaluation.
Please help me understand how this works. is this saved information/files on the hard drive? or can this information be retrieved even if its not saved on the hard drive? I mean, is the "in private browsing" feature just a joke if a forensic computer expert wants to find out what sites a computer has accessed?
or is it as simple as the fact that the people we hear about on the news are actually stupid enough to save such crazy shit on their computers.
Thanx for any input. I am just curious and ignorant to some of this stuff.
|
 koraks
Registered: 06/02/03
Posts: 16,174
|
Re: evidence on computers (how does this work?) [Re: funegi]
#15787473 - 02/10/12 06:20 AM (3 months, 17 days ago) |
|
|
Usually it's just saved information that can be accessed without any additional matters. Sometimes it's hidden or encrypted, but not well enough. And sometimes it's just temporary/cached files, yes.
|
 Ribkage
Isnt Real
Registered: 06/02/10
Posts: 107
Loc: CT
Last seen: 1 hour, 11 minutes
|
Re: evidence on computers (how does this work?) [Re: koraks]
#15787488 - 02/10/12 06:27 AM (3 months, 17 days ago) |
|
|
Even when somethings been deleted its not gone. Its just invisible till over written by something else. Which is why you have those deletion recovery programs in case of accidental deletion of something important to you.
|
cinic
Registered: 02/04/12
Posts: 586
Last seen: 8 days, 17 hours
|
Re: evidence on computers (how does this work?) [Re: Ribkage]
#15787504 - 02/10/12 06:33 AM (3 months, 17 days ago) |
|
|
Probably found some
real sadistic bdsm rape
shit that triggered the eval.
|
funegi
Stranger
Registered: 04/14/11
Posts: 224
Loc: lat: right, long: hi
Last seen: 3 minutes, 44 seconds
|
Re: evidence on computers (how does this work?) [Re: cinic]
#15787530 - 02/10/12 06:50 AM (3 months, 17 days ago) |
|
|
i have heard that data is never really ever deleted to where it can't be recovered. that i get.
and yes, cinic, it was some kind of incestuous animated porn that was found on this guy's computer. Was he that stupid to download/save that kind of stuff on his computer given the mess he was involved in?
anyway, thanks for the input.
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,195
Loc: Caribbean
Last seen: 46 minutes, 19 seconds
|
Re: evidence on computers (how does this work?) [Re: funegi]
#15788289 - 02/10/12 10:45 AM (3 months, 17 days ago) |
|
|
> Was he that stupid to download/save that kind of stuff
Save doesn't matter... access is enough. Most people are unaware how much is saved on their computer, through normal usage, without them explicitly hitting the 'save' button. I'm qualified as an expert witness in the area of computer forensics, data backup and recovery, and computer security with the US courts. I've testified in everything from child pornography cases to murder cases. Trust me, if you access the data, there is most likely a record of it on your computer somewhere.
--------------------
Just another spore in the wind.
|
funegi
Stranger
Registered: 04/14/11
Posts: 224
Loc: lat: right, long: hi
Last seen: 3 minutes, 44 seconds
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15789330 - 02/10/12 04:03 PM (3 months, 16 days ago) |
|
|
wow!!! thats some crazy shit!
|
snoot
>:_
Registered: 01/30/05
Posts: 8,623
Loc: 45º parallel 
Last seen: 10 hours, 22 minutes
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15791794 - 02/11/12 07:47 AM (3 months, 16 days ago) |
|
|
Quote:
Seuss said:
> Was he that stupid to download/save that kind of stuff
Save doesn't matter... access is enough. Most people are unaware how much is saved on their computer, through normal usage, without them explicitly hitting the 'save' button. I'm qualified as an expert witness in the area of computer forensics, data backup and recovery, and computer security with the US courts. I've testified in everything from child pornography cases to murder cases. Trust me, if you access the data, there is most likely a record of it on your computer somewhere.
Where are the places that most people over look? I mean 'Private Browsing' on most web browsers is a joke, but I mean one should be able to configure their behavior and software to really minimalize the evidence one has on his computer in relation to whatever the crime may be. Caches? Logs?
--------------------
∞
I am incapable of conceiving infinity, and yet I do not accept finity.
