NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> 2009-01

Re: [Dataloss] follow-up: Stolen city laptop recovered; workers' personal data not accessed

From: Chris Walsh (chriscwalsh.org)
Date: Tue Jan 27 2009 - 10:09:19 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The general point, which has been made many times on this list, is that it
is not possible -- even with the greatest of forensic skills -- to make a
technical determination that the information was not accessed. It just
cannot be done, period. Ironically, if it were not possible to copy the data
in a manner that didn't alter the disk, the police themselves would be
unable to gather evidence, since by the very act of doing so they would be
changing it!

Now, this may be sloppy reporting, and certainly the laws of physics apply
to the police, so this is in no way a criticism of them. It's just the way
it is. Had the report said "Based on the circumstances of the case, their
knowledge of local crime patterns, and results of forensic examination of
the laptop, police are nearly certain the data was not accessed following
the theft", I think there would be much less questioning. Such press
reports are rare, unfortunately.

On Tue, Jan 27, 2009 at 8:37 AM, Stefan Wahe <smwahewisc.edu> wrote:

> Living in Madison and working in IT Security, I do know that Madison Police
> Department has a unit that conducts IT forensics on electronic devices. They
> have the appropriate staff, resources and training to make such
> determinations. Additionally they have state and university resources at
> their availability with more than adequate training and experience in
> IT forensics. I am aware of this because I have had the opportunity to
> observe and work with them on other IT Security related issues.
>

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]