police seize computer

For most General Posts.
Forum rules
The articles and opinions written on this website , might not reflect the views of the site, We do not give legal advice and in no way are we responsible for what is written by our members

police seize computer

Postby skipper1 » Tue Sep 07, 2010 9:30 am

So when the police come to your house and break into your home arrest you and seize goods for examination due to a crime for whatever reason.
say your a pedo fiddler, drugs, internet hacking etc........................

they will seize your computer and take it away for examination, how do they get into it? if there is no password its easy, but what if its locked with a password?

what if you dont give them a password? im sure they will try and have you for something but that could be against your human rights not to incrimnate yourself?

but what if you flat refuse? how do they get into your computer? do they hack it? i bet they do, if not any eveidence will go unused, they must get specialists in to hack your computer.
User avatar
skipper1
 
Posts: 1720
Joined: Thu Sep 24, 2009 9:11 pm
Has thanked: 1 time
Been thanked: 6 times

Re: police seize computer

Postby stutterman » Tue Sep 07, 2010 9:55 am

hi skipper1
if its xp its easy just shutdown in to safemode goto user accounts & change an accounts & click on your account &create a password done
stutterman
 
Posts: 11
Joined: Thu Feb 25, 2010 12:26 am
Has thanked: 0 time
Been thanked: 0 time

Re: police seize computer

Postby 46traveller » Tue Sep 07, 2010 9:59 am

Hi skipper, police took both my computers and my phones (even the old ones) when they called on me a few years back. Took me over a year to retrieve them along with some dosh they tried to steal. As far as I could tell, they never bothered to even plug in the computer. They certainly never removed the H/D, the dust confirmed that. They never took my external H/Ds either, I thought that was strange. I think they just took it in the vain hope I would panic and confess to being a very naughty boy. Anyway unless they believe you are up to real scary stuff, (ie. Conspiracy charges) I can't see them bothering. As always better safe than sorry

You were born an individual, don't die a copy.
46traveller
 
Posts: 264
Joined: Thu Jul 01, 2010 2:54 pm
Has thanked: 0 time
Been thanked: 0 time

Re: police seize computer

Postby llewop » Tue Sep 07, 2010 2:23 pm

stutterman wrote:hi skipper1
if its xp its easy just shutdown in to safemode goto user accounts & change an accounts & click on your account &create a password done


i think an easier way for XP, if you dont know the user or passwords, just type in username as: Administrator, leave the password blank and click login.

i think this is a little known hack... but all windows have such hacks, they all have backdoors in which any government agent can access.

http://www.ubuntu.com/ will help with system security
llewop
 

Re: police seize computer

Postby freeman2009 » Tue Sep 07, 2010 5:28 pm

46traveller wrote:Hi skipper, police took both my computers and my phones (even the old ones) when they called on me a few years back. Took me over a year to retrieve them along with some dosh they tried to steal. As far as I could tell, they never bothered to even plug in the computer. They certainly never removed the H/D, the dust confirmed that. They never took my external H/Ds either, I thought that was strange. I think they just took it in the vain hope I would panic and confess to being a very naughty boy. Anyway unless they believe you are up to real scary stuff, (ie. Conspiracy charges) I can't see them bothering. As always better safe than sorry

You were born an individual, don't die a copy.


For computer forensics they won't power it up as this will change the data on the hard drive. This change by them could make any information retrieved inadmisible in court. They connect a cable directly to the hdd and burn a read only copy of all data on it. It is a bit by bit copy so it includes all hidden partitions, PGP files and drives, boot sectors and erased or corrupted data files. This is then trawled through later by specialists. They don't need a password as that is only needed for the operating system which they will not be running. It is also very easy to crack passwords on any windows pc.
Even if all the data on the drive is encrypted, it can be decoded. There are also laws that make it a criminal offense not to provide passwords for encrypted data, even if you have forgotten it :roll: Another reactionary bullshit law for technology they didn't understand and is now outdated.

What winds me up is that they could take a copy of the drive and give it back to you in less than a couple of hours. It's the inconvienience that loosing a computer causes especially if you work from home. Seizing and keeping a computer is like seizing your car because they want to see what colour it is.
freeman2009
 
Posts: 234
Joined: Fri May 15, 2009 12:14 pm
Has thanked: 0 time
Been thanked: 0 time

Re: police seize computer

Postby skipper1 » Tue Sep 07, 2010 5:33 pm

i think a self destruct button is best, unless your a pedo then die but otherwise we need to stop these money makign slave driving villians from controlling our lives.
User avatar
skipper1
 
Posts: 1720
Joined: Thu Sep 24, 2009 9:11 pm
Has thanked: 1 time
Been thanked: 6 times

