My Bite Into The Apple

by jurvetson

Use Of Backup Tapes In Computer Forensics

The field of Computer Forensic work is very closely associated with data recovery from data storage media such as USB pens and hard disk drives. However there is a lot of information that is not stored on a data disk but is in fact stored on data tapes. In fact throughout the world the largest amount of data is stored on data tapes. Therefore is this kind of information and its storage facility any use to those in the computer forensic field?

Most of us are aware that the hard disk drive of a computer holds the most current information available as well as a variety of other forensically valuable data such as local temporary files and internet history records. So if you have the hard disk drive is there any reason to look at backup data tapes?

With computer forensic work there is often a background investigation conducted meaning that it is preferable that the less people that are involved is the choice to conduct the investigation. Where there is the ability to use data that is from a tape archive it is often a way to carry out an investigation more discretely and does not require that entire systems must be seized. When it is possible to locate data backup tapes this is an option to conduct an investigation or audit with the potential to do so without alerting those being investigated or audited.

With an audit for example the disruption spreads further than that business or person being audited and raises fear in others and being able to covertly carry out the data analysis, prior to any investigative results, reduces any stress or loss of morale of others who are not perhaps directly involved.

Data in local systems comes and goes and can often be replaced, especially where this is the intention of the business or person being investigated. Back up data information provides a snap-shot of a system or systems and therefore provides a historical record. Therefore if there is an attempt to remove information from a local system and that information was previously stored on a back up system then that information will be able to be recovered within the backup data tape.

Those who specialize in this form of investigation will work back through the backup data tapes and can therefore gain a greater insight into any system abuse or illegal behavior that may have taken place. Unless the person who is attempting to erase information has a great knowledge of the system and erasure techniques then the information that is being sought, if it in fact exists, should be located within the backup infrastructure.

Those conducting the investigation of the data must have knowledge of the backup infrastructure itself. There is likely to be a significant amount of information stored within backup tapes so knowledge of how to process this information to reduce the search time requirements is a key factor. This is especially important relating to cost factors as well as man-power and time to conduct any investigation or audit.

As an example, if there are 3000 tapes that require 3 hours each to read completely and you could use 10 systems with 80% operating time this would mean the required time to read the 3000 tapes would be approximately 50 days. This does not take into account the requirement to actually analyze and organize the data itself.

In these cases a pre-scanning system for the specific type of tape and system is required to reduce the actual time for identification of the data on each of the tapes. When this is effectively carried out the time can be reduced from 3 hours per tape down to approximately 15 minutes per tape. That therefore reduces the time period from 50 days to around 4 days for the reading of the data.

The point being that while the data tapes hold the information required a suitable system must be available to sort and categorize the information to eliminate irrelevant data and only leave those investigating the tapes the information that they require to complete a more thorough analysis of the relevant facts.

There are a great many factors in computer forensic analysis and there are no standard systems that will apply to all data tapes. A great understanding of the system and where the data may be stored is generally the first step in the investigation, after retrieval of the data tapes. This information is of course beneficial to those being investigated as well as those who wish to have some investigation completed. There is a great deal of information available about the abilities of computer forensics and if this is something that interests you it is suggested you yourself “dig a little deeper” into your particular angle of computer forensics. .

Related Computer Forensics Articles

Bookmark It

Hide Sites

by D.C.Atty

Getting A Computer Forensics Degree

It’s no secret that a degree related to the computer or technology field is the equivalent of a golden ticket and leading that field in job availability is a computer forensics degree. Crimes online have grown at an astounding rate and continue to do so all across the globe. It is the job of the computer forensics specialist to uncover those crimes and to safe guard the public against future ones. As more and more of our personal information makes its way online businesses both large and small are employing these specialists to ensure their information and that of their clients is safe from the myriad of computer crimes and scams that are now almost common place in our technology driven society.
A degree in computer forensics will provide you with a wide skill set including; analyzing computer data and security, network technologies, understanding the constant stream of user traffic, criminal justice, engineering and computer science. These are all essential skills for a career in the ever expanding field of computer forensics. Other skills include but are not limited to cytology, file formats, protocols and online security.
It is a fast paced and diverse career path that is continually evolving in order to stay one step ahead of those looking to illegally profit online. If your future degree options are to be decided by future job availability then a degree in computer forensics, whether you choose to learn online or on site, may be exactly what you are looking for.

_MG_0079


Image by dbking
Computer Forensics / Crosstech Media’s "ITEC" combined expo area…(West Registration)

lableo.blogspot.com Computer Forensic & Investigation

Related Computer Forensics Articles

Bookmark It

Hide Sites

by Jack Spades

What is Computer Forensics and where is it used?

Computer forensics is becoming more and more prevalent in the ever increasing technological age we are living in.  Computers and mobile devices have become an integral part of our lives, checking email and sending text messages is now second-nature to most.

This expanded use of computers, mobile phones and pda’s has lead to a large rise in the amount of electronic data that now exists.  Social networking sites such as Facebook and Twiiter encourage the sharing of this information with friends in the real world as well as friends who are purely online acquaintances.  Often it is the sharing of unauthorised data and where it is being downloaded to that causes issues.