- Simone de Beauvoir -
doja designs
|
MZA
Stranger
Registered: 09/26/09
Posts: 147
Loc: FL
Last seen: 6 days, 7 hours
|
Re: evidence on computers (how does this work?) [Re: snoot]
#15792845 - 02/11/12 12:53 PM (3 months, 16 days ago) |
|
|
Usually it's files that are present on their hard drive or browsing history. Every once in a while computer forensics will scan the deleted files, but this is rare. You can get "shredding" programs that will delete a file then write over that memory sector with gibberish, erase the gibberish and repeat several times. This makes recovering the deleted file intact impossible. Private Browsing is handy because at the end of the session it erases your browsing history, cookies, and other temporary internet files, even though the latter 2 are recoverable using forensics for a certain amount of time. And in very rare cases, they can subpoena your ISP for your full recent browsing history, whether or not you used private browsing. Certain types of proxies will help encrypt that information though, making their job harder.
--------------------
My high's takin' signs and the shit's about to kick
I'm gaspin' for air, my vision disappears,
I'm blinkin' and I'm thinkin'--Yeah!
Waiting for the sun on a Spanish caravan
Solar eclipse and I feel like starin' man
Who's that man in the windowpane
Got somethin' on his tongue and it's startin' to stain
|
DieCommie
El Guapo
Registered: 12/11/03
Posts: 22,835
Loc: Street of Dreams
|
Re: evidence on computers (how does this work?) [Re: MZA]
#15792855 - 02/11/12 12:57 PM (3 months, 16 days ago) |
|
|
AFAIK you can use True Crypt and a dummy operating system and no law enforcement official will be able to read anything off of your hard drive. But of course you leave traces of your activity on other hard drives when you browse the net.
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,195
Loc: Caribbean
Last seen: 46 minutes, 19 seconds
|
Re: evidence on computers (how does this work?) [Re: snoot]
#15793642 - 02/11/12 04:04 PM (3 months, 15 days ago) |
|
|
> Where are the places that most people over look?
The most common one is the swap file (page file). This is part of the OS where virtual memory is mapped to space on the hard drive. When you turn off your computer, the page file (typically) does not get cleared. Somebody that knows what they are doing can go in and look at the page file and find snippets of data left over from various programs that you were running. Depending upon the size of the working set, data can hang out in the page file for a long time before being overwritten.
Another common mistake is assuming that deleted files are actually deleted. They are simply marked as deleted. The data in the files is still on the drive until something else comes along and overwrites it. Couple this with "private browsing" and clearing your cache, and you start to see another common place where people think they are clear, but they are not. Unless your browser overwrites the cache files and other data files when you clear your private data, your private data isn't really gone.
--------------------
Just another spore in the wind.
|
imachavel
Stranger
Registered: 06/06/07
Posts: 5,619
Loc: Florida - not listed
Last seen: 3 hours, 29 minutes
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15795277 - 02/11/12 09:34 PM (3 months, 15 days ago) |
|
|
when you partition a drive in linux, the swap file space is set by the user(usually) how is this done with windows? Usually the partitions are just labeled as they are.
DISKPART> select disk 0
Disk 0 is now the selected disk.
DISKPART> list partition
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 114 GB 101 MB
well never mind. I never actually tried that. Well maybe I have. So the static library of files in windows is known as dynamic link library, it's how c uses I believe one set of files instead of an entire library. Whoops! Don't mean to get off topic.
I'm curious with windows as to how to use a ram stick or ssd as a swap drive. But then I've never assigned an ssd as a swap drive when installing any OS, I would assume the only real reason for that, is that ssd's are generally more expensive, therefore if you buy one with limited memory space, it'd be wiser to use it for swap. Although I would much think that is a waste, SSD's, while not guaranteed to keep processing cache and speed at full potential while running for example multiple vdi, vhd, vmdks, etc. Of course because having faster hard drive read write caching is not guaranteeing the processor won't bottle neck. None the less while not guaranteed to keep your pc at top performance while running a thousand processes, ssds are quite fast, using an ipad is actually quite a very nice experience.
I would personally never want to use an ssd just for swap space, to me it would be a waste of time, like installing raid 0 just to get faster boot. But then, I'm stubborn, I would rather have a linux OS on a pc creating a dhcp network and use 5 windows computers, and take the time to re write the samba.conf to make it work, then spend $350 on windows server 2008, just because of active directory features, and have to use constant security updates and patches to keep it working.
I'm not saying running apache as a back end on a dell is a bad idea as opposed to php or sql, and running a web site off local host with windows. I'm just saying why bother with constant Malware, defragmentation, chkdsk, cache cleaning etc.? If people want a simple interface that will work for them, guaranteed customer support for things like activation keys, then go with windows. Is learning to remove a virus from a file system very important? Sure, for a network admin. For an end user windows gives you something, an interface that is very familiar.
