RSS
Email
Print
ShareVA Employee's Stolen Laptop Recovered--But Don't Relax Yet
Posted by Jordan Wiens on July 13, 2006
On June 28, the U.S. Department of Veterans' Affairs announced it had recovered the laptop and external hard drive stolen from an employee's home May 3. MSNBC reports the hardware had been sold out of the back of a truck in Wheaton, Md., about four miles from where it was taken. Soon after, the FBI issued a statement saying, "A preliminary review of the equipment by computer forensic experts determined that the database remains intact and has not been accessed since it was stolen."
That statement might make veterans feel better, but it's a false sense of security that's only as strong as a "1" or a "0" in a registry key. It's impossible to be certain that a copy of the data was not made--no evidence that the data was accessed is not the same as evidence that the data was not accessed.
When skilled forensic experts perform digital analysis, the first thing they do is make an exact digital bitstream copy of the hard drive in question, without modifying it. We discuss methods for doing just that in our review of network forensic tools. With one registry tweak, that hard drive could have been copied, bit for bit, without leaving a trace. Meanwhile, the V.A. said it will decide whether to offer free credit monitoring once it receives the results of the FBI's complete forensic exam of the equipment. -- Jordan Wiens, jwiens@nwc.com
Add Your Comment: