Forgot your password?
typodupeerror
Security The Military United States

Tech Forensics Take Center Stage in Manning Pre-Trial 172

Posted by Unknown Lamer
from the next-time-use-a-better-passphrase dept.
smitty777 writes with some updates from Bradley Manning's Article 32 hearing: "Wired has been reporting all [yester]day on the prosecution's technological evidence against Bradley Manning. The first is on the technology and techniques used by Manning. In the second, the examiners admit they didn't find any matching cables on Manning's computer. And finally, evidence that Manning chatted directly with Assange himself." The prosecution was able to access chat logs and other bits of evidence (which had been deleted, but not scrubbed from the disk) thanks to PFC Manning's use of the same password for his OS login and encryption passphrase. Oops.
This discussion has been archived. No new comments can be posted.

Tech Forensics Take Center Stage in Manning Pre-Trial

Comments Filter:
  • Info Doesn't Add Up (Score:3, Interesting)

    by am 2k (217885) on Tuesday December 20, 2011 @09:15AM (#38433230) Homepage

    Maybe it's the usual journalist dumbing-down, but the forensics info doesn't add up:

    Then, on or around Jan. 31, someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. Whoever initiated the process chose an option for overwriting the data 35 times — a high-security option that results in thorough deletion — but that operation was canceled. Later, the operation was initiated again, but the person chose the option to overwrite the information only once — a much less secure and less thorough option.

    So it's "only" zero-filled.

    Mark Johnson, a digital forensics contractor for ManTech International who works for the Army’s Computer Crime Investigative Unit, examined an image of Manning’s personal MacBook Pro...

    How is that contractor able to decode the original data from a zero-filled disk from a mere image?

  • Re:Not so fast... (Score:4, Interesting)

    by vlm (69642) on Tuesday December 20, 2011 @09:27AM (#38433340)

    Or he most certainly did, or at least he set up an automated system to do it, etc.

    But, no one can/will publicly admit the truth, that either the automated system to do that can be selectively remotely subverted on command (perhaps a routine investigation into him "fishing expedition" found more than expected?) OR the secret truth that cannot be discussed is that classified data recovery operations can read overwritten data much better than public recovery operations.

    Most likely this is one of those "lawyers approach the bench" undocumented moments where both sides were informed that public discussion of these classified projects in this trial will be prosecuted, etc... The less this seemingly important topic is discussed during the trial, the more likely they're covering up some interesting technical means.

    Having worked in a Army reserve unit in the early 90s in an IT-like capacity, we were told if we were overrun, the ammo depot's records had to be wiped by thermite, not "writing zeros" or whatever. This is public knowledge, read the public TMs. There is probably a very good reason when going up against "the bad guys" you only trust thermite, and going up against internal investigators and auditors, "trust us, writing zeros is good enough"

  • Re:Not so fast... (Score:4, Interesting)

    by Alranor (472986) on Tuesday December 20, 2011 @10:12AM (#38433884)

    Having worked in a Army reserve unit in the early 90s in an IT-like capacity, we were told if we were overrun, the ammo depot's records had to be wiped by thermite, not "writing zeros" or whatever. This is public knowledge, read the public TMs. There is probably a very good reason when going up against "the bad guys" you only trust thermite, and going up against internal investigators and auditors, "trust us, writing zeros is good enough"

    Of course, that might have something to do with the fact that zeroing out the hard drives takes a not insignificant amount of time compared with just blowing them up. I've never been in the military myself, but I would hazard a guess that you might be under some time pressures if your base is being overrun by the enemy.

Put no trust in cryptic comments.

Working...