Maybe I've just gotten spoiled by linux. It does have a complex command line, and maybe unity is a bit of a painful gui compared to old fashioned gnome, or the windows gui for that matter. But despite constant concern from people that linux can and will get a virus, I have never seen one. Also the file system on a seperate partition can be accessed from root folder, for better data recovery, no activation key. The only down side I can see to using linux, is an interface that one might not think is so pretty. And a video library api that is based on old opengl and doesn't really keep up with directx. Although that doesn't really prevent someone from hooking up an hdmi monitor and using it with full resolution.
Well, didn't mean to derail this. I'm just surprised by how different the waters of windows are compared to the waters of linux. At first linux is painful to re learn the same concepts as windows, drivers and codec libraries, etc. it seems un familiar and as difficult to do complex tasks with either OS. But the fact that Linux seems so reliable time after time performing a task compared to windows, is a big factor in why I like it so much. Familiarity and lack of marketing is a big factor on why people rarely use it, otherwise it'd be much more popular. I'm amazed windows is even still around. Although I'll admit to someone who buys a new computer, and doesn't want to venture into new things, and thinks that setting up mail client with incoming and outgoing pop and smtp settings is going to be a challenge for some reason compared to windows, and doesn't want to waste an activation key that they paid for that came with the computer, I would seriously understand not wanting to download an .iso of linux, burn it, reformat or use existing format, and reinstall a brand new OS. I'd probably have a hard time installing linux through the windows gui if I bought a new computer, as a windows activation key is a precious thing if anyone knows what a pain in the ass it can be to get a new one.
I've heard from various people that when you install linux through the windows GUI just loading the cd files, it creates a new partition. Recently I believe it was corrected that that was very incorrect, that what that does is load and install it virtually somehow. Then I've never used that method, and haven't tried installing it that way, then rebooting to see if a separate OS install is available in grub, I always did it the old fashioned way, brand new partition, one OS in each. I must admit, windows is a pain in the ass to use with grub, I've found that with windows, that damn boot flag just really doesn't like being changed in any way shape or form, installing windows, then Linux on a separate partition, then having to 'activate' the partition, just seems like a HUGE mistake as it can possibly chance the boot flag
Once again the Linux file system comes to the rescue, boot repair disk seems to fix master boot record and grub issues very efficiently, much more effective then using the windows disk, loading recovery console, and trying things such as fixmbr. I respect windows so much for being so available, it's great for simple office stuff, dual display. I think widows is great for ACCESSING files on another computer  but other wise I think it's an insult to the industry, to re write the gui api every 3 or 4 years, add some new security registry folders and values, and use the same existing ms dos back end and calling it a brand new OS.
And funny enough, many people seem to think it's a superior OS. Nothing superior about constant driver issues. At the very least, even if it was ADEQUATE, does it make sense that an OS is only as ADEQUATE as another, when it's created and managed by a company that is worth dozens of billions of dollars, to be compared to an OS that is completely free? Not including red hat of course, but the red hat kernel is so similar to any other linux distro, it is very likely that any system admin familiar with red had can use another linux distro just as well for basically the same purposes.
|
imachavel
Stranger
Registered: 06/06/07
Posts: 5,619
Loc: Florida - not listed
Last seen: 3 hours, 29 minutes
|
Re: evidence on computers (how does this work?) [Re: DieCommie]
#15795307 - 02/11/12 09:40 PM (3 months, 15 days ago) |
|
|
Quote:
DieCommie said:
AFAIK you can use True Crypt and a dummy operating system and no law enforcement official will be able to read anything off of your hard drive. But of course you leave traces of your activity on other hard drives when you browse the net.
no shit. But if you reformat then when the OS is reinstalled, you will obtain a brand new public i.p. will you not? Or is the public i.p. leased to your modem that easy to trace no matter what pc you use on an internet dns server? There are several different encryption options, I'm not sure with True Crypt if changing a jumper setting, resetting the bios by removing and replacing the cmos battery, or taking the hd out and using it in another pc, will remove the encryption pass phrase. I know in some instances that just isn't possible, for example I believe intel v pro encryption since the encryption pass phrase is stored somewhere in bios settings with java code, when you remove the HD all your data on the drive is crap because the drive is formatted so once it loads, it has some encryption key that is supposed to be read by particular bios settings. Removing the HD of a hard drive, encrypted on a main board with v pro technology, is supposed to completely make the data unreadable, you basically have static garbage to read if you try and transplant the HD. v pro is great for many things not just managing a computer remotely by connecting through a network and accessing settings on a main board that don't exist on other main boards. Not saying I know a lot about it.
