[Dataloss] (article) "We recovered the laptop!" ... so what?

Max Hozven mhozven at tealeaf.com
Mon Feb 12 01:27:33 EST 2007 

Or boot up on a Symantec Ghost boot disk, then blast the data over to a
network drive or a connected USB drive.

-Max

-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of sawaba
Sent: Sunday, February 11, 2007 9:09 PM
To: blitz
Cc: dataloss at attrition.org
Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so
what?

You don't even have to mess with mirroring it. You can create a Linux
boot 
disk, specifically set up with scripts that search for juicy data, and 
then upload them to your server over Wi-Fi. On a fairly new laptop, you 
should have data (if there's any data to be had) within 30 minutes.
You'll 
be done in an hour or two unless there is a huge amount of data you want

to grab.

And because you are mounting the Fat32 or NTFS volume read-only, no
dates 
(or any other data for that matter) are changed. Ta-da, look ma, noone 
touched it.

--Sawaba

On Sat, 10 Feb 2007, blitz wrote:

> How much trouble to set the date and time before the copy as well? and
then 
> back?
> Love USB 2.0....
> As you and I know, mirroring the drive makes no changes  to it. I
think 
> they're blowing smoke out their posterior porthole, HOPING it wasn't 
> accessed. Sure the screws weren't tampered with....right...ever seen a
nylon 
> screwdriver? Ive got a toolbox with perhaps a dozen, regular, Phillips
and 
> Roberts.
>
> At 00:15 2/10/2007, you wrote:
>> Wow, I've done my share of forensic investigations, and for the FBI
to
>> make this kind of claim is more than a little embarrassing. I
remember
>> reading the story when it originally came out, rolling my eyes, and
moving
>> on.
>> 
>> Now that I take a closer look, it seems even more ridiculous, in part
>> thanks to their official press release:
>> http://www.fbi.gov/pressrel/pressrel06/laptop071306.htm
> --snip
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 570 incidents over
7 years.

More information about the Dataloss mailing list