Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×

Forensic Discovery 123

Ben Rothke writes "When most people think of forensics, television shows like Quincy and CSI come to mind. Where such shows deviate from reality is the unrealistic speed at which the actors are able to identify, apprehend and prosecute the perpetrators. In the real world, (unlike television, where the crime must be solved by the end of the family hour), crimes are solved with slow, deliberate and methodical steps. The prodigious incidence of digital crime has elevated computer forensics to a critical role within the field of information security. The focus of computer forensics is twofold: first is the attempt to determine whether a breach has occurred and to stop the perpetrator; second is prosecution of the offender, if the breach was a criminal activity." Read on for Rothke's review of Forensic Discovery.
Forensic Discovery
author Dan Farmer & Wietse Venema
pages 198
publisher Addison Wesley Professional
rating 10
reviewer Ben Rothke
ISBN 020163497X
summary Forensic Discovery overview

Security luminaries Dan Farmer and Wietse Venema wrote one of the first vulnerability scanners (SATAN) almost 10 years ago; SATAN was the precursor to ISS Scanner, Retina and nmap. Venema wrote such well-known security applications as the TCP Wrapper program and the Postfix mail server. Farmer and Venema's new book Forensic Discovery is a valuable book that grounds a computer-savvy reader in the world of digital forensics.

An image of a pipe by artist René Magritte is on the cover with the caption Ceci nest pas une pipe. ("This is not a Pipe.") The picture demonstrates that an object exists on many planes; the simple recognition of the picture initiates the belief that we are seeing something, but it is only known in representation. Surrealist painting and digital forensics coalesce in that the digital forensic investigator must think broadly and unconventionally in order to reconstruct an incident, all the time keeping in mind that often what initially seems obvious is neither real nor correct.

The material in the book is an outgrowth of a one-time seminar the authors gave in 1999 on digital forensics and analysis. At the seminar, Farmer and Venema rolled out The Coroner's Toolkit (TCT), a collection of tools for gathering and analyzing forensic data on a Unix system. TCT is heavily referenced throughout the book.

The book initially seems thin, at just 198 pages, but there is no filler and the information is presented in a fast and furious manner. Part one of the book comprises 35 pages and is an introduction to the foundations of digital forensics and what to look for in an digital investigation.

Part two (chapters 3-6) is the nucleus of the book, which quickly gets into low-level details about file systems and operating system environments. While other forensics books focus exclusively on the discovery and gathering of data; Forensic Discovery adds needed insight on how to judge the trustworthiness of the observation and the data itself. Again, the idea is that not everything is as obvious as it may initially seem. An effective investigation often requires intense analysis, where meaningful conclusions take time.

Chapter 4, "File System Analysis," notes that while computers have significantly evolved since their inception, little has changed in last 30 years in the way that file systems actually handle data.

Chapter 5, "Systems and Subversion," is particularly interesting as it deals with system startup and shutdown, from a forensics perspective. The chapter shows that there are thousands of possible opportunities to subvert the integrity of a system without directly changing a file during startup and shutdown. A crucial decision that must be made during an incident is whether to shut down the system or let it remain on-line. There are advantages and disadvantages to each approach, and the book details them.

Part three (chapters 7-8) is about the persistence of deleted file information. The authors' research reveals that data can be quite resistant to destruction. The book shows that a huge amount of data and metadata can survive intended deletion as well as accidental damage.

Forensic Discovery is unusual in that other books on forensics are often nothing more than checklists and step-by-step instructions on what to do during an incident. Forensic Discovery provides a broad framework on the nature of data and how it can be recovered for forensic purposes. By understanding the underlying operating system, the act of analyzing and dealing with a security breach becomes much easier.

The book's target reader is anyone who wants to deepen his understanding of how computer systems work, as well as anyone who is likely to become involved with the technical aspects of computer intrusion or system analysis. The topics are too advanced, to make it the right book for the novice system administrator. For the technical reader, though, Forensic Discovery is one of the best computer security books published in the last year. The value of the information is immense, and the extensive experience that the authors bring is unmatched.


