Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Software Privacy Security Microsoft

Microsoft Helps Police Crack Your Computer 558

IGnatius T Foobar writes "Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that "may have been used in crimes." It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer. Just one more reason not to run Windows on your computer."
This discussion has been archived. No new comments can be posted.

Microsoft Helps Police Crack Your Computer

Comments Filter:
  • Flaw (Score:5, Insightful)

    by Narpak ( 961733 ) on Tuesday April 29, 2008 @10:12AM (#23238356)
    Seems to me that if all you need to do to get full access to anyones computer (anyone running Windows that is) is a Microsoft made device; that is a serious security flaw.
    • Re:Flaw (Score:5, Funny)

      by EMeta ( 860558 ) on Tuesday April 29, 2008 @10:15AM (#23238424)
      Ah, but since the cracking device itself is made by Microsoft, it's not likely to work most of the time anyway. Just MS doing their own part to safeguarding our liberties.
    • Really? (Score:5, Insightful)

      by SatanicPuppy ( 611928 ) * <Satanicpuppy@gmai[ ]om ['l.c' in gap]> on Tuesday April 29, 2008 @10:23AM (#23238604) Journal
      No unix using a non-encrypted file system is secure if you have physical access to the machine...Why would you assume it's any different with Windows?

      I'd just boot knoppix and mount the partition. There, I have access to all the files. That goes for windows AND unix/linux.

      If you really depend on the password for anything other than stopping casual or remote access, you're just fooling yourself.
      • Re:Really? (Score:4, Interesting)

        by ozmanjusri ( 601766 ) <aussie_bob@ho[ ]il.com ['tma' in gap]> on Tuesday April 29, 2008 @10:43AM (#23238990) Journal
        I'd just boot knoppix and mount the partition.

        Police over here in WA have a special distro designed for forensics [zdnet.com.au].

      • Re: (Score:2, Informative)

        by malinha ( 1273344 )
        well, just another job to truecrypt.
      • Re: (Score:2, Funny)

        by SnapShot ( 171582 )
        It would be really funny / ironic if this "plug-in" device WAS just knoppix on a thumb drive.
      • Re:Really? (Score:4, Interesting)

        by MobileTatsu-NJG ( 946591 ) on Tuesday April 29, 2008 @10:48AM (#23239108)

        No unix using a non-encrypted file system is secure if you have physical access to the machine...Why would you assume it's any different with Windows?

        I'd just boot knoppix and mount the partition. There, I have access to all the files. That goes for windows AND unix/linux.

        If you really depend on the password for anything other than stopping casual or remote access, you're just fooling yourself.
        I just bought a Mac laptop and one of the things I ran across while I was reading about it was the File Vault. According to the really really enthusiastic article I read about it, it'll encrypt all the data on my home folder based on my login password. In theory, it sounds like even if somebody mirrored the drive, they'd have trouble (assuming the password is good...) getting at my data. I just wanted to ask: From a practical point of view, does this offer me much more protection? Or is there still some braindead easy way (short of beating the password out of me :P) that data can be recovered? Supposing it does work as advertised, am I at risk for having a single point of failure? Is there a realistic possibility of a badly timed computer freeze causing me to lose it all?
        • Re:Really? (Score:4, Interesting)

          by 0100010001010011 ( 652467 ) on Tuesday April 29, 2008 @11:08AM (#23239454)
          From what I understand, No. There are ways, but nothing this simple. Your home folder is actually one massive 128bit AES disk image. So to crackers it just looks like one big file. You could do what I do and keep stuff 'private' (Tax Returns, financial stuff) on an encrypted disk image and have the OS NOT remember the password. Plus if you forget the password you don't lose all your music and other petty stuff.

          http://en.wikipedia.org/wiki/FileVault [wikipedia.org]

          I was in an Apple store once when someone brought in their file vaulted laptop computer. They had 'forgotten' their password (Their actual story was that the OS changed the password on them). Apple Genius told them they were SOL. There are ways, but none of them are easy and most require something like cooling the RAM immediately after shutdown or catching the computer when it is sleeping.
          • Re:Really? (Score:4, Informative)

            by v1 ( 525388 ) on Tuesday April 29, 2008 @01:13PM (#23241544) Homepage Journal
            The gorey details here are that the key to the filevault is a random number, and THAT is encrypted separately in the header using two different keys - the user's hashed password, and the filevault master. So if you know the master password, OR the user password, you can decrypt the actual image key and can get in. And changing the user password does not require reencoding all the image data, you just reencode the key in the header using the new password

            There is no other back door. The only possible hack is if they have auto login turned on, which basically indicates they are a retard. Technically it's possible to recover the login password once booted and auto logged in, though I have yet to see anyone figure it out, and I do look periodically. But at that point the HD is mounted anyway so all your data is there for copying to ext HD. Just no access to passwords in the keychain, (as in to recover, but you can still use them since the keychain is probably unlocked) but as above that is technically possible but not seen it done yet.

            If auto login is not on, they are not logged in, you don't know the password, and you don't know the master password, nobody can help you. Not the Apple store, not Steve, it doesn't matter who you are.
            • Re: (Score:3, Informative)

              by megaditto ( 982598 )
              One could always brute-force the password. Pre-10.3, DES brute-forcing would take about a month on your desktop computer. Since then they changed it to blowfish or something similar, so it would take longer.

              Certainly, NSA or some random botnet master would be able to recover your password in minutes if they needed to.
        • Re: (Score:3, Insightful)

          by bill_kress ( 99356 )
          I saw a really good post that applies to this entire thread (including File Vault)

          If the NSA isn't freaking out about some kind of encryption trying to get it banned, it's because they can get into it.

          Also, the more secure you think your files are, the more likely you'll put stuff there that might interest them.
        • Re: (Score:3, Interesting)

          by TheLink ( 130905 )
          If you have a mac laptop and firewire AND are worried about people getting at your data, then maybe you should also figure out a way to disable full firewire access to your computer.

          See: http://rentzsch.com/macosx/securingFirewire [rentzsch.com]

          "Firewire provides direct memory access. So I can plug in my PowerBook into an Xserve, and arbitrarily read and write to all of the Xserve's RAM, sans any logical protection."

          "Paul claims enabling the Open Firmware password also automatically disables Firewire DMA, preventing trick
    • Re:Flaw (Score:5, Insightful)

      by gstoddart ( 321705 ) on Tuesday April 29, 2008 @10:28AM (#23238702) Homepage

      Seems to me that if all you need to do to get full access to anyones computer (anyone running Windows that is) is a Microsoft made device; that is a serious security flaw.

      And, a scary precedent.

      When the man kicks in your door, hooks up his thumb drive to your Linux box and doesn't get what he wants ... you will have committed a crime by not making your information available in a format accessible to law enforcement. Only terrorists would do that.

      The above is a deliberately absurd example. One which I fear is less far fetched than one would have previously hoped.

      Mostly, I agree with some of the other posters here ... if Microsoft can make this, that means there's a defined mechanism you can use to completely defeat any form of security in Windows. And, that's bad; someone will figure this out.

      Cheers
      • someone will figure this out.

        Someone HAS figured this out.

        At least, that's the only safe assumption you can make about any Windows box now.

      • Well, I'm sure Linux is safe. After all, it's not like you can replace parts of the kernel while the system is running or anything [slashdot.org].
        • Well, I'm sure Linux is safe. After all, it's not like you can replace parts of the kernel while the system is running or anything

          No, I'm not naively claiming Linux (or anything else is more inherently safe).

          But, given that someone will likely put this into an ActiveX control and convince people to download it like they do all of the other windows malware out there -- it will be a fairly widespread problem if/when it does become known.

          You want to hack into my FreeBSD box? You need to punch through my firew

    • Re: (Score:3, Funny)

      by esocid ( 946821 )
      Don't worry, it's Certified for Windows Vista!
    • Re: (Score:2, Interesting)

      by squallbsr ( 826163 )
      So, this must be what that hidden NSAKEY/KEY2 encryption key is for...

