[ISN] Disk clone tells all on Bali suspect

From: InfoSec News (isnat_private)
Date: Fri Jul 18 2003 - 00:54:30 PDT

  • Next message: InfoSec News: "Re: [ISN] MS Patches Trio of Windows Flaws"

    Forwarded from: William Knowles <wkat_private>
    
    http://australianit.news.com.au/articles/0,7204,6751835%5E16123%5E%5Enbv%5E,00.html
    
    Sian Powell and Chris Jenkins
    JULY 15, 2003  
     
    AUSTRALIAN Federal Police cyber-crime expert Nicholas Klein used a 
    specialist forensic handheld disk duplicator to crack the laptop of 
    alleged Bali terrorist Imam Samudra without altering the data it 
    contained.
    
    Samudra has been charged as one of the organisers of the Bali bombings 
    that killed 202 people on October 12 last year. 
    During court proceedings in Indonesia, Mr Klein testified the Acer 
    laptop belonging to Samudra had not been altered in any way since it 
    had been seized. 
    
    Samudra denied much of Mr Klein's testimony, saying he had seen his 
    laptop open on a table at police headquarters, and claimed police put 
    files on the machine. 
    
    He angrily thrust his fist at Mr Klein when both men approached the 
    bench during the trial. 
    
    "We used a forensic software program and we looked at all the data on 
    the computer's hard disk. When we examined the computer; we didn't 
    turn it on," Mr Klein said. 
    
    In court, Mr Klein said the Logicube hard-drive duplication system - a 
    standard tool in computer forensic work - had been used to retrieve 
    the data. Maker Logicube says the handheld disk duplication system has 
    an error rate of less than one in four billion. 
    
    The Logicube procedure, Mr Klein told the court, involved connecting 
    "an original hard disk to one side and an empty hard disk to the other 
    side. 
    
    "The device makes an exact copy of the hard disk, and it is also made 
    so that the original hard disk doesn't have any information changed, 
    altered or added in any way," he said. 
    
    Mr Klein told the court "many things" were found on the clone, 
    including graphics, pictures, and elements from an internet site 
    called Istimata.com. The data included "a statement claiming 
    responsibility for the Bali bombings". 
    
    The copying was done at the Polda police headquarters in Bali on 
    December 18-19 and took many hours, Mr Klein told the court. The 
    Australian Federal Police also kept a copy of the clone. 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 03:56:44 PDT