On Mon, 27 Aug 2001, D. Douglas Rehman wrote: > 3) A federal search warrant on the individuals home recovered a Mac > system with an external hard drive and a tape drive. The external hard > drive was encrypted with a program (I don't recall what it was) that > protected the entire contents of the drive. We were never able to > decrypt the drive. There was no child porn found on the other hard > drive(s) or diskettes. > > 4) The individual regularly backed up all of his hard drives to tape. > The backup contents were encrypted (again, I don't remember what program > he was using). Unfortunately for the individual, the backup software > created a catalog of the tape contents; the catalog was not encrypted or > password protected. The catalog for the external hard drive showed the > names of countless child porn image files, their size, and their > creation date (date downloaded). This information was correlated to the > child porn files that we knew he had received via AOL email. I'm curious about a couple of technical points related to this. I realize you don't recall which programs were in use, but... My personal experience is that really good disk encryption programs are few and far between, and even then, you have to be pretty disciplined in order to have them do you any good. From what I've read, the encryption on tape backup software is generally very poor. In other words, I would expect a determined federal prosecution team to be able to crack such items. Am I assuming too much about the resources that are available? Or was it just not neccessary, since there was a ready alternate set of evidence that was nearly as good? Ryan ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 11:44:44 PDT