      _NSAKEY [wikipedia.org]
    • Re: (Score:3, Funny)

      by lattyware ( 934246 )
      Well done for saying what was clearly stated in the article, pointing out the bloody obvious, +insightful to you sir!
  • by mrbah ( 844007 ) on Tuesday April 29, 2008 @10:12AM (#23238362)
    Reverse engineering and (more) malicious usage in 3... 2... 1.
  • This works! (Score:3, Funny)

    by towelie-ban ( 1234530 ) on Tuesday April 29, 2008 @10:13AM (#23238386)
    They're already selling these online. Just check the box next to "I certify I'm a cop. Seriously, I am." and it's all yours for $19.95.
  • by NewbieProgrammerMan ( 558327 ) on Tuesday April 29, 2008 @10:13AM (#23238388)
    Cue the "if you have nothing to hide..." responses (and possibly some Hans Reiser jokes).
  • The summary and article in one word:

    FUD
    • Not this time actually.

      Fear, Uncertainty and Doubt is how they sway you away from competing products. Here they are just selling one of their own, with no mention of a competing product.
    • This is huge! Windows passwords aren't enough to secure my porn! Call the government! Call nasa! Call a lawyer! This is an outrage!

      Seriously. Does anyone here NOT know how to pull all the data off a windows machine without a password? I can think of a half-dozen ways to do it, and there is plenty of commercial software out there if you wanted to purchase some.

      If someone has physical access to your machine, it is NOT secure. This is why people use encryption.
  • How the - (Score:5, Funny)

    by Fynd ( 1132303 ) <fynd@@@msn...com> on Tuesday April 29, 2008 @10:14AM (#23238394)

    ...bypasses all of the Windows security...
    All of the Windows security - I can't even fathom how complex that device must be, that sure is a lot of security to bypass.
    • by pilgrim23 ( 716938 ) on Tuesday April 29, 2008 @10:46AM (#23239068)
      Did anyone else notice that the Microsoft spokesman's name is...Mr. (Agent?) Smith?
    • I can only imagine it's a collection of small apps and scripts that locate important files and registry values. These are already available, all over the place. Most of them are free.

      By saying it bypasses *all* security, that would include full disk encryption and somehow obtaining admin access. I find it very hard to believe that this is the case.

      I'd be real interested to see this USB key examined. There should be a bounty paid to the first person to get their hands on one.

  • This article poses a question I've always wondered about. Do most criminal investigations of the computer-related nature have experts that are well-versed in multiple operating systems? Seeing as to how this is government, I would guess the answer is "no," and that is partly why we have this... uhh... "benefit" from Microsoft to aid our investigators.

    Makes me curious as to what would happen if, for some reason, my computer were seized and the police booted up to an Ubuntu welcome screen... heh...

    • Re: (Score:3, Funny)

      by AltGrendel ( 175092 )

      Makes me curious as to what would happen if, for some reason, my computer were seized and the police booted up to an Ubuntu welcome screen... heh...

      They would probably post questions to "Ask Slashdot".

    • No.
      They'll get my FreeBSD box, fail to understand it, probably reformat the RAID drives trying to run a 'disk checker' on them. Then use this as evidence of my wrongoing.

      "He had a 'so called' open computer, that no 'normal' person can understand, breaking all Microsoft's standards and patents. It's made of Demons! burn the TERRORIST!!!"
    • They just hire consultants. It's pointless to have a bunch of computer security guys on your staff when it's a tiny minority of your crimes that are dealing with computer issues.
    • If there's a valid reason to perform a full search, they'll pay to get the job done, regardless of weather or not they can do it internally. Of course, by handling the windows case in-house, most searches can be handled internally.

      They don't just give up if they get a unix shell and let the killer go.
    • This article poses a question I've always wondered about. Do most criminal investigations of the computer-related nature have experts that are well-versed in multiple operating systems?

      From what I've seen, no. According to an FBI guy I know, as of a few years ago when the FBI found a Mac during an investigation, they shipped it to the RCMP (canadian mounties) for analysis. There is also a fairly well known computer forensics program at the university nearby (one of the largest of such programs in the country). They do cover Linux and NTFS but very sparsely. Most of the Linux stuff is about setting up a and using a Linux box as an investigative tool, not investigating other Linux machi

    • by blueg3 ( 192743 ) on Tuesday April 29, 2008 @11:45AM (#23240120)
      Yes. Most criminal investigations have experts well-versed in many operating systems. More regional departments may not have Macintosh or Unix experts, though almost all computer forensic investigators have familiarity with Unix, and would send the computer to another office. There are a lot of experts working in law enforcement, so if their case is important enough, your hardware will be shipped to an office that has an expert.

