Experts Must Think Like Criminals To Track Computer CluesExperts Must Think Like Criminals To Track Computer Clues

sidebar to "Tracking The Terrorists"

information Staff, Contributor

January 11, 2002

2 Min Read
information logo in a gray background | information

It wouldn't surprise computer forensic expert Walt Manning if authorities were to find data about funding operations on PCs they seize during raids of suspected terrorists' homes. The retired Dallas police lieutenant says he's often seen it happen in criminal investigations. "We've had spreadsheets maintained by drug dealers that laid out their entire operation."

Financial data may just be the tip of the iceberg. Last fall, for instance, al-Qaida terrorists fleeing Kabul left behind a PC that contained hundreds of files that detail plots for assassinations and terror attacks.

While most evidence collected against terrorists probably won't be from seized or abandoned PCs, any information stored on such systems will come under close scrutiny. Investigators will rely on computer forensics, a technique to collect, analyze, and present data stored on a computer's hard disk that can be admitted as evidence.

They may have to think like criminals to find some of the data, Manning says. In addition to using encryption technologies, it's not unusual for criminals to burn incriminating evidence into the middle of a CD, with surrounding music tracks to hide the illicit data. Investigators who hear music might not bother to check the rest of the CD. And some lawbreakers no longer store data on their own PCs, so forensic computer experts must look for pointers on the computer to an online storage service the criminal may have employed.

Still, investigators can find evidence on PC hard drives. Files the user thinks are deleted often survive in unallocated areas of the drive. But computer forensic experts must be careful in how they access and duplicate data. "You need an exact duplicate to present as evidence. If the target drive has a bad sector, your copy must have a bad sector," Manning says. "You want to be able to swear under oath that nothing was altered." One of his favorite utilities is Guidance Software Inc.'s Encase, which allows the copying of a hard drive without altering files.

close this window

Read more about:

20022002

About the Author

information Staff

information Staff

Contributor

See more from information Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports