SherWeb

One season of CSI is all it takes to make anyone think twice about committing a crime. Experts in the various forensic sciences are highly skilled at gathering everything from teeth to fingerprints, bullet trajectories to DNA, and are proficient at comprehensively presenting them as evidence to a judge. It’s practically impossible to commit a crime without leaving some sort of physical trace. Enter computers and the virtual private server. Thanks to the ever-evolving field of computer forensics, investigators are able to catch criminals based on their digital traces. Computer forensics is the science of collecting, analyzing and preserving information found in a computer, to be employed as evidence in a court of law. It protects society from internet fraud, industrial espionage, identity theft, child pornography, unauthorized disclosure of corporate information, and even mass murder. The following are six facts about computer forensics that anyone with computer access should be familiar with.

(image source)

Erasing and Formatting Your Computer Isn’t Enough

In 2003, two students from MIT bought 158 used and formatted disk drives from a wide variety of locations. From there they were able to extract over 5,000 credit card numbers, secret corporate financial information, detailed personal and medical information, along with many gigabytes of personal emails and pornography. Simply deleting data from your computer doesn’t actually get rid of it completely. The file information is maintained in a directory so your OS can find it, making it easily retrievable by anyone with the will, the software and the know how.

Disk Wiping is the Way to Go

A disk wipe is one of the most secure methods for “burning the evidence” so to speak. Since information cannot be completely erased from your hard drive, disk wiping will overwrite your hard drive with data many times, making the old data irretrievable after reformatting. The process is not only limited to your hard drive, but can literally wipe storage devices like CDs, RAIDs and thumb drives clean. A medium security level wipe used by the government (DoD 5220.22-M) overwrites a hard drive six times.

The following is a decent tutorial to help you completely wipe your hard drive before selling or donating your old computer, or to simply start over with an immaculate slate.

Microsoft Supplies Cofee to Cops

In June 2007, Microsoft secretly distributed a free device called COFEE, which means Computer Online Forensic Evidence Extractor, to various law enforcement agencies across the globe. The device comes in the form of a USB key and it contains a suite of 150 forensic tools to help investigators quickly extract forensic data from hard drives that may have been used to commit cybercrimes such as identity theft, online fraud, child pornography and illegal filesharing. Thousands of police officers in over 15 countries around the world are currently employing the device to collect evidence before the data can be wiped.

(image source)

Hackers Supply the Public With Decaf

Less than two years later, hackers developed and released a tool to oppose Microsoft’s forensic bundle and called it DECAF. The application scans your computer and can tell you if there’s any COFFEE in it. The hackers who created the program promise that later models of DECAF technology will not only notify users that their computer is under investigation, but will also lock down the machine.

Border Guards Can Inspect Your Laptop for No Reason Whatsoever

If you have any incriminating images or information on your laptop, you might want to clean them out before crossing the American boarder. In April 2008, three judges from the 9th U.S. Circuit Court of Appeals unanimously decided that federal agents have the right to search your computer for forensic evidence. Border guards can also seize and examine all of your mobile devices for periods up to several months. So make sure your digital cameras and cell phones don’t have anything you wouldn’t want the federal government to use against you in a court of law!

Forensic Evidence Can Tell if a Murderer Will Kill Again

“In 2008, inmates released long before their maximum sentences expired killed two police officers in Philadelphia, last year one killed a Pittsburgh police officer, and eight days ago a murderer who was twice paroled allegedly slaughtered four people in Northampton.”  (source)

(image source)

To help parole boards make better decisions before releasing potentially dangerous criminals into the world again, University of Pennsylvania professor Richard Berk has developed a computer system which can predict criminal behavior. This sounds a lot like the film Minority Report, where people get arrested based on telepathic evidence suggesting they will commit a crime in the future. But apparently by gathering years of prisoner data, Berk has learned to forecast which ones are most likely to remain violent and which ones will be good upon release. Probation departments in Philadelphia and Baltimore have already implemented Berk’s computers to monitor prisoner behavior, and Berk has received a $228,000 grant from the parole board to further develop his system due to release in 2011.

Microsoft Word Betrays BTK Killer

(image source)

From 1974 until 1991, Dennis Radar Bound, Tortured and Killed ten people in Wichita, Kansas. He might have gotten away with it too, had technology not caught up with his cockyness. The BTK Killer was famous for writing taunting letters to the authorities and the media, describing his past murders and outlining his plans for future ones. In 2005, Radar sent his latest taunt in the form of a 1.44 MB floppy disk to KSAS-TV, a FOX affiliate in Wichita. Using forensic software EnCase, the police were able to recover some metadata embedded in a “deleted” Microsoft Word document. They discovered the name “Dennis” as well as the “Christ Lutheran Church,” and from there it wasn’t long before they found Radar, gathered previous evidence to put all of the puzzle pieces together and placed the BTK Killer under arrest.