You can purchase Forensic Discovery from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

Forensic Discovery

Comments Filter:
  • huh!? (Score:4, Funny)

    by Turn-X Alphonse ( 789240 ) on Tuesday January 18, 2005 @06:14PM (#11402379) Journal
    So crimes arn't solved by old ladies finding a lipstick, some shoes and avoiding being shot!? Thats it! I'm never donating to "Help the aged" again!
  • by lightspawn ( 155347 ) on Tuesday January 18, 2005 @06:16PM (#11402401) Homepage
    Where such shows deviate from reality is the unrealistic speed at which the actors are able to identify, apprehend and prosecute the perpetrators. In the real world, (unlike television, where the crime must be solved by the end of the family hour), crimes are solved with slow, deliberate and methodical steps.

    Great. Now the criminals know they probably won't be caught. Good job!
  • Quincy!?! (Score:4, Funny)

    by FuturePastNow ( 836765 ) on Tuesday January 18, 2005 @06:17PM (#11402417)
    Quincy, M.E.? I was two years old* when that show went off the air. Raise yor hands, Slashdotters, how many of you think of Quincy when you think of forensics?

    *http://us.imdb.com/title/tt0074042/ [imdb.com]
    • I wasn't even born yet. As for forensics in television, the only show I've known about was CSI (well, Law and Order did a little forensics stuff, but not to the degree of detail that CSI goes into).
      • There's also Crossing Jordan, for all your completely unrealistic forensics needs. It's amazing the kind of stuff those people can tell by typing at a computer for 5 seconds, or barely glancing at a body.
      • Re:Quincy!?! (Score:5, Informative)

        by Wanker ( 17907 ) * on Tuesday January 18, 2005 @06:43PM (#11402650)
        CSI is laughable in how little it reflects reality. If you want a more relistic TV-based view on forensics, try the Discovery channel show "The New Detectives". It's still going to gloss over a LOT of details (it's TV) but rarely do they present something patently wrong as fact, as happens all the time on CSI.

        For more info on CSI's lack of attention to detail try this site:

        http://www.angelfire.com.nyud.net:8090/jazz/jboze3 131/csifacts.htm [nyud.net]

        • Re:Quincy!?! (Score:3, Interesting)

          by AceCaseOR ( 594637 )
          I don't get cable or sattelite. As it is, I still enjoy CSI. Accuracy to procedure aside, they still do a good story, and the acting is better then many of the other shows that are on Network Television.
        • ...If you want a more relistic TV-based view on forensics, try the Discovery channel show "The New Detectives"...

          Court TV has a similar show called Forensic Files. Very similar to "The New Detectives", but each show 30 minutes and focuses on a single case. Also, I have seen any 2005 New Detectives, but I have seen some 2005 Forensic Files.

    • You're right!

      I think of 'Kolchak - The Night Stalker' first!

    • I remember Quincy quite well, and I'm only 42 (and I like my red sports car very well, thank you). I mean come on, tell me everyone here is older than 15!
      • Hey! I don't remember Quincy and I'm over 15. I'm 19!

        Actually, I do remember Quincy, albiet from reruns. Same way I remember M*A*S*H

    • I referred to "Raising Jordan" the other night as Quincy, and my roommate knew exactly what I was talking about.
    • it still shows in the UK, that and various over crime solving old people revolve slots every 3 months, still quite good for day time TV too
    • There are reruns, you know.
      Forensics==quincy. CSI is for noobs.
    • Admittedly no, most people would think of CSI ... but just because Quincy is off air where you are doesnt mean its off air everywhere ... in the UK its been on during the afternoon within the last 2 years.

      t
    • I graduated H.S. the year Quincy was Canceled so I do think "Quincy" when "Forensic Science" is mentioned.
  • Computer forensics (Score:5, Interesting)

    by Anonymous Coward on Tuesday January 18, 2005 @06:24PM (#11402471)

    I met a young, single woman who did computer forensics for the police. She told me over dinner that while she thought her work was important, it caused her a lot of stress in her life. She said there were many times where she recovered images from the computer of a sex criminal that were really indiscribable.

