Hal Pomeranz has announced a new set of tools to help with digital forensics for unallocated space on Linux systems using EXT3 (not compatible with EXT4). Indirect blocks are the areas of a disk that are unlike direct blocks — they are not sequential, nor are they always associated with a start/end to a file:
The problem of indirect blocks in the middle of the file content is addressed by tools like Foremost by simply skipping over the indirect block and ignoring its contents. Actually, Foremost will skip the first indirect block that normally occurs in the 13th data block in the run but fails to remove later indirect blocks (the double and treble indirect block chains) from the recovered image, again leading to file corruption on recovered files larger than 4MB or so.
Simply skipping over or attempting to edit out the indirect block data from the recovered file is probably the wrong thing to do in any event. After all, the block pointer metadata in the indirect blocks provide a map to the location of large chunks of file content from the original file. I have developed a couple of simple command-line tools to find and use the indirect block data to more accurately recover files from unallocated space.
An immigration officer tried to rid himself of his wife by adding her name to a list of terrorist suspects.
He used his access to security databases to include his wife on a watch list of people banned from boarding flights into Britain because their presence in the country is ‘not conducive to the public good’.
As a result the woman was unable for three years to return from Pakistan after travelling to the county to visit family.
The tampering went undetected until the immigration officer was selected for promotion and his wife name was found on the suspects’ list during a vetting inquiry.
No one noticed for three years that the officer was married to a no-fly wife? No one noticed that a woman was on the list without any justifiable cause? So they started to promote him and then fired him, both for his talented work with the security database. In other words, he could arbitrarily enter someone into the list of terrorist suspects. His mistake was to enter someone into the list to whom he was married.
Perhaps my favorite line in the presentation is when Dr. Hany Farid says what worried people about doctored Iranian missile photos was not the number fired, but that the Iranians figured out how to use Photoshop.
In related news the Chinese were just accused (again) of showing Top Gun movie images as real and current military news.
Eating sustainably is at the very core of Bay Area culture, an essential part of the local ethos. Our chefs are leaders of the organic movement, and when we sit down in a top-rated restaurant, we take it for granted that the food we’re served has been sourced with the best interests of the planet at heart. We assume that the salad greens are always organic and that the porchetta sandwich we stand in line for is made with meat from a humanely raised, hormone-free pig who spent his days rooting for acorns underneath an oak tree. But when it comes to offering sustainable seafood, very few local restaurants get it right in any consistent way.
a blog about the poetry of information security, since 1995
