Intel have announced their range of new SSD's with a range of security and data stability tools, the 320 range. The include sizes from 40gig to 600gig (if you have the money!) and my experience is that they are crazy fast. Putting your OS on one of these would make a huge difference to the speed of the overall machine.
However, Intel state that they come with a default AES 128 full disk encryption system which apparently successfully finds the trade off of speed and encryption/decryption. The thought of new machines coming already set up with an AES flavour is enough to make the average digital investigator hang up his mouse and go stack shelves in Salisbury's (small print - other supermarkets also offer shelf stacking opportunities) . Should we be worried?
It is true that the disk, out of the box comes running a AES 128 key providing full disk encryption. However, plug the disk into your machine and it will run with no seeming encryption involved at all? How so? Simply because there is no user key set up as default. To make the encryption 'work' as a security layer the user has to set up an ATA BIOS user password to secure the encryption key. Don't set up a BIOS password, no useful encryption. Excellent!
Knowing bad guys, and most of us have the misfortune of knowing their computers rather well, they are notoriously mistrusting of encryption and it is unlikely that the computer they buy will come with a big sticker saying how vital it is that they set a BIOS password. Indeed, many people believing that they are experts will read the drive specs, see AES 128 and believe that they are more secure than NASA. All which makes me think I should delete this blog post? Ah well, no one reads it!
I was kicking around yesterday looking for a decent Exif viewer for the Mac, I found one or two but they didnt support extraction of GPS data. Turns out my time was wasted and OSX supports and reports Exif data including GPS location data.
Step 1. Open your image in Preview mode.
Step 2. Cmd-i to Open Inspector
Step 3. Click the 'i' tab and select Exif or GPS button
It even has a 'Locate' button to fire the coordinates up in Google maps. Simple and brilliant.
Although there isn't an export feature, the dialogue does allow you to copy and paste the data out into a text program.
I've been working with computers since my ZX81, closely followed by an Oric 1 (if anyone remembers those?). In the past 9 years I've been working in the area of computer forensic investigation and research in both the Law enforcement and Corporate worlds.
I have trained 100's of investigators in the past few years in the area of Live Forensics and RAM Analysis.
Lately I have been working with Law enforcement agencies across Europe and the USA in both an operational and training capacity.
Computer forensics is an evolving science with constantly developing tools and techniques. CSITech, led by Nick Furneaux, is striving to be at the forefront of these developments working on tools and techniques for the collection and analysis of volatile data for both the Law Enforcement and Corporate worlds.