      They wouldn't boot your machine, though. They'd remove the drive, duplicate it, and then look at the duplicate through a hardware write blocker. Software would probably indicate that the majority of the disk was ext2/whatever Unix format you use partitions, and the layout of the root partition would make it fairly clear you were using a Unix variant. If they really wanted to "boot" your machine, they'd boot an image of your drive using a VM.
  • I dunno... (Score:3, Informative)

    by Otter ( 3800 ) on Tuesday April 29, 2008 @10:15AM (#23238416) Journal
    It basically bypasses all of the Windows security...

    The article is extremely vague, but I don't see where this assertion came from. It sounds like they're distributing USB drives with a collection of cracking and monitoring tools; like what any self-respecting 1337 h4x0r carries around with him. If that's correct, there's no reason to think the same thing couldn't be done for Linux.

    • Right, but what happens when that cop tries to copy c:\windows\system32 (cause IIS defaults to putting its logfiles in there) from the hard drive to the pen drive; that's what step 18 in the carefully laid out instructions say. He really doesn't want to tinker, because evidence has to be gathered a certain way, to be used in court. He got promoted from a different post last year, and has been sent to lots of training on forensics for windows systems.
  • This sounds like the ultimate exploit. MSFT is hardly going to close these security holes. I wonder when copies of this USB drive (and network-enabled variants of the attacks) will be employed by malware and botnet vendors.
  • by ConceptJunkie ( 24823 ) * on Tuesday April 29, 2008 @10:16AM (#23238444) Homepage Journal
    ...it's just one more nail in the coffin of being "allowed" to use OSS. After all, if you have nothing to hide then you have nothing to fear, and only criminals would use OSS that would allow them to evade government snooping.

    I'm sure some lobbyist is sitting with a Congressional staffer right now, explaining how requiring Windows on every computer is essential to the War on Terrorism.

    • Considering that one interpretation of the MS Windows EULA basically says that while you own the computer, you don't really own the computer... All you need is some creative lawyer to use that interpretation to say, "Well, you don't really own the box. It's just on loan to you from Microsoft. This device allows Microsoft to examine their property."
  • by Mashiara ( 5631 ) on Tuesday April 29, 2008 @10:18AM (#23238480) Homepage
    unless the hardware itself is secured and tamper-resistant enough (ie cost of successfull tampering is higher than value of data).

    This has always been true.
    • Physical access equals ownage under any OS

      Dude. Even Windows (Vista) supports encrypting your disk these days. Assuming it was turned off when seized, that does not mean your data has been compromised or is realistically recoverable, especially by your average cop shop.

  • i wish i had known about this during last months pwn to own contest.

    Then i'd be running ubuntu on my cracked and pwned vista machine right now, instead of runnung ubuntu on my purchased and formatted vista machine.
  • I wonder if some jurisdictions will begin requiring this, in the sense that if someone is using a system that does not support easily bypassing security that will be enough for 'probable grounds'.
  • Disable Autorun, that way the automated tool can't start. ;)

    And if the USB software interacts with the computer while the OS is running, how can that be considered untainted evidence? AFAIK computer forensics rely on having snapshots of the machine with no possible interference from the OS and running programs.

    Jonah HEX
    • AFAIK computer forensics rely on having snapshots of the machine with no possible interference from the OS and running programs.
      This is a war on terror / pedophiles / drugs / little chocolate donuts! How dare you use semantics to cloud our investigations to protect the people / children / teens / diabetics.
  • Not new (Score:5, Interesting)

    by The MAZZTer ( 911996 ) <megazztNO@SPAMgmail.com> on Tuesday April 29, 2008 @10:20AM (#23238542) Homepage

    Anyone can boot from a Knoppix live CD and mount NTFS drives in Linux and poke around. NTFS security is not applied under Linux so you can have a look at anything you want. I don't see how this is a big deal.

    The only thing that might be a problem is browsing the registry, but I wonder if wine's regedit can load native Windows registry hives. If so, then all Microsoft has done is taken existing Linux functionality and made it user friendly for the police.

    Speaking of which, anyone wanna place bets as to how long it takes for this tool to spread across p2p and torrent sites?

    • by tlhIngan ( 30335 )

      Anyone can boot from a Knoppix live CD and mount NTFS drives in Linux and poke around. NTFS security is not applied under Linux so you can have a look at anything you want. I don't see how this is a big deal.