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,195
Loc: Caribbean
Last seen: 46 minutes, 19 seconds
|
Re: evidence on computers (how does this work?) [Re: imachavel]
#15796295 - 02/12/12 04:44 AM (3 months, 15 days ago) |
|
|
> how is this done with windows?
There is a file (pagefile.sys), usually located/hidden on C:\, that is used for the same thing.
--------------------
Just another spore in the wind.
|
iateshaggy
i haxor 360s
Registered: 05/20/05
Posts: 4,009
Loc: 612 Warf Avenue, next to....
Last seen: 21 hours, 5 minutes
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15796758 - 02/12/12 08:18 AM (3 months, 15 days ago) |
|
|
i remember reading a few years ago about the discovery of some "super hidden" files that store everything ie and outlook does. if memory serves me correct, the only way to axx those files was to boot the pc into dos and enter a very complicated series of commands.
--------------------
You are a filipina sex goddess who wants to fuck me until I fall asleep, so then you can tickle my balls and see if the legend of my diamond filled nutsuck is true. I am a white man from costa rica, who smells like lime jello.
I can flash/jtag/repair 360's, pm for details.
|
MZA
Stranger
Registered: 09/26/09
Posts: 147
Loc: FL
Last seen: 6 days, 7 hours
|
Re: evidence on computers (how does this work?) [Re: imachavel]
#15798252 - 02/12/12 02:20 PM (3 months, 14 days ago) |
|
|
Quote:
imachavel said:
Quote:
DieCommie said:
AFAIK you can use True Crypt and a dummy operating system and no law enforcement official will be able to read anything off of your hard drive. But of course you leave traces of your activity on other hard drives when you browse the net.
no shit. But if you reformat then when the OS is reinstalled, you will obtain a brand new public i.p. will you not? Or is the public i.p. leased to your modem that easy to trace no matter what pc you use on an internet dns server?
No, reformatting and reinstalling an OS will not change your IP. Your IP is assigned from a specific range, usually in order of availability. 2 different computers who are on the same network at different times may have the same IP address.
If you want to appear as if you are browsing from a completely different computer, you can change your MAC address (physical address). You can change the address in the Windows registry, or just download one of the several programs out there that will generate a new one for you. Or you could even use a cheap USB network adapter that can be thrown away if you don't want to leave a trace. But you would also have to uninstall the drivers afterwards and run a registry cleaner.
Your MAC address isn't visible to the public but is sometimes gathered by certain applications for identification purposes (like iTunes). Your ISP will be able to see your MAC address in their logs, so even though they know the computer was on your network, it appears to a different computer.
--------------------
My high's takin' signs and the shit's about to kick
I'm gaspin' for air, my vision disappears,
I'm blinkin' and I'm thinkin'--Yeah!
Waiting for the sun on a Spanish caravan
Solar eclipse and I feel like starin' man
Who's that man in the windowpane
Got somethin' on his tongue and it's startin' to stain
|
funegi
Stranger
Registered: 04/14/11
Posts: 224
Loc: lat: right, long: hi
Last seen: 3 minutes, 44 seconds
|
Re: evidence on computers (how does this work?) [Re: MZA]
#15798302 - 02/12/12 02:28 PM (3 months, 14 days ago) |
|
|
wow,again, WOW! you guys never fail to comethrough w/great info. Some smart as mofos up in here! thanks guys. although its mostly all greek to me i think ive learned a lot. (now back to my drug and pron browsing)
|
nooneman
Stranger
Registered: 04/24/09
Posts: 2,897
|
Re: evidence on computers (how does this work?) [Re: funegi]
#15798307 - 02/12/12 02:29 PM (3 months, 14 days ago) |
|
|
If you use whole harddrive encryption with something like truecrypt and a password over 20 characters long they'll never, ever, ever have access to it unless you give them the password. They can apparently legally force you to give them your password, but you can just say you forgot it, or just give them the finger and take whatever charges they throw your way.
Or maybe say that you had it written down on some paper, and if they can provide you with that paper you'd be happy to unlock your computer.