Re: police seize computer

Postby codstar » Tue Sep 07, 2010 5:52 pm

i use a boot-able disc to hacked windows accounts xp is easy like stutterman says vista alittle harder
my customers are always forgetting their passwords
If we value the pursuit of knowledge, we must be free to follow wherever that search may lead us. The free mind is not a barking dog, to be tethered on a ten-foot chain.
User avatar
codstar
 
Posts: 116
Joined: Sun Mar 29, 2009 10:27 pm
Has thanked: 0 time
Been thanked: 0 time

Re: police seize computer

Postby bodge » Tue Sep 07, 2010 6:20 pm

Registry Security
Registry Access
The earlier versions on Windows were not really intended for office network connectivity
and as a result it was never really considered that no security or access controls existed
for the registry. This was directly true in both Windows 95 and Windows 98 and for the
forensic analyser this is very helpful as it means that the machine can be examined
without specifying any formal security details.
This though is not the case with the following Microsoft products:
• Windows NT
• Windows 2000
• Windows 2003
• Windows XP
Each of which have implemented a more secure registry access control list where only
the administrator can perform certain tasks (although this needs to be explicitly
specified). Each key can have specific access controls making it ideal for a multi-user
environment.
Password Storage
Interestingly enough, the software developers who thought that the registry was a useful
place to store application information, also thought it was a convenient place to store
usernames and passwords. Although the developers went through the process of
encrypting the data, it is possible to obtain the stored information using a simple freely
available utility called PassView7 that provides access.



Startup Applications

When first inspecting the registry, it worth initially checking the areas that have been
assigned the functionality to specify which applications can be launched during the boot
process. These common keys are as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
ProfilePath\Start Menu\Programs\Startup\

REGISTRY FORENSICS
Software\Microsoft\Search Assistant\ACMru\5604

Software\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU
Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

The UserAssist key, HCU\Software\Microsoft\Windows\CurrentVersion \Explorer\UserAssist, contains two or more subkeys which have long hexadecimal names that appear as globally unique identifiers (GUIDs). Each subkey records values that pertain to specific objects the user has accessed on the system, such as Control Panel applets, shortcut files, programs, etc. These values however, are encoded using a ROT-13 encryption algorithm, sometimes known as a Caesar cipher. This particular encryption technique is quite easy to decipher, as each character is substituted with the character 13 spaces away from it in the ASCII table. A much faster and easier method to decipher this code is with the use of an online ROT-13 decoder, such as http://www.edoceo.com/utilis/rot13.php
Wireless networks today are popular and are only becoming more popular. A wireless ethernet card picks up wireless access points within its range, which are identified by their SSID or service set identifier. When an individual connects to a network or hotspot the SSID is logged within Windows XP as a preferred network connection. Unsurprisingly, this can be found in the Registry in the HKLM\SOFTWARE\ Microsoft\WZCSVC\Parameters\Interfaces key. When opening this Registry key there may be subkeys beneath it, like UserAssist, that look like GUIDs. The contents of these should contain the values “ActiveSettings” and “Static#0000”. There may be additional values that begin with “Static#” and are sequentially numbered. In the binary data of these “Static#” values are the network SSIDs of all the wireless access points that system has connected to. This can be seen by right clicking the value and selecting “modify”, as shown in Figure 4.
In addition to logging the name of the SSID, Windows also logs the network settings of that particular connection – such as the IP address, DHCP domain, subnet mask, etc. The Registry key in which this can be found is HKLM\SYSTEM\ControlSet001\ Services\Tcpip\Parameters\Interfaces\, which is illustrated in
Based on this wireless network information, a Forensic examiner can determine if a user connected to specific wireless access point, the timeframe, and their IP address they were assigned by the DHCP server. For instance, if it were a case about a child pornography suspect that was war-driving to various network connections and using them illegally, these methods would be very useful. Given the suspect’s computer to run an analysis on, would make it possible to see what network connections they were using and the IP address that was assigned to further support a subpoena of the ISP
Windows XP implements a network mapping tool called My Network Place, which allows users to easily find other users within a LAN or Local Area Network. A computer on a properly configured LAN should be able to display all the users on that network through My Network Place. This list of users or computers, like many other things, is stored in the Registry. Therefore, even after the user is no longer connected to the LAN, the list of devices that have ever connected to that system still remain, including desktop computers, laptops, and printers. The Registry key where this information is stored is HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions.
Ged tha mi bochd tha mi uasal ; buidheachas do Dhia is ann de
Chlann 'ill Eathain mi (Though I am poor I am proud; thank God I am
a Maclean.)
User avatar
bodge
 
Posts: 19587
Joined: Fri May 07, 2010 9:50 pm
Location: North Somerset
Has thanked: 123 times
Been thanked: 127 times

Re: police seize computer

Postby harry tuttle » Tue Sep 07, 2010 6:50 pm

Use an app like TrueCrypt, which..