    She was really good looking and had a body that you normally don't find on a girl geek. But, man, I wasn't about to start dating some chick who comes home from work sobbing from prowling through gigabyes to violent sexual jpegs and avis. I guess that's why someone so damn good looking and smart was still single...

    • by djward ( 251728 ) on Tuesday January 18, 2005 @06:32PM (#11402559)
      Sounds like she needs some consoling. And I think I know just the man for the job.

      You still got her number?
      • by Anonymous Coward on Tuesday January 18, 2005 @06:51PM (#11402719)

        Sounds like she needs some consoling.

        Well, it was that "some" in "some consoling" that I wasn't sure about. How much? She's telling me on the first date that she's under tremendous stress. I appreciate her honesty and respect her for that but I suspect that if she feels the need to divulge that on a first date, the level of consoling is likely to be more than "some". That's what I was worried about. To be dating a girl with a face and a body like that who knows her way around computers like a pro and who is doing a job that is clearly a service to mankind sounds like a geek's wildest dreams come true. But therein lies the problem: this is the kind of girl who most of us would fall head-over-heels for. I was afraid of getting really wrapped up in her and then having to endure of heartache of having her crying in my arms once a week or more. Or having her push me away in bed because she had seen something at work that had turned her off of sex for the next two weeks. You can call me an ass or a dumbshit but seriously think about it for a moment. This was going to be a major emotional roller-coaster for me.

        I'm reminded of some poor sap here on slashdot who was telling us what it's really like to have a nympho girlfriend. It sounds great until you are presented with the reality of the situation, namely, that she absolutely needed sex every time he put his arm around her. Look, I still think that woman I dated was very desirable on many, many levels but I also think I did the right thing by stopping that relationship before I got sucked into her work as well.

    • I've done some work like that as well, let me tell you, it's dead easy if the perp is using Windows. Everything, and I mean absolutely everything, is saved somewhere on Windows, it's only a matter of finding it. From IE histories in the registry, to yahoo chat logs in the windows subdirectory, it's all there, so easy to find, it should be a crime to be that stupid to attempt to commit a crime whilst using a Windows PC.
    • by Raindeer ( 104129 ) on Wednesday January 19, 2005 @01:45AM (#11405544) Homepage Journal
      The Dutch police has a huge database of all kinds of (child pornography) pictures. Of each picture they have a hash. When they confiscate the pc of somebody who is suspected of having child pornography, the first thing they do is run the hashes against the pictures on the system. This saves them from having to look at all those pictures, they can now focus on the unknown ones. Great thing is also that the hashes are admissable in Court as evidence.

      • Depending on the hash method, can't different strings/files sometimes result in the same hash?

        I'd assume that if you nailed somebody with 10+ hashes you've got them, but 1-2 matches might be false positives?

        Also on the hash front, wouldn't any simple alterations to the file (format conversion, brightness/contrast adjust, resize, etc) break the hash? Perhaps even an "echo 1 >> somefile" would kill it?

        Useful, certainly, but likely with some flaws/pitfalls.
  • It is based on a true story isn't it? Isn't it!
    • It may not be exactly true but it is clearly based on various people. Some mental disorders enhance other parts of people, so where as Monk may hate disorder his eyes focus on it so he notices the things out of place. The same could be said of many people with similar disorders to his.
      • Monk is also based on a lot of classic detective fiction, especially Holmes. Many of the characters, themes and plotlines are similar to those in the Holmes stories.

        Makes it much more entertaining than CSI, IMO. Character and story take priority over fake techno-speakery.

    • It is based on a true story isn't it? Isn't it!

      Yeah, Monk is what Rain Man became when he grew up.