Edited by nooneman (02/12/12 02:31 PM)
|
DieCommie
El Guapo
Registered: 12/11/03
Posts: 22,835
Loc: Street of Dreams
|
Re: evidence on computers (how does this work?) [Re: nooneman]
#15798447 - 02/12/12 02:52 PM (3 months, 14 days ago) |
|
|
Quote:
nooneman said:
If you use whole harddrive encryption with something like truecrypt and a password over 20 characters long they'll never, ever, ever have access to it unless you give them the password. They can apparently legally force you to give them your password, but you can just say you forgot it, or just give them the finger and take whatever charges they throw your way.
Or maybe say that you had it written down on some paper, and if they can provide you with that paper you'd be happy to unlock your computer.
Thats the purpose of using a dummy operating system. They can tell the hard drive is encrypted by the boot header, but they cannot tell what is in it. TrueCrypt allows you to install an operating system that gets accessed with a different password. You can set up that operating system, put some incriminating but legal things on it to justify your use of encryption (like gay porn or naked pictures). Then keep your incriminating and illegal things on your main operating system.
Under duress you give the password to your dummy OS and they cannot tell that you have other incriminating stuff encrypted on there.
|
5HTSynaptrip
Dopamine Enthusiast
Registered: 09/14/08
Posts: 3,824
Loc: Ohio
Last seen: 3 days, 3 hours
|
Re: evidence on computers (how does this work?) [Re: DieCommie]
#15799038 - 02/12/12 04:34 PM (3 months, 14 days ago) |
|
|
Data can be extracted even though you deleted it, as was previously stated. DoD wiping procedures used by software, like BCWipe Total Wipeout, are a tad overkill. I can't remember the guys name, but he works for various govt. agencies to recover data off hard drives, and he said that one pass of zeros on every sector makes it pretty much impossible to get anything off the disks. If you have a solid state drive, it's much easier to wipe and hdparm itself only takes about 1-3 seconds. There is no recoverable data after hdparm, and you can even wipe DCO/HPA's.
--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
 
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,195
Loc: Caribbean
Last seen: 46 minutes, 19 seconds
|
Re: evidence on computers (how does this work?) [Re: MZA]
#15801627 - 02/13/12 02:34 AM (3 months, 14 days ago) |
|
|
> Your ISP will be able to see your MAC address in their logs
MAC addresses don't route. Depending upon what you have between you and your ISP, it is unlikely that the ISP will see anything beyond the MAC address of your gateway router.
> Under duress you give the password to your dummy OS and they cannot tell that you have other incriminating stuff encrypted on there.
Unless they notice that you have a very large drive and a very small OS partition... If I am analyzing a drive, this will stick out like a sore thumb. The first thing I do is make a forensic image of the drive to another drive. Because of this, the first thing I check is the drive size so that I can purchase a duplicate drive that is large enough to hold the data. After I make a copy, I look at the partition table(s) and boot sectors to determine what type of OS, partitions and sizes, filesystems, etc, are on the drive. Oddness here will definitely spike my interest.
> and hdparm itself only takes about 1-3 seconds.
I've found that to completely reset SDD cells back to factory default takes about a minute per GB using security-erase via hdparm. Unfortunately, most BIOS block ATA security-erase, so you have to go through a bit of extra effort to make this work.
--------------------
Just another spore in the wind.
|
imachavel
Stranger
Registered: 06/06/07
Posts: 5,619
Loc: Florida - not listed
Last seen: 3 hours, 29 minutes
|
Re: evidence on computers (how does this work?) [Re: MZA]
#15802348 - 02/13/12 09:36 AM (3 months, 14 days ago) |
|
|
if the mac address is stored in the registry, then the i.p. address is as well. Man sometimes I amaze myself with such silly ness. Did I ask that?
I think I was trying to be more specific, and you answered my question. The mac address is stored in the registry. So reformatting and re installing the OS will wipe out and create new registry entries, therefore a new i.p. address will have to be requested. What I was asking was if the public i.p. address would change. If the mac address of the computer will change, then a new public i.p. must surely be given out as well 
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,195
Loc: Caribbean
Last seen: 46 minutes, 19 seconds
|
Re: evidence on computers (how does this work?) [Re: imachavel]
#15802385 - 02/13/12 09:48 AM (3 months, 14 days ago) |
|
|
> The mac address is stored in the registry.
The MAC address comes from hardware. It might be stored in the Windows registry, but there is no real reason for it to be.
> So reformatting and re installing the OS will wipe out and create new registry entries, therefore a new i.p.
It completely depends upon how the computer acquires an IP address. I often use DHCP to hand out IP addresses based upon the MAC address of the computer. In this case, you will always have the same IP address, even after an fresh install.