      The only thing that might be a problem is browsing the registry, but I wonder if wine's regedit can load native Windows registry hives. If so, then all Microsoft has done is taken existing Linux functionality and made it user friendly for the police.

      Speaking of which, anyone wanna place bets as to how l

  • I've had the following tool in my collection for a long time: http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html [eunet.no]

    It's quite easy, boot up the computer from that disk and you can reset the passwords in a few minutes. Linux-based too for that matter.

    FTFA:
    The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well
    • Windows doesn't HAVE an encrypted file system...This is talking about breaking the encryption on Windows passwords which is a lot easier.
  • locally stored passwords for websites have been crackable for a while now, and in Windows Server has been disabled by default for this reason.

    User login passwords for Windows itself is something else and you can't "just decrypt" them.

    Apart from that, it just sounds like MS have provided a bunch of analysis tools.

    Is this really news or am I missing something here?
  • Unless there's a huge public backlash before then, I predict that Customs will roll these out to every major airport within the year.
    • Re:Customs (Score:4, Interesting)

      by Ioldanach ( 88584 ) on Tuesday April 29, 2008 @11:32AM (#23239922)

      Unless there's a huge public backlash before then, I predict that Customs will roll these out to every major airport within the year.
      I hope so, because then the first slashdotter that has to go through customs can have his laptop automatically dd the entire contents of whatever usb drive gets attached to it, before they even realize it can't figure out what his laptop is running.
  • Well, golly. This of course means there is *no* security on Windows computers. It's only a matter of time that this backdoor is cracked and becomes generally available to everyone.

    The only thing I use Windows for is to run TurboTax and games. And I'm wondering about the TurboTax even.

    But all hope is not lost -- running Windows on a hypervisor would be a bit more secure -- at least you can restart with the same snapshot, eliminating any attempts to embed a rootkit or snooping ware.

    But really, with Lin

  • This sounds too scary to be true - and if true, it won't be long for this to be reverse-engineered.

    Bypassing passwords/security: that sounds like a built-in back door. Not a security flaw: "this bug is a feature". And those back doors if confirmed to exist will be found soon.

    The most unbelievable part is "decrypting passwords". Since when is the actual password stored, instead of a cryptographic hash of it? If decryption were possible, they are using a two-way encryption and a secret key is somewhere hidd

    • by jimicus ( 737525 )
      What OS you run won't make the remotest bit of difference.

      It really wouldn't be hard to cook up a Linux-based thumbdrive which automatically mounts more or less any filesystem in common use today, runs a combination of find and grep to weed out potentially interesting files, copy them onto an area of the thumbdrive and shut the system down when done.

      It probably wouldn't generate anything which would stand up to forensic questions in court, but it would give you a pretty good idea as to whether or not it's w
  • TrueCrypt ! (Score:2, Informative)

    by unrealmp3 ( 1179019 )
    For local data privacy, I would use TrueCrypt, not Windows EFS. Use Full Disk Encryption on TrueCrypt, and their COFEE thumbdrive won't be of any help.
  • ...a USB drive that boots something like Knoppix with NTFS file system support! ;)....

    People have been using that to recover data from broken and otherwise defective Microsoft Windows boxes for a long time now...

  • Naturally they don't want police to have to carry around Knoppix CDs.
  • FUD (Score:2, Insightful)

    by idlemind ( 760102 )
    Since when has physical access to a machine ever been safe for any operating system? Also, it's not like Microsoft programmed in back doors for law enforcement; they are just bundling their version of script kiddie hacks.

  • So as soon as a law enforcement type plugs this into the Bad Guy's computer, a virus is installed on the thumb drive and gets installed on every other machine that the drive is plugged into. (Like Mr. Law Enforcement's own desktop!!!)

    Great Idea(tm) (:-)

    Imagine the TSA was using these. Every businessman's computer would be owned. If the virus also disabled the detection systems, our Bad Guy could also attack other bad guy's systems. He'd rule the world... Bwa Ha Ha Ha....
  • Who really cares? With the exception of file or whole drive encryption, which this device isn't going to help with anyway, if someone has physical access to your box for any length of time, they have access to your machine, doesn't matter what OS you're running, or how complex your password is, phyiscal access to your box will give them any unencrypted data eventually.