  • Encrypted disks? (Score:4, Interesting)

    by nizo ( 81281 ) * on Tuesday January 18, 2005 @06:26PM (#11402490) Homepage Journal
    Not that I would ever have anything to hide, but how safe is data on an encrypted disk, in particular linux encrypted filesystems like this [sourceforge.net]? It seems to me that with a little encryption you would pretty easily foil the efforts of any local forensics people.
    • Re:Encrypted disks? (Score:2, Informative)

      by BrownDwarf ( 615206 )
      Well, maybe. The issue is password protection. If "they" have access to your computer early on, and they almost certainly would, they can put in a keyboard sniffer to snatch your password -- and there goes the safety afforded by your encryption, no matter how robust the algorithm itself may be. There are ways around this, but I've rarely seen them discussed, much less implemented.
    • Re:Encrypted disks? (Score:3, Informative)

      by temojen ( 678985 )
      1. It sounds like the book is mostly about situations where the owner of the system wants to know what, if anything, was changed, and how the hacker got in, etc, as well as the owner provideing information to law enforcement.
      2. Notice the section

        A crucial decision that must be made during an incident is whether to shut down the system or let it remain on-line. There are advantages and disadvantages to each approach, and the book details them.

        ?

        Encrypted filesystems do no good if the filesystem is still mounted

    • Re:Encrypted disks? (Score:4, Interesting)

      by Grond_the_Hammer ( 784712 ) on Tuesday January 18, 2005 @06:40PM (#11402620)
      It depends on what you mean by "local forensics people". Most true forensics professionals are pretty good at what they do, and I haven't yet met one that wasn't. People don't typically get jobs like that without going through a decent amount of training and certification.

      The mere presence of encrypted data is usually a tip-off to a decent examiner that something interesting is in there. There are even programs and statistical methods for finding different types of encrypted data on a drive. And there are all sorts of ways to recover passphrases...if you have enough evidence to get the suspect to talk, they'll usually give it up. Not every forensic technique is a technical one...

      Most of all, there is a lot of data that can't be encrypted to cover one's tracks, especially in the corporate environment where firewalls and other security systems log activity.

    • Re:Encrypted disks? (Score:2, Informative)

      by Anonymous Coward
      With a decent encryption method, you can almost guarantee that the data is secure. The better the encryption is, the larger the server farm/super computer they need to crack it. Although, it can be seen as contempt of court if you are required by law to give them the keys used to encrypt it and you fail to do so. Just because the data is unreadable by them doesnt mean they cant put you in the slammer.
    • Robert Morris Sr. once told an audience that cryptanalysts in real life follow the rule "look for plaintext, it shows up in the darnedest places".

      F'rinstance: suppose you're in the Middle East but you've carefully stored all your images of women without veils onto an encrypted volume. Suppose you looked at them one day. JPEG files typically open into a web browser. No matter how encrypted your stash was, the images are still sitting in the browser cache.

      Today's crypto is as strong as your passphrase(*). C
  • by Quill_28 ( 553921 ) on Tuesday January 18, 2005 @06:27PM (#11402508) Journal
    >Where such shows deviate from reality is the
    >unrealistic speed at which the actors are able to
    >identify, apprehend and prosecute the perpetrators.

    What is also unrealistic is that the CSI guys ever see a suspect. The go to the crime and spend the rest of the time in a lab or sometimes in court.

    They would never ever talk to a suspect.
  • Forensic Science (Score:4, Interesting)

    by exp(pi*sqrt(163)) ( 613870 ) on Tuesday January 18, 2005 @06:36PM (#11402586) Journal
    The primary purpose of forensic science is to pretend to be a real science so as to fool people into thinking that there are reliable ways of tracking down who you are if you commit a crime. It's the myth of forensic science that keeps the crime rate down, not actual forensic science successes. Ask N forensic scientists when someone died, how long it was since their last meal and so on and you'll get N differet answers. But programs like CSI help to mislead people into thinking this stuff actually works.

    In the days of yore the torture was used much leass than people imagine. Just the threat of torture was enough to make people confess. The same goes with forensic science. A cop says: "we have your DNA and we know it's you for sure" and that's enough to make someone confess. And as long as programs like CSI keep airing people will continue to fall for it.

    In fact, the fact that forensic science is 90% bull is probably one of the best kept secrets left in the Western world.

    • Actually, there is a God. but there is no spoon.
    • by xant ( 99438 )
      References? Evidence? Even CSI is a better authority in my mind than someone who provides no information to back up his claims. At least I know CSI did some research into making the investigative process look realistic.
      • Re:Uh (Score:2, Insightful)

        There have been a few investigations of forensic science over the years. They don't get much publicity. It'd take me a while to track them down. Here are some typical examples from one source: here [newscientist.com], here [newscientist.com], here [newscientist.com].