> If the mac address of the computer will change
The MAC address is like a hardware serial number tied to a network interface. Unless you change the network hardware (ethernet card, etc), or forge the address, they don't change.
> then a new public i.p. must surely be given out as well
Wrong.
--------------------
Just another spore in the wind.
|
iateshaggy
i haxor 360s
Registered: 05/20/05
Posts: 4,009
Loc: 612 Warf Avenue, next to....
Last seen: 21 hours, 5 minutes
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15803270 - 02/13/12 01:19 PM (3 months, 14 days ago) |
|
|
on a side note, where i live, we are forced to clone our mac addy to the router or the isp (cox) wont let us on their network. not really a hard thing to dummy, but something to remember.
--------------------
You are a filipina sex goddess who wants to fuck me until I fall asleep, so then you can tickle my balls and see if the legend of my diamond filled nutsuck is true. I am a white man from costa rica, who smells like lime jello.
I can flash/jtag/repair 360's, pm for details.
|
DieCommie
El Guapo
Registered: 12/11/03
Posts: 22,835
Loc: Street of Dreams
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15803838 - 02/13/12 03:24 PM (3 months, 13 days ago) |
|
|
Quote:
Seuss said:
> Under duress you give the password to your dummy OS and they cannot tell that you have other incriminating stuff encrypted on there.
Unless they notice that you have a very large drive and a very small OS partition... If I am analyzing a drive, this will stick out like a sore thumb. The first thing I do is make a forensic image of the drive to another drive. Because of this, the first thing I check is the drive size so that I can purchase a duplicate drive that is large enough to hold the data. After I make a copy, I look at the partition table(s) and boot sectors to determine what type of OS, partitions and sizes, filesystems, etc, are on the drive. Oddness here will definitely spike my interest.
I dont think you need a small OS partition. From my limited knowledge on it, you will see my partition of the whole disk. The junk data that is actually the real OS is contained in that same partition.
http://www.truecrypt.org/docs/?s=hidden-volume
??
|
MZA
Stranger
Registered: 09/26/09
Posts: 147
Loc: FL
Last seen: 6 days, 7 hours
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15804167 - 02/13/12 04:23 PM (3 months, 13 days ago) |
|
|
Quote:
Seuss said:
> Your ISP will be able to see your MAC address in their logs
MAC addresses don't route. Depending upon what you have between you and your ISP, it is unlikely that the ISP will see anything beyond the MAC address of your gateway router.
I thought that ISPs could block use from a specific computer's MAC address? Blocking a router's MAC address doesn't seem very practical, wouldn't they just shut down the user's account? And I know that MAC addresses don't route, but I'm pretty sure your router gets information about the MAC addresses that are connected to it, I don't see why the ISP wouldn't grab this info as well.
--------------------
My high's takin' signs and the shit's about to kick
I'm gaspin' for air, my vision disappears,
I'm blinkin' and I'm thinkin'--Yeah!
Waiting for the sun on a Spanish caravan
Solar eclipse and I feel like starin' man
Who's that man in the windowpane
Got somethin' on his tongue and it's startin' to stain
|
5HTSynaptrip
Dopamine Enthusiast
Registered: 09/14/08
Posts: 3,824
Loc: Ohio
Last seen: 3 days, 3 hours
|
Re: evidence on computers (how does this work?) [Re: Seuss]
#15805341 - 02/13/12 07:30 PM (3 months, 13 days ago) |
|
|
Quote:
Seuss said:
I've found that to completely reset SDD cells back to factory default takes about a minute per GB using security-erase via hdparm. Unfortunately, most BIOS block ATA security-erase, so you have to go through a bit of extra effort to make this work.
I've done the secure ATA erase probably 5 times total on my two SSD's, and it has always completed almost immediately after initiating the command. It's obviously different for SSD's, but I thought the secure erase caused the NAND to be affected by a certain voltage that essentially wipes the cells in a second or two.
edit: Yeah, the frozen status from the BIOS can be a problem for laptops, but if you simply unplug the power prior to the POST you're good to go. The HAF X for instance has a quick-swap, two drive bay that allows you to easily disconnect the molex from the PCB. Takes a few seconds either way if you have access to the cable powering the drive.
--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
Edited by 5HTSynaptrip (02/13/12 07:32 PM)
| |
|
|
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, Diploid, koraks, automan, johnm214
359 topic views. 0 members, 8 guests and 1 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic ]
| | |
|
|
|
Previous
Index
Next
Threaded
Edit 
Reply 
