Feb 26 2011

The end of the saga?

Tag: Informática LegalJoaquim Anguas @ 8:02 pm

Thousands of unnamed “John Does” in P2P file sharing lawsuits filed in California, Washington DC, Texas, and West Virginia have been severed, effectively dismissing over 40,000 defendants. The plaintiffs in these cases must now re-file against almost all of the Does individually rather than suing them en mass. These rulings may have a significant impact on the copyright trolls’ business model, which relies on being able to sue thousands of Does at once with a minimum of administrative expense. The cost of filing suit against each Doe may prove prohibitively expensive to plaintiffs’ attorneys who are primarily interested in extracting quick, low-hassle settlements.

See also:
On the menu for today: Motion to quash
Economies of scale
News on 873
Single action, multiple defendants and the power of self interest>

Vía:
EFF


Feb 24 2011

cloud based computer forensics pipeline

Tag: Informática LegalJoaquim Anguas @ 9:55 am

In a scenario in which there’s a need for flexible computing power for certain companies offering services in the computer forensics arena, cloud computing appears to be a model ready to offer value.

Amazon offers a set of services that may support the needs for flexible computing power a full “ingest/digest” analysis pipeline may need.

Continue reading “cloud based computer forensics pipeline”


Feb 22 2011

Block Size Matters

Tag: Informática LegalJoaquim Anguas @ 9:15 pm

There’s an ongoing debate regarding the role of the public “trust” when performing an HDD cloning action.

What does a notary or a judicial clerk add to the action? And regarding the tools, is it better to use a single purpose device as a cloning machine or a multi-purpose one as a laptop computer?

In my humble opinion both the cloning machine and the notary/judicial clerk don’t add much more in a technical sense, but in fact they create an scenario in which it is less likely that the part that suffers the action will attack it in court.

As the time that takes to complete the action may be important, performance may be a factor in the decision, and here’s where the tittle comes in.

For some time now I’ve been experimenting with different means to acquire forensically sound disk images. The cloning machine I use is an Intelligent Computer Solutions Image MASSter Solo-3 Forensics. It can deliver 2,5GBpm when hashing SHA1 on SATA 7.200 drives. This means close to 7 hours for a 1TB drive…

I prefer to use the cloning machine when I perform the cloning procedure in court or with the intervention of a notary. When cloning big disks, I try to get the room locked while the copy is being performed and get back the next day to see the result.

But in other cases you may consider the following performance results the next time you need to perform a disk image:

  • No hash 1.080GB/h
  • MD5 923GB/h
  • SHA1 923GB/h

So, what if instead of almost 7h you could perform a complete clone of a 1TB HDD in a bit more than 1h?

Enter the “poor’s man cloning machine”…

Continue reading “Block Size Matters”


Feb 17 2011

history repeating…

Tag: (i)realidadJoaquim Anguas @ 5:34 pm

This looks familiar to me:

As with previous seizures, ICE convinced a District Court judge to sign a seizure warrant, and then contacted the domain registries to point the domains in question to a server that hosts the warning message. However, somewhere in this process a mistake was made and as a result the domain of a large DNS service provider was seized.

The domain in question is mooo.com, which belongs to the DNS provider FreeDNS. It is the most popular shared domain at afraid.org and as a result of the authorities’ actions a massive 84,000 subdomains were wrongfully seized as well. All sites were redirected to the banner below.

A noble initiative, but one that went wrong, badly. The above failure again shows that the seizure process is a flawed one, as has been shown several times before in earlier copyright infringement sweeps. If the Government would only allow for due process to take place, this and other mistakes wouldn’t have been made.

Via http://torrentfreak.com/u-s-government-shuts-down-84000-websites-by-mistake-110216/.

See also http://www.dhs.gov/ynews/releases/pr_1297804574965.shtm.


Feb 15 2011

Risky Business

Tag: (i)realidadJoaquim Anguas @ 6:25 pm

Short
http://www.boingboing.net/2011/02/15/the-implosion-of-sec.html

Long

+

http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars

Longer

+

http://www.ft.com/cms/s/0/87dc140e-3099-11e0-9de3-00144feabdc0.html#axzz1E3621iOg (registration needed)
http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars
http://arstechnica.com/tech-policy/news/2011/02/virtually-face-to-face-when-aaron-barr-met-anonymous.ars
http://www.salon.com/news/opinion/glenn_greenwald/2011/02/11/campaigns/index.html
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/

Uptade

http://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars

http://www.hbgary.com/
http://www.bericotechnologies.com/
http://www.palantirtech.com/
http://www.hunton.com/