        The point is that very little consistency checking goes on. For example forensic evidence is used to convict someone. Then the fact that they were convicted is used as evidence to support the accuracy of the forensic evidence without external validation. This is a very common theme. And it's interes

        • > For example forensic evidence is used to convict someone. Then the fact that
          > they were convicted is used as evidence to support the accuracy of the forensic
          > evidence without external validation.

          What's used as evidence to support it is the very low probability that the DNA you've got from the crime scene will match anyone elses. The same goes with fingerprints. Your links require me to pay to read them, which I'm not prepared to do, but only one of them mentioned either fingerprints. What's yo
          • Unfortunately I read many articles on this subject in magazines and journals printed on paper. I don't know where to find free evidence to support my case.

            I'm not singling out DNA evidence in particular - in fact I don't think I even mentioned it. There was a great /. story a few months ago about someone who was fired because they failed a random drug test at work. But then the lawyer hired a mathematician who basically showed that even though the test was fairly reliable there was still a low probability

        • by acz ( 120227 )
          After reading the review [slashdot.org] of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake [stake.com] after writing a Phrack Article [phrack.org] in which he exposed numerous flaws in The Coroner's Toolkit [porcupine.org] by Dan & Wietse. Before you read this book, check out the video [hert.org] (bittorrent) of The Grugq on The Art of Defiling [packetstormsecurity.com] and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 [bellua.com] in Jakarta, in April at Blac [blackhat.com]
    • Many criminals are idiots, but not all idiots are criminals...
      • This is closer to the truth. The fact is, people get caught for crimes, not because of smart investigation, but the perpetrators are idiots. They show off about their achievements, or spend the money too quickly, or fail to realize that because they were married to the victim they're the obvious suspect - and so on.
    • by gl4ss ( 559668 )
      there's a BIG difference between torturing and claiming that you have evidence.

      with torturing people would confess things they had not even done.

      you don't need dna to prove that someone was somewhere at some time.. there's lots of other ways. usually someone saw them or you could follow them home or there was some other way to trace them to the crime.

      tv forensics is 90% bull.. but what has that do with techniques used by real life cops?
      • with torturing people would confess things they had not even done

        (1) Pick up a history of medieval law or some such book. Torture was more effective than that. While it wasn't 100% reliable, or even 90% reliable, it probably wasn't a completely crap tool for determining the truth. It wasn't just used indicriminately - most countries in Europe had laws governing its use. For example, after a confession, the victim often was allowed an opportunity to retract their confession and further torture wasn't allo

      • you don't need dna to prove that someone was somewhere at some time [...] usually someone saw them

        Eyewitness testimony is often the least reliable but, unfortunately, carries most weight with the average juror.
  • I don't care. (Score:4, Interesting)

    by AceCaseOR ( 594637 ) on Tuesday January 18, 2005 @06:38PM (#11402605) Homepage Journal
    Where such shows deviate from reality is the unrealistic speed at which the actors are able to identify, apprehend and prosecute the perpetrators.

    Frankly, I don't care. I don't care that in reality it would take 3-4 months to get the DNA processed because of the massive queue of other cases that need DNA processed. I don't care that real-live CSIs would never, ever, ever see a suspect or a crime scene. You can't really do a series that way. I don't have cable or sattellite so I haven't seen the show, but I doubt that even New Detectives goes without showing the suspects.

    I like have interesting characters, I like a good story. That's I still read Agatha Christie novels and watch the Poirot mysteries, even though Christie cheated on a regular basis.

    Just my $.02

  • The thing I hate most about CSI is when they zoom in on digital photographs or video tapes from crappy security cameras. Sure getting DNA results in 6 minutes is a little bit of a stretch used to get the crime solved in less than 3 months, not presenting evidence that isn't there.
    • Frankly, every fiction TV show and movie that has picture enhancement of video from anything has pulled this conceit. The list of series and movies that haven't done this will definatly be much, much, shorter than the series that have.
    • > The thing I hate most about CSI is...

      A couple of recent "I hates" that come to mind:

      Getaway car peels out, leaving rubber on the pavement. The tread pattern is perfectly preserved in the squeal mark. (They even see a black spot from a nail in the tire.)

      In the morgue, they push some kind of putty into a stab wound in the body cavity, and pull out a cast showing the shape of the blade that made the wound (down to the detail of a broken tip),

      Other gripes about CSI and all the other recent crime show

  • "Forensic Discovery" (Score:1, Interesting)

    by Anonymous Coward
    Yup, there's really nothing quite like stumbling upon a crime scene. Looks good, smells good, no nightmares or traumatic flashbacks. So get your Vapo-Rub and 35mm camera and come on down to "Forensic Discovery!"
  • An entry level book (Score:2, Informative)

    by AndroidCat ( 229562 )
    For starting out [dummies.com]. (Will they have Phishing For Dummies next?)
    • The OP's link is to a Dummies book, "Forensics for Dummies"... The blurb reads 'Now, everyone can get the lowdown on the science behind crime scene investigations. Using lots of fascinating case studies, forensics expert Dr. D. P. Lyle clues people in on everything from determining cause and time of death to fingerprints, fibers, blood, ballistics, forensic computing, and forensic psychology.'.

      Then, lower down the page, in the Related Articles section...

      - Acquiring Kitchen Equipment for Your Restaurant

  • Security luminaries Dan Farmer and Wietse Venema wrote one of the first vulnerability scanners (SATAN) almost 10 years ago; SATAN was the precursor to ISS Scanner, Retina and nmap. Venema wrote such well-known security applications as the TCP Wrapper program and the Postfix mail server.

    SATAN was also known as SANTA to those sensitive to sacrilegious references. Also, it's TCP Wrappers.

  • I'll Bite... (Score:4, Interesting)

    by Gargamell ( 716347 ) * on Tuesday January 18, 2005 @06:57PM (#11402827) Homepage Journal
    Hi all,

    Noticed that this post was hovering around 30 posts, and so i thought i would toss in some relevent tidbits that are pretty interesting.

    I graduated with a CS degree, and now i run a data warehouse, and architect an enterprise java application. Things are going well, but as many of us are aware, it may not be going so well for everyone that just graduated...

    case in point - a buddy of mine got a good job out of school, but it isn't great, not like what we all pictured when we signed up in the midst of the boom 5 years ago! About a month ago, an old friend of ours called up and said he had positions available for Forsenic Scientists (paid bank). I kept asking what portion was related to CS or technology, and he kept replying - NONE! The only part is the ability to methodically research details and clues! Can anyone say.... debugging?!

    Anyways... i started to think about it, and compared with some of the criminal justice majors i know, CS grads really are more capable to handle that kind of stuff. Just like abstract puzzles, RPGs, and even some of the "lock-picking" articles i have been seeing. Anyone have a simliar tale? Anyone know of a school that has a curriculum that tailors to that kind of profession?

    Thanks! ~tim

    • You're right in that it's a fair generalization that Computer Science grads are good with that type of puzzle, RPG or and real "logic" games... However, like you mentioned, forensics would be alot similar to debugging, and how many programmers do you know who *like* debugging? Also, in response to the main subject of this comments thread, when have you *ever* seen an accurate portrayal of real police work in a episodal TV show?
  • Cut TV some slack (Score:4, Insightful)

    by Jerf ( 17166 ) on Tuesday January 18, 2005 @07:26PM (#11403168) Journal
    unlike television, where the crime must be solved by the end of the family hour

    Have you thought about what you're (implicitly by your implied criticism] asking for?

    Which is it you want, an "episode" that lasts three months? A season that consists of the same 20-ish (or whatever number) episodes it does now, only randomly scattered across the episodes in the order in which they "really occurred"? On every scene change, white text on the bottom of the screen that says "[random time period] later"?

    It's like asking for "total realism" in science fiction... you are aware that faster than light travel is, at best, totally unproven and most likely completely impossible? (Save the discussion on the possibility of FTL for sci.physics, please, this is just an example.)

