Microsoft Helps Police Crack Your Computer 558
IGnatius T Foobar writes "Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that "may have been used in crimes." It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer. Just one more reason not to run Windows on your computer."
I dunno... (Score:3, Informative)
The article is extremely vague, but I don't see where this assertion came from. It sounds like they're distributing USB drives with a collection of cracking and monitoring tools; like what any self-respecting 1337 h4x0r carries around with him. If that's correct, there's no reason to think the same thing couldn't be done for Linux.
Re:What could possibly go wrong? (Score:3, Informative)
Why do you have to reverse engineer it when tools already exist?
TrueCrypt ! (Score:2, Informative)
Seriously? (Score:1, Informative)
WOW; that's a really biased summary. Here's what the article actually says:
"The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."
Between those lines, I do not see what you see...
So who needs Microsoft's device? (Score:3, Informative)
Re:Really? (Score:2, Informative)
This has already been done (Score:3, Informative)
http://tourian.jchost.net/shadow/liveusb/boot.png [jchost.net]
http://tourian.jchost.net/shadow/liveusb/memoryremenance.png [jchost.net]
http://tourian.jchost.net/shadow/liveusb/memoryremenance-filecarving.png [jchost.net]
http://citp.princeton.edu/memory/ [princeton.edu]
http://mcgrewsecurity.com/projects/msramdmp/ [mcgrewsecurity.com] (The MS isn't for microsoft)
Re:Well, why am I not surprised? (Score:1, Informative)
I've been running Windows using hardware-virtualization, under a Xen hypervisor. Currently I went the VMWare route that said (using the free [as in costing $0] 'vmplayer'). I keep a great many images/snapshots. For example now in a few days it's going to be the time to dig out an old 'pure Windows XP' install, plain fresh... To install the latest service pack (SP3). Of course as soon as SP3 shall be installed I'll make a new image/snapshot. Killing a whole system instantly is as simple as 'kill -9' (VMWare) or 'xm destroy
Nothing really new.. (Score:3, Informative)
If you are a computer forensic investigator you already have many available tools (EnCase, etc) to do the same thing, not to mention the obvious linux based free tools (Helix, etc) that let you pound away on a computer (or captured image) and get whatever you want off it.
Keeping your computer completely secure is about as practical as copyright owners keeping their data totally protected. Its always an escalating two way battle and the winner is just the one who's willing to go the farthest with it, but nothing is 100% safe.
Privacy and DRM are both doomed for the same reasons.
Get over it.
Re:This has already been done (Score:3, Informative)
Some COFEE info from an Australian L.E. Conference (Score:4, Informative)
Here is the original link if anyone wants it: http://scissec.scis.ecu.edu.au/wordpress/conference_proceedings/2006/forensics/Proceedings_Forensics2006.doc [ecu.edu.au]
If you scan down about 15% of the way down, there is a blurb about COFEE mixed in with the rest:
Interestingly, this article if from 2006. So COFEE has been around for 2 years already. Fascinating that we are just hearing about it now.
Re:Really? (Score:3, Informative)
Presumably, this has backdoors to bypass things like the Windows screen locker (which would otherwise be a major obstacle to working with live systems) built in.
Re:Flaw (Score:3, Informative)
Re:Really? (Score:4, Informative)
There is no other back door. The only possible hack is if they have auto login turned on, which basically indicates they are a retard. Technically it's possible to recover the login password once booted and auto logged in, though I have yet to see anyone figure it out, and I do look periodically. But at that point the HD is mounted anyway so all your data is there for copying to ext HD. Just no access to passwords in the keychain, (as in to recover, but you can still use them since the keychain is probably unlocked) but as above that is technically possible but not seen it done yet.
If auto login is not on, they are not logged in, you don't know the password, and you don't know the master password, nobody can help you. Not the Apple store, not Steve, it doesn't matter who you are.
Re:Really? (Score:3, Informative)
Certainly, NSA or some random botnet master would be able to recover your password in minutes if they needed to.