Not all data that is shared over the Internet is completely innocent.  Unfortunately the convenience of emails and downlaodable content for the general public also means that it is convenient for criminals.

As an arm of forensic science, computer forensics involves the analysis of electronic data that is stored on a computer or computer network.  Computer forensic experts will usually examine such data often as part of a criminal investigation, to find out more details about a particular crime.

Often computer system investigations involve seizing the suspected machines and anlaysing their usage profiles, scanning their hard drives and a multiple of advanced techniques that can restore data that will have been ‘deleted’ by the user.

In recent times computer forensics is known to have been employed effectively to provide intelligence information to help prevent terrorist activities, to identify data theft by employees and to convict criminals who have stored illegal material on their computers.

Conversely, computer forensics can also prove the innoncence of anyone suspected of illegal activity.  Like any other branch of forensic science, computer forensic experts will often be able to help make so-called ‘fuzzy’ pictures clearer and by providing a high level of evidence that is accurate and can be relied upon in court.

‘Doe Network’ works to give names to the dead


Image by Renegade98
* Story Highlights
* Todd Matthews, 37, says identifying the "Does" is a "calling"
* The Doe Network has volunteers and chapters in every state.
* More than 40,000 unnamed bodies exist in the U.S., law enforcement reports say
* About 100,000 people are formally listed as missing, according to reports

LIVINGSTON, Tennessee (AP) — Their faces seem to float from Todd Matthews’ computer — morgue photographs, artist sketches, forensic reconstructions — thousands of dead eyes staring from endless Web sites as though crying out for recognition. John and Jane and Baby "Does" whose nameless bodies have never been identified.

His wife, Lori, complains that Matthews, a 37-year-old auto parts supplier, spends more time with the dead than he does with the living, including his two sons, Dillan, 16, and Devin, 6.

You need a hobby, she says, or a goal.

I have a goal, he replies, though he describes it as a "calling."

He wants to give "Does" back their names.

His obsession began two decades ago, when Lori told him about the unidentified young woman wrapped in canvas whose body her father had stumbled on in Georgetown, Kentucky, in 1968. She had reddish-brown hair and a gap-toothed smile. And no one knew her name.

So locals blessed her with one. They buried her under an apple tree with a pink granite tombstone engraved with the words "Tent Girl."

Tent Girl haunted him. Who were her siblings? What was her name?

Matthews began searching library records and police reports, not even sure what he was seeking. He scraped together the money to buy a computer. He started scouring message boards on the nascent Internet.

In the process, Matthews discovered something extraordinary. All over the country, people just like him were gingerly tapping into the new technology, creating a movement — a network of amateur sleuths as curious and impassioned as Matthews.

Today the Doe Network has volunteers and chapters in every state. Bank managers and waitresses, factory workers and farmers, computer technicians and grandmothers, all believing that with enough time and effort, modern technology can solve the mysteries of the missing dead.

Increasingly, they are succeeding.

The unnamed dead are everywhere — buried in unmarked graves, tagged in county morgues, dumped in rivers and under bridges, interred in potter’s fields and all manner of makeshift tombs. There are more than 40,000 unnamed bodies in the U.S., according to national law enforcement reports, and about 100,000 people formally listed as missing.

The premise of the Doe Network is simple. If the correct information — dental records, DNA, police reports, photographs — is properly entered into the right databases, many of the unidentified can be matched with the missing. Law enforcement agencies and medical examiners offices simply don’t have the time or manpower. Using the Internet and other tools, volunteers can do the job.

And so, in the suburbs of Chicago, bank executive Barbara Lamacki spends her nights searching for clues that might identify toddler Johnny "Dupage" Doe, whose body was wrapped in a blue laundry bag and dumped in the woods of rural Dupage County, Illinois, in 2005.

In Kettering, Ohio, Rocky Wells, a 47-year-old manager of a package delivery company, scoots his teenage daughters from the living room computer and scours the Internet for anything that might crack the case of the red-haired Jane Doe found strangled near Route 55 in 1981. "Buckskin Girl," she was called, because of the cowboy-style suede jacket she was wearing when she was found.

And in Penn Hills, Pennsylvania, Nancy Monahan, 54, who creates floor displays for a discount chain, says her "real job" begins in the evening when she returns to her creaky yellow house and her black cat, Maxine, turns on her computer and starts sleuthing.

Monahan’s cases include that of "Beth Doe," a young pregnant woman strangled, shot and dismembered, her remains stuffed into three suitcases and flung off a bridge along Interstate 80 near White Haven in December 1976. And "Homestead Doe," whose mummified body was found in an abandoned railroad tunnel in Pittsburgh in 2000. Her toenails were painted silver.

Monahan was so moved that last year she sought out the tunnel, climbed down the embankment and offered a silent prayer for the young woman whose life ended in such a pitiful place.

"It’s like they become family," Monahan says. "You feel a responsibility to bring them home."