    So many fan-boy types ask for things that if they got them, they'd hate even more. I for one am glad the characters aren't making constant references to the amount of time something is taken, and I for one am glad that when they dig through an entire day of garbage in Los Vegas, they show about ten seconds of walking around, followed by the necessary discoveries. Are you seriously asking them to show the five or six hours it might have taken in real life? You feel free to watch it, I can guarantee I wouldn't.
    • here might be the issue some have: how many people actually fly around in a starship boldly going where blah blah blah compared to the perception tv viewers have of crime scene investigators that do work similar enough to that they see on their show?

      it is easier to disbelieve startrek but harder to disbelieve CSI. you commit a crime you imagine that some team will investigate it like in the show (how ever long it takes). but you flip open your communicator dial 911 and ask them to beam you up, and you migh
  • What's next? (Score:3, Insightful)

    by StikyPad ( 445176 ) on Tuesday January 18, 2005 @07:29PM (#11403203) Homepage
    You're telling me that it takes longer than an hour to solve a crime? I've been to football games -- I know that what's on the TV is what's actually happening in real time. If it's on the TV, it must be real.

    Besides, who wants to watch a show where they uncover one clue a week, or get a subpoena, or nothing happens that week? Surprisingly, people don't want to watch real life when they turn on the TV (and don't even try to say that reality TV has anything to do with real life).
    • I just watched a guy make a sandwich and then go to bed on Big Brother, I agree...

      They're still showing everyone asleep! this goes on for an hour!? nothings happening!

      TV is for cutting out the boring bits.
    • on the contrary. if people could "tivo" real life we would all become peeping toms. think about a parent being able to watch their child's life in a time-shifted manner at any point of their day. maybe some warez will be released that can boil down a person's day or week or month or year etc into an hour long show. and the best part is that this isnt even reality tv. maybe you can come up with a name for that kind of tv.
  • by Anonymous Coward
    I've got lovely news for you: Unless you are able to watch a computer from the time it is put on the network to the time that removed for evidence collection, you can say *VERY*LITTLE* about what someone may or may not have done with that computer.

    Here's a little story from several years back. A friend of mine who was doing deployed support for one of the armed services used an account at a major American university, which he was authorized to used, to download/store updated cisco images due to limited b
    • Right... This guy had a decently bad experience. Everyone makes mistakes. Obviously this case had a fair bit of incompetence, but I doubt this is the standard. Also, keep in mind that 90% of what is termed "Computer Forensics" has nothing to do at all with network activity. Computer Forensics deals mostly AFAIK with such things as: 1. A suspected pedophile is arrested, and they pull his computer. They find stuff like kiddie porn, and MSN logs where he tries to get little ones to meet him in the park e
      • by Anonymous Coward
        Currently there is a heavy emphasis on making a lot of assumptions about what has happened based upon what is on someone's computer due to the "infallibility" of checksumming disk contents and the software that makes the process palatable to courts and legal profession. That makes it possible for me to get you in a lot of trouble quite easily. I seriously doubt that most folks know everything actually stored on their hard drives or how it got there. The list of malware is so very long that it is impossib
  • Isn't that why we have those

    "MONDAY 11:30AM"

    captions on almost each scene? Doh? I remember reading one that said "TWO MONTHS LATER" on Law&Order. Again, i didn't RTFA, but I think the article submitter should be clearer on what he means by "fast".
  • I wish people would talk about the work of The Grugq who got fired from @stake [stake.com] after publishing an article [phrack.org] in Phrack [phrack.org] Magazine. He will be talking in Jakarta, Indonesia at BCS2005 [bellua.com] in March, Blackhat [blackhat.com] Singapore and Amsterdam in in April. (and he will probably never speak in USA because he embarasses and ridicules the profession and ... the FBI.
  • After reading the review [slashdot.org] of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake [stake.com] after writing a Phrack Article [phrack.org] in which he exposed numerous flaws in The Coroner's Toolkit [porcupine.org] by Dan & Wietse. Before you read this book, check out the video [hert.org] (bittorrent) of The Grugq on The Art of Defiling [packetstormsecurity.com] and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 [bellua.com] in Jakarta, in April at Blac [blackhat.com]

Computer programmers do it byte by byte.

Working...