Posted on 01/17/2008 6:03:54 PM PST by Teflonic
Best Buy's Geek Squad isn't exactly known for respecting people's property. This time, however, instead of us catching them, they caught a guy with child porn.
A middle school custodian sent in a hard drive back in August of 2007 to recover lost data. Upon performing their usual search (and invasion of personal privacy), the Geek Squadders at a Twin Cities location found over 800 images of young girls between the ages of 7 and 15 in various states of undress and performing sexual acts. The Geek Squad promptly turned the evidence over to the police. The police eventually obtained a search warrant and -- upon execution -- found more evidence in the janitor's home.
While we would like to say that this guy is sick and deserves whatever punishment he gets, we are disturbed by the conduct of Geek Squad employees who seem to make it a habit of going through customer data. Whether or not the data is illegal and leads to arrest, warrantless searches by non-law-enforcement personnel is disturbing on an ethical level and we're pretty sure unconstitutional.
An experienced forensic examiner can find evidence of such activity. The scenario you describe would be pretty easy to prove or disprove. If is was a botnet and was just using the guy's hard drive as a server, there would be no evidence that anyone actually opened the file on that system. When a file is opened, as opposed to being copied or downloaded, link files and other traces are created all over the place. That is just one fast way to tell, but there are others.
Trust me, if I was tasked to examine a case like that, I would make every effort to prove whether the pictures were deliberately downloaded and viewed. If I could not, I would say so, but I would try to validate any other possibilities as well.
not really, modding the table is just as easy. there are simple scripts to do it
It's not as simple as that. Sure, if you are really sharp, you might figure out how to modify the file table, but what are you going to do about all of the copies of the file table that are in the unallocated clusters? I don't think I have done a single examination where I haven't found 2-3 copies of the file table, including records for deleted files. Since the file system doesn't "know" about these copies, it would be almost impossible to modify them via a script.
In general, if anyone wants to get his computer fixed (at Best Buy or anywhere elese) without having his data stolen and risking identity theft, its best to look over the service persons shoulders while hes doing his thing. Be very suspicious if he whips out a USB drive and starts copying your files to it.
I had some computer problems a few years ago. The husband of a coworker was a computer technician. He fixed my computer for me but seemed a little annoyed when I picked up my machine. Now I guess it was because I’m boring!
Meanwhile Granny is getting robbed two blocks over while the cops investigate what this guy has on his computer.
I’m guessing you don’t have kids. Or you don’t care if a pervert molests kids.
If he did it gratis, I suspect he was annoyed because he felt you were imposing on him. Fixing computers is time-intensive and frustrating. It is doubly so when done without pay.
my kid bought a used laptop with a “clean” hard drive. How do I make sure it’s “clean”. Should I just get rid of the hard drive or do the “overwrite” clean of the hard drive and reinstall windows?
Can someone be “set up” by loading their hard drive with porn and then turning them in? Like a virus or trojan horse? My wife’s IE browser goes to auction sites, advertising for travel agency and other sites before going to her designated home page. Is that a “trojan horse” virus.
I had a hard drive crash over a year ago and went to a MacBook Pro, no viruses yet, but I don’t visit many web sites.
How do you encrypt data on Apple OSX?
Fixing computers is time-intensive and frustrating. It is doubly so when done without pay.
When I sent my laptop back to Dell for repair, they told me to pull out the hard drive first. I did.
Download a copy of DBAN (Derik's Boot and Nuke), create a bootable floppy or CD, boot up the laptop and wipe it. Then re-install.
Most people just FDISK and reformat, but that doesn't get rid of anything on the drive. IF there is something illegal on it, you could have to spend a lot of money proving you didn't put it there. DBAN is free - all you spend is the time to wipe it and reinstall.
You should even do this if you buy a new drive. Sometimes, "new" drives have been returned and repaired, and may have data from previous owners.
I’m not really a Mac person, so I don’t have anything off the top of my head, but if you Google it, you should find some utilities.
How hard would it be for someone who was so inclined (and wanted to frame someone) to use a bot to make it look as though that person has deliberately viewed child porn?
Also, did you deliberately download a picture called zzzzz123.gif? Better check your cache! |
Hey! I guess those morons are good for something after all!
If the PC were sent in to have Office installed, I’d agree with you, but the task at hand was data recovery, so it would seem reasonable to look at at least a representative sample to see if it was in fact getting recovered. If they stumbled on evidence of illegal activity in the process of doing an otherwise reasonable inspection, I don’t think it wrong that they should turn it over to the cops.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.