The stories of Doe Network members are as individual as the cases they are trying to solve. Bobby Lingoes got involved through his connection with law enforcement — he’s a civilian dispatcher with the Quincy, Massachusetts, police department. Traycie Sherwood of Richmond, Missouri, joined when her adoptive mother died and she went on line searching for her birth mother. Daphne Owings, a 45-year-old mother of two in Mount Pleasant, South Carolina, needed something to take her mind off the war when her husband was sent to Iraq.

Matches can be triggered by a single detail — a tattoo, a piece of clothing, a broken bone. It’s just a question of the right person spotting the right piece of information and piecing together the puzzle. The process can be tedious and frustrating.

And it can take its toll. Lori Matthews once left her husband for six months because of his obsession with Tent Girl. "He didn’t talk about anything else," she said. "It wasn’t normal."

They reconciled after Matthews agreed to limit the amount of time — and money — he spent on "Does."

Still, Matthews and others say the rewards of cracking a case make the time worthwhile. The Doe Network claims to have assisted in solving more than 40 cases and ruling out hundreds more.

"They do God’s work," says Mark Czworniak, 50, a veteran homicide detective in Chicago.

He first encountered the Doe Network when he was approached by Lamacki, the Chicago bank executive, about potential matches. Unlike some officers, Czworniak has no hesitation about working with civilian volunteers, especially those willing to devote endless hours to cold cases that he cannot get to.

Czworniak says there are hundreds of "Does" in the department files. He is assigned five, including a tall, 30-something man found at the Navy Pier in 2003. Czworniak hopes that the man’s height will help Lamacki or another Network volunteer eventually make an identification.

"She’s like a little bloodhound," says Czworniak, who exchanges e-mails with Lamacki on cases every week and has introduced her to other detectives. "She has the wherewithal and interest and time and she searches these sites I’m not even aware of."

In another sign of the network’s influence, Matthews was asked to serve on a government task force involved in creating the first national online data bank for missing and unidentified.

The National Missing and Unidentified Persons System, NamUS, launched last year, is made up of two databases, one for the missing and one for the unidentified. The goal is to have medical examiners and law enforcement agencies around the country constantly update information on both sites. Next year the sites will be linked and made available for public searching.

No one believes NamUS will put the Doe Network out of business — there will always be a need for people with their expertise to make the necessary connections.

And so, families of the missing will no doubt continue to rely on people like Todd Matthews.

At his house in Livingston, Matthews has built a little nook next to the living room — his "Doe office," he calls it. His desk is laden with pictures of dead bodies. He says he gets many e-mails about cases every week. Every night he scrolls down the lists, searching for new information:

Unidentified White Female. Wore a necklace of silver beads and three small turquoise stones, one resembling a bird. Found in a Calendonia cornfield in New York state in 1979. …

Unidentified White female. Strawberry-blonde hair and 12 infant teeth. Wearing a pink and white dress that buttoned in the back and a disposable diaper. Found Jackson County, Mississippi, 1982. …

Unidentified Black Female. Gunshot wound to the skull. Found next to highway ramp in Campbell County, Tennessee, in 1998…

The last case is close to Matthews’ heart. Sally, he named her, after a Campbell County police officer entrusted him with her skull in 2001.

The police didn’t have the time or means to pay for a clay reconstruction, and so — with the approval of the local coroner — Matthews took the skull to a Doe Network forensic artist. A picture of the reconstructed head was placed on the Network site. The skull sat on Matthews’ desk for over a year, and even Lori, who was at first so horrified she couldn’t look at it, grew fond of Sally. She remains unidentified.

But even Sally cannot take the place of the first Doe, the one who changed Matthews’ life. He still regularly drives to Kentucky, to a lonely plot in Georgetown to visit her.

"She’s family now," he says.

Standing by her grave, he tells of the night in 1998 when, scouring chat rooms for the missing, he stumbled upon a message from Rosemary Westbrook of Benton, Arkansas.

Westbrook sought information about her sister, Bobbie, who was 24 when she went missing 30 years earlier. Bobbie had married a man who worked in a carnival, and she was last seen in Lexington. She had reddish-brown hair and a gap-toothed smile.

Over and over Matthews stared at the message. And in his heart he knew.

Lori, he cried, racing into the bedroom and shaking awake his wife

"I’ve found her. I found Tent Girl."

Weeks later the remains were exhumed. The match was confirmed by DNA.

The family decided to re-inter her in the place that had been her resting spot for so many years. Beneath the stone etched "Tent Girl" they placed a small gray one engraved with her real name, the name that Matthews had restored.

She is Barbara Ann Hackmann, now and for eternity.

Copyright 2008 The Associated Press. All rights reserved.This material may not be published, broadcast, rewritten, or redistributed.

‘Doe Network’ works to give names to the dead
www.cnn.com/2008/CRIME/03/25/doe.network.ap/index.html

The Doenetwork
www.doenetwork.org/

Project EDAN – Everyone Deserves A Name
www.projectedan.us/

Raising the Dead – Wired
www.wired.com/wired/archive/12.08/matthews.html

Tent Girl – Barbara Ann Hackmann
www.angelfire.com/tn3/masterdetective2/

Sketches express softer side of missing women
www.missingpeople.net/sketches_express_softer_side_of.htm

More Computer Forensics Articles

Bookmark It

Hide Sites