Provides plausible deniability, in case an adversary forces you to reveal the password:

Hidden volume (steganography) and hidden operating system.


A hidden operating system is a system (for example, Windows 7 or Windows XP) that is installed in a hidden TrueCrypt volume. It should be impossible to prove that a hidden TrueCrypt volume exists (provided that certain guidelines are followed; for more information, see the section Hidden Volume) and, therefore, it should be impossible to prove that a hidden operating system exists.
"We've made it very clear that the merger of State and Corporate powers, by definition, is called Fascism. And what we are seeing is the merger of State and Corporate powers like never before". Gerald Celente
User avatar
harry tuttle
 
Posts: 560
Joined: Mon Jan 25, 2010 12:22 am
Location: Hidden away in the ducts
Has thanked: 0 time
Been thanked: 4 times

Re: police seize computer

Postby Steve of Lincoln » Tue Sep 07, 2010 7:10 pm

No you're all way out. Now pay attention, because im going to give the secret away, as i was involved indirectly in this field

The police us a software tool called ENCASE, sold by these people http://www.guidancesoftware.com . They wont sell it to you or me though, only policemen.....

First of all you have to appreciate that if you are the police and you turn on a siezed computer you may alter files dates and times and destroy forensic evidence.

So they never turn it on.

What they do is remove the hard drive and put it in another machine loaded with ENCASE. The software then scans the harddrive at a very low level - bit by bit, and it recognises documents by there bit patterns - all file types have unique file headers which if you spot means you can pull off the rest of the document. They can retrieve all the data off the machine - documents, images, videos, emails, everything. The passwords for the user accounts and documents are irrelevant. Note also that this technique will spot all deleted documents provided they sectors where they lived haven't been overwritten.

Once they have made a bit by bit copy of the drive, they then do a data remnance examination of the RAM, its possible to recover the RAM contents present before the machine was powered down.

They always use these copies, the RARELY work on the original drive due to the danger of destroying evidence.

If they think there onto a big crook, they may pay for a Magnetic resonance imaging scan done on the drive (needs a specialist company like Norton). This can detect the direction of the molecular magnets in the disc material and reconstruct the ghost of the image left long ago, even if it has been erased and overwritten many times. Norton are so good at this they have recovered all the data of hard drives on machines utterly toasted in building fires.

The only time the police need passwords is to get into online accounts on websites, such as Hotmail.

SO, how do you defeat ENCASE?

Well its possible. Theres a program called EVIDENCE ELIMINATOR that deletes and cleans up a machine so well it stuffs ENCASE entirely, depending what you tell it to leave on. I have personally tested this in a security environment, as we had to invent a procedure to remove all data from computer used by Social Services, including Child Protection, and Evidence Eliminator stripped the machines clean as a whistle.
http://www.evidenceeliminator.org/?gcli ... 2Aod2U-V1w

Next, create a double passworded encrypted, disguised volume on you computer using Truecrypt http://www.truecrypt.org/docs/

"TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc). "

So basically it creates a volume that looks like a large file. The file is encrypted using 128 RSA knapsack encryption (defeats ENCASE). The file also has two passwords. One password opens the dummy, which you fill with a few harmless files, the other password opens the real volume, with all your private stuff in. If the police discover the encrypted volume (unlikely) and you are forced to reveal the password, you just give them the password to the harmless dummy. They have no idea there two versions.

Other forms of privacy protection i use:

1. I subscribe to VPN services to conduct email and some browsing. This is a fully encrypted software tunnel to a third party, and makes your internet activities entirely invisible to the police and your ISP.
2. I also use a HUSHMAIL online email, this is Public Key Encrypted email, its so secure the NSA tried to get it banned because they cant crack it.
3. Use only unregistered second hand phone SIMS, buy second hand phones from junk shops and recycle the SIMS card.
4. Use VOIP phone sif you must have a phone at home (Voice over IP) - this uses your broadband connection NOT a landline and at the moment the authorities have no way to tap it (ie they dont have the technology or access)

It also occurred to me that you could tape a plastic tub filled with thermite, tapoed on top of the hdd, wired to a battery and a microswitch on the PC lid. That way when the bastards try and take the lid off to get at the hdd, it sets off the thermite which destroys the HDD and computer (srsy, thermite in a 4 inch plant pot will melt a hole in a car engine block) see thermite in action below. Thermite is an intimate mix of Aluminium powder and Ferric Oxide (rust)

http://www.youtube.com/watch?v=rdCsbZf1_Ng

Last edited by Steve of Lincoln on Tue Sep 07, 2010 7:21 pm, edited 2 times in total.
User avatar
Steve of Lincoln
 
Posts: 50
Joined: Sat Aug 28, 2010 6:21 pm
Has thanked: 0 time
Been thanked: 0 time

Next

Return to General

Who is online

Users browsing this forum: No registered users and 5 guests

cron