    With the right tools you can read files regardless of permissions, change passwords, add users, etc, almost anything. Building a linux live c

  • Best quote from Brad Smith (of Microsoft):

    "We're doing this to help ensure that the Internet stays safe."
    That's a relief.

    Seriously though, I'm curious to know more about what exactly this does. At first I assumed this was typical /. FUD and was essentially just a bootable USB drive to dodge Windows user permissions etc. but from reading the article it does actually sound like it's taking advantage of real security flaws in a running instance of the OS.
  • Anybody have a torrent of the files on this thumb drive? Might be fun to play with! ;-)
    • by mozkill ( 58658 )
      yeah, if it actually exists, why not share it with everyone? if you did that, then maybe someone would patch it right? lol. if nobody steps forward with a thumbdrive, ill assume this article is fake propaganda.
  • hmm.

    I have a compact distro on a thumb drive that I can boot on, mount ntfs vfat and rifle through a computer should I wish - but this sounds like its more comprehensive then that. And if it is designed for widespread cop usage then it must be extremely user friendly as well. And TFA implies you do not even need to power down the PC.

    So.. I would a guess an auto run application that is designed from the bottom up the bypass security, promote to admin rights, scan for files matching keywords, copy log f
  • And was one of the easiest things that Microsoft has ever done.
  • by SilentBob0727 ( 974090 ) on Tuesday April 29, 2008 @10:42AM (#23238958) Homepage
    In unrelated news, it is now a felony not to run Windows on your machine, and Linus Torvalds has gone into hiding.
  • by JustASlashDotGuy ( 905444 ) on Tuesday April 29, 2008 @10:42AM (#23238974)
    FTA:

    It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
    The second you plug one of these into the suspect's machine while it's running, you just set the criminal free. Reason being, you potentially just altered the original source of data and could have injected you own "evidence". Any lawyer would get you off in a heart beat.

    You'd always have to shut it down, image the drive, and then run your test against the image. If you ever so much as boot the image and use the device at that point, you've still just changed a shit load of files during the boot up process and a lawyer may still be able to get you off.

    This device is only helpful if it contains a standalone script that can be pointed to a set of files on a write-blocked drive. Blindly letting it have full read/write access to any drive would be instant not-guilty result.

    Unless this device gets some hefty certs, I'd be surprised if any law enforcement agency that reports to the public courts would ever use this device as reported.

  • When I said you should have your computer dual boot, with networking disabled on the windows side (which is how my PC was set up before the power supply burned out last week) so you wouldn't get viruses, spyware, and other nasties on your PC I was modded "troll".

    Now the summary says "Just one more reason not to run Windows on your computer."

    I guess the submitter was trolling? But at any rate, it seems to me that since Windows can't read hda, as long as you keep your terrorism plans, drug dealers' phone book
  • by Shadow-isoHunt ( 1014539 ) on Tuesday April 29, 2008 @10:50AM (#23239140) Homepage
    This is not something new people, I can dump your RAM from my USB key already(After a reboot!) and go through for whatever I'd like.

    http://tourian.jchost.net/shadow/liveusb/boot.png [jchost.net]
    http://tourian.jchost.net/shadow/liveusb/memoryremenance.png [jchost.net]
    http://tourian.jchost.net/shadow/liveusb/memoryremenance-filecarving.png [jchost.net]

    http://citp.princeton.edu/memory/ [princeton.edu]
    http://mcgrewsecurity.com/projects/msramdmp/ [mcgrewsecurity.com] (The MS isn't for microsoft)
  • Nothing really new.. (Score:3, Informative)

    by greywire ( 78262 ) on Tuesday April 29, 2008 @10:54AM (#23239190) Homepage
    Not sure what the big deal is.

    If you are a computer forensic investigator you already have many available tools (EnCase, etc) to do the same thing, not to mention the obvious linux based free tools (Helix, etc) that let you pound away on a computer (or captured image) and get whatever you want off it.

    Keeping your computer completely secure is about as practical as copyright owners keeping their data totally protected. Its always an escalating two way battle and the winner is just the one who's willing to go the farthest with it, but nothing is 100% safe.

    Privacy and DRM are both doomed for the same reasons.

    Get over it.

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...