Case Security Question

Case Security Question
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Case Security Question Justin Case 09-28-2005
Posted by Justin Case on September 28, 2005, 6:29 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
This may seem like an odd ball question. I have a sister
who asked me to look at her husbands computer.
They are going through a divorce, she wants to
know what is on his computer. He is a computer
security specialist dealing with banking networks.

She believes he husband has been viewing/
downloading/storing illegal porn.
He's an asshole who is leaving her with 5
children, he's been very abusive to her.
She is desperate for help.
So I too am desperate to help her.

Now, I looked at the computer.
When I first went to it, it had a
Windows logon screen.
But we didn't know the logon.
I thought that perhaps I could
start the computer in safe mode.
But once I hit the reset switch,
it seemed to reboot, but the monitor was totally
black, I did a raster/degaus check and it said
there was no video signal. But I could see the
hard drive lighting up, and the floppy light coming on.
It also apeared to have a CD Zip drive as the
1st boot device(nothing in it). I tried switching monitors,
same thing, no signal. He also has a HD lock
on the case.

Is it possible to set the bios so that the video
card will no work without the proper boot disk?

My sister also told me, that one day he
forgot to set his desktop and left the
system open. She told me that there
appeared to be two identical sized
HD's both about 28 GB in size.
Two partitions on a single drive?
My question is, how can I access this thing?
Can I remove the HD, install it
on another system and make a duplicate mirror of the HD?
What about the HD case lock?

Please help, thanks in advance.

Justin




_______________________________________________________________________________
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
http://www.uncensored-news.com
<><><><><><><> The Worlds Uncensored News Source
<><><><><><><><>



Posted by Todd H. on September 28, 2005, 4:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

First, I agree with other cautions that you should tread very
carefully here.

From a technical perspective, A Knoppix CD (a live Linux distribution
that is entirely contained on a CD and can mount windows
drives/partitions) might be something worth trying. The security
tools distribution might be of particular interest because of its
forensics tools.
http://www.knoppix-std.org/

However, if the guy is security savvy and doing something illegal, and
has shown enough worry to install a case lock, it's also likely that
he's set the bios to not allow booting from the cd rom. But it's an
easy thing to try. If knoppix mounts things read-only, you can poke
around without changing the state of the file system at all. What
does this case HD lock look like anyway?

Now, the legal issues on this problem are far more complex. Not being
qualified to advise, your relative should seek the counsel of her
attorney insofar as how this issue might affect the civil litigation
of the divorce. And that attorney might also have a bead on
how/whether the criminal aspect of the alleged activity should best be
handled. Evidence handling, chain of custody, etc for criminal
proceedings is very sensitive stuff, as suggested by another poster.

Best Regards,
--
Todd H.
http://www.toddh.net/


Posted by Colin B. on September 28, 2005, 6:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> This may seem like an odd ball question. I have a sister
> who asked me to look at her husbands computer.
> They are going through a divorce, she wants to
> know what is on his computer. He is a computer
> security specialist dealing with banking networks.

At this point, my advice is to step away from the situation entirely.
The guy may be an asshole. He may be viewing illegal porn (and what exactly
do you mean by "illegal?" Is it kiddy porn?). He may deserve to be in jail
for his actions, but if you start mucking about with his computer, YOU might
end up on the wrong side of the law, especially if he has confidential
banking information on his computer.

If there is a legitimate belief that he has illegal material, then go to
the police, have the thing confiscated, whatever is necessary through the
official channels. If he's a security specialist, then there's probably no
bloody way you can get into his machine, unless he's incompetent.

I'm not saying don't get involved, but I AM saying don't get yourself into
more trouble than you might cause for him. Keep in mind that in most
western countries, illegally obtained evidence is inadmissible in court.

Colin


Posted by Leythos on September 28, 2005, 8:48 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
says...
> This may seem like an odd ball question. I have a sister
> who asked me to look at her husbands computer.
> They are going through a divorce, she wants to
> know what is on his computer. He is a computer
> security specialist dealing with banking networks.
>
> She believes he husband has been viewing/
> downloading/storing illegal porn.
> He's an asshole who is leaving her with 5
> children, he's been very abusive to her.
> She is desperate for help.
> So I too am desperate to help her.
>
> Now, I looked at the computer.
> When I first went to it, it had a
> Windows logon screen.
> But we didn't know the logon.
> I thought that perhaps I could
> start the computer in safe mode.
> But once I hit the reset switch,
> it seemed to reboot, but the monitor was totally
> black, I did a raster/degaus check and it said
> there was no video signal. But I could see the
> hard drive lighting up, and the floppy light coming on.
> It also apeared to have a CD Zip drive as the
> 1st boot device(nothing in it). I tried switching monitors,
> same thing, no signal. He also has a HD lock
> on the case.
>
> Is it possible to set the bios so that the video
> card will no work without the proper boot disk?
>
> My sister also told me, that one day he
> forgot to set his desktop and left the
> system open. She told me that there
> appeared to be two identical sized
> HD's both about 28 GB in size.
> Two partitions on a single drive?
> My question is, how can I access this thing?
> Can I remove the HD, install it
> on another system and make a duplicate mirror of the HD?
> What about the HD case lock?
>
> Please help, thanks in advance.

Since you said it's a COMMON computer, pick it up, take it to a security
specialist, have a duplicate image made, and then bring it back home -
have the security specialist analyze the drive for content / history and
do a report. Anything less than the above is not admissible in court.

--

spam999free@rrohio.com
remove 999 in order to email me


Posted by Volker Birk on September 28, 2005, 8:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Now, I looked at the computer.

It seems, that you need help from someone, who knows what to do.
This perhaps will be difficult through usenet. You'll better hire
somebody, who is near to you.

Of course, it's your decision to go in the middle between the two fighting
each other.

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc


Similar ThreadsPosted
advapi.dll security question August 9, 2006, 7:22 am
question (and poll?) for security professionals November 17, 2005, 1:24 pm
Question regarding security programming newsgroups March 21, 2006, 5:54 pm
practicle internet security question December 14, 2006, 10:00 am
Question about Security Certificate Notices November 21, 2008, 2:24 pm
Newbieish question about standard security practices June 11, 2005, 11:04 pm
Re: Security Question & Suggestion: Record of Last Access & Recent Accesses November 7, 2007, 5:25 pm
Re: Security Question & Suggestion: Record of Last Access & Recent Accesses November 11, 2007, 9:46 am
Security Question & Suggestion: Record of Last Access & Recent Accesses November 7, 2007, 2:05 pm
RFID Cryptography, RFID and Environmental Issues, Wal-Mart and RFID: A Case Study July 30, 2006, 6:03 pm

The site map in XML format XML site map

Contact Us | Privacy Policy