From: Ferdie Mazon (ferdiebrandes.com)
Date: Tue Jan 27 2009 - 15:05:00 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"There is no indication the data had been abused" is a true statement.
"The data had not been accessed" is not a true statement because it is
not possible to know.

A $99 Whole Disk Encryption product could have averted the whole
situation. Unless, of course, the laptop had a Post-It with the
encryption password.

-----Original Message-----
From: dataloss-bouncesdatalossdb.org
[mailto:dataloss-bouncesdatalossdb.org] On Behalf Of DAIL, WILLARD A
Sent: Tuesday, January 27, 2009 10:27 AM
To: datalossdatalossdb.org
Subject: Re: [Dataloss] follow-up: Stolen city laptop recovered;workers'
personal data not accessed

Doesn't risk management play into this as well though? Yes, true, one
could argue the likelihood of any number of possibilities, both probable
and remote. However, if a suspect is a known common thief, the laptop
is recovered, no malware is found to be installed on the system, then
most likely the device was stolen to be sold as a piece of hardware.
Perhaps one cannot argue beyond a reasonable doubt as to what happened,
but I personally would have no problem stating there is no indication
the data had been abused.
 
The law of parsimony does come into play for some of this (in my
opinion).

________________________________

From: dataloss-bouncesdatalossdb.org on behalf of Chris Walsh
Sent: Tue 1/27/2009 11:09 AM
To: datalossdatalossdb.org
Subject: Re: [Dataloss] follow-up: Stolen city laptop recovered;workers'
personal data not accessed

The general point, which has been made many times on this list, is that
it is not possible -- even with the greatest of forensic skills -- to
make a technical determination that the information was not accessed.
It just cannot be done, period. Ironically, if it were not possible to
copy the data in a manner that didn't alter the disk, the police
themselves would be unable to gather evidence, since by the very act of
doing so they would be changing it!

Now, this may be sloppy reporting, and certainly the laws of physics
apply to the police, so this is in no way a criticism of them. It's
just the way it is. Had the report said "Based on the circumstances of
the case, their knowledge of local crime patterns, and results of
forensic examination of the laptop, police are nearly certain the data
was not accessed following the theft", I think there would be much less
questioning. Such press reports are rare, unfortunately.

On Tue, Jan 27, 2009 at 8:37 AM, Stefan Wahe <smwahewisc.edu> wrote:

        Living in Madison and working in IT Security, I do know that
Madison Police Department has a unit that conducts IT forensics on
electronic devices. They have the appropriate staff, resources and
training to make such determinations. Additionally they have state and
university resources at their availability with more than adequate
training and experience in IT forensics. I am aware of this because I
have had the opportunity to observe and work with them on other IT
Security related issues.

This message and any files transmitted with it is intended solely for
the designated recipient and may contain privileged, proprietary or
otherwise private information. Unauthorized use, copying or distribution
of this e-mail, in whole or in part, is strictly prohibited. If you have
received it in error, please notify the sender immediately and delete
the original and any attachments.
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]