Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VA Employee's Stolen Laptop Recovered--But Don't Relax Yet

On June 28, the U.S. Department of Veterans' Affairs announced it had recovered the laptop and external hard drive stolen from an employee's home May 3. MSNBC reports the hardware had been sold out of the back of a truck in Wheaton, Md., about four miles from where it was taken. Soon after, the FBI issued a statement saying, "A preliminary review of the equipment by computer forensic experts determined that the database remains intact and has not been accessed since it was stolen."

That statement might make veterans feel better, but it's a false sense of security that's only as strong as a "1" or a "0" in a registry key. It's impossible to be certain that a copy of the data was not made--no evidence that the data was accessed is not the same as evidence that the data was not accessed.

When skilled forensic experts perform digital analysis, the first thing they do is make an exact digital bitstream copy of the hard drive in question, without modifying it. We discuss methods for doing just that in our review of network forensic tools. With one registry tweak, that hard drive could have been copied, bit for bit, without leaving a trace. Meanwhile, the V.A. said it will decide whether to offer free credit monitoring once it receives the results of the FBI's complete forensic exam of the equipment. -- Jordan Wiens, [email protected]