Hackers Brew Self-Destruct Code to Foil Police Forensics

Discussion in 'privacy general' started by snowdrift, Dec 15, 2009.

Thread Status:
Not open for further replies.
  1. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
  2. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
  3. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Three words:

    Full. Disk. Encryption.
     
  4. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    :rolleyes:

    Ho hum. Let's see. Obstruction. Tampering. Contributing to the overall appearance of guilt. And all around pointless.

    Let's see. Did I miss anything? Oh yeah. It doesn't even cover the biggest weakness of WDE, which is the memory attack problem.
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Which charge would be scarier to face;
    1. Obstructing an investigation.
    2. Conspiring to commit bank fraud.

    If I had to face being charged, I would choose #1 over #2.
    Their is a 10 or more year difference.

    Using such a program as anti-forensic, only proves you are paranoid, not criminal.
     
  6. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    If you're that paranoid, then you've already encrypted your disk, thus rendering everything this program can offer redundant and pointless. snowdrift already pointed this out.

    Unless you can name something that this can do better than WDE.

    The stated burden of proof in criminal matters in the US is "beyond a reasonable doubt." The real standard is closer to the preponderance of evidence (i.e. which side is more likely correct). When you use a program that's designed specifically to defeat computer forensics, you might as well reserve yourself a jail cell. That's where you're headed. Not only for obstruction and tampering but also for the original charge. You're just adding jail time.
     
  7. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Let me add something else.

    Don't put it past law enforcement to create software like this to entrap people "colorful" enough to use it. They know when you go to court with this on your computer, they've got you by the "horns". Don't be a "noodle".


    *words in quotations are substitutions for what I really wanted to say
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    A lot of what that software does can be done with batch files. I have several that use the Eraser 5.7 launcher component. The batch files not only overwrite the items I want eliminated, they also overwrite themselves. Users who are concerned about eliminating usage tracks, "evidence", and apps supposedly used for questionable purposes should master the use of command line, scripts and batch files. They can be used to launch and send instructions to most any application or utility and be used to run apps in sequence. The only limits are your imagination.
     
  9. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92

    This is a joke right!??
     
  10. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Not at all. But since you didn't specify which part you think is a joke, I guess I'll have to elaborate about all of it.

    The program is called "Detect and Eliminate Computer Assisted Forensics". It's designed specifically to thwart police forensic techniques. It doesn't just do a one-time thing when you tell it to. It waits for the police forensic device to be used, it detects it, then it starts destroying "evidence".

    If you think that the police are going to knock on your door, examine your computer, then call it quits because DECAF saved your butt, you're in for a surprise. Really. Don't expect the charges to be only limited to obstruction and tampering because this device did such a good job. The jury is going to eat up every word about how the evil hacker thwarted the police with this advanced tool designed specifically to keep them from doing their job.

    I ask you again to look at the title and look at the description and think about what an ignorant (they all are) jury is going to think. This forum and the real world are two very different places.
     
  11. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
  12. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Reality check, people. If police will use COFEE on your computer, they won't just come to you, ask you to let you run a little program from their USB stick and then say goodbye. After they will collect all LIVE forensic data, they will probably turn off your computer and take it with them to make an EnCase image of your HDD. When they will analyze that image, they will find DECAF, and at this moment, I have to agree with "I no more than U": you are toast.
     
  13. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,080
  14. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92
    I thought you were referring to the post immediately above yours which said "full disk encryption".
     
  15. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Yeah, that makes sense. I should have quoted.
     
  16. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Yep, it beats every kind of computer forensics. Rendering it useless.
    Also given that the FDE-software you use doesn't has an enduser- and a master-password.
    McAfee FDE enterprise solution has this for example.
     
  17. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Also it only addresses Coffee, while most LEA forensic specialists, that I know personally, use FTK.
    And besides FTK also another big brand who existed for atleast a decade is being used by LEA. Whose name I've forgotten.
     
  18. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    OK, he thinks, "what's FTK?". OK, he sees that it's from AccessData Corp. And then he reads about Enterprise 3.0, "[t]he industry’s first enterprise investigations platform to enable the remote search of memory on computers across the network" <http://www.accessdata.com/downloads/media/ad_enterprise_3-0.pdf>.

    FMHBJ! I wonder WTF it's gotta install on targets to do that.
     
  19. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    :)
    I've had the pleasure of using FTK (version 3) and is a very nice tool, really simplifies the output in respect of categorizing views. Best place to have a look at FTK is AccessDataCorp youtube videos.
     
Loading...
Thread Status:
Not open for further replies.