Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Linux and Forensic Discovery

michael posted more than 11 years ago | from the dd-a-double-edged-sword dept.

The Courts 260

Max Pyziur writes "Found this on where Linux is cited in a DOJ document against Moussaoui (sometimes referred to as the "20th man"). FBI: Moussaoui E-mail Not Recoverable - January 1, 2003." An interesting read which gives some insight into how computer evidence is handled in court.

cancel ×


Sorry! There are no comments related to the filter you selected.

fp (-1, Offtopic)

danielsmc (577116) | more than 11 years ago | (#4994579)


Nominations For The 2002 Troll Awards!!!!!1! (-1, Troll)

2002 Troll Awards (637776) | more than 11 years ago | (#4994580)

Hello and welcome to the Nominations for the 2002 Troll Awards! Please take a moment from your busy day and make your nominations! Some catagories are for people and some are for posts, so please pay attention. Nominations are open for the next week and should be made to my journal, or to one of my posts about the nominations. Nominations will be closed at 2pm (Eastern) on Jan 08, 2003. So, here are the catagories:

  • Best Troll (person)
  • Worst Troll (person)
  • Most Improved Troll (person)
  • Gayest Troll (person)
  • Troll With the Biggest Cock (person)
  • Troll You Would Like To Drink With (person)
  • Troll You Would Not Want To Get Stuck In an Elevator With (person)
  • Which Troll Should Retire (person)
  • Troll LifeTime Achievement Award (person)
  • Best Troll (post)
  • Worst Troll (post)
  • Most Fish Caught (post)
  • Most Modded Troll (post)
  • Troll You Don't Want To See Again (post)

Okkay... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4994587)

This is news for nerds, because? Did he use a PDA to communicate, did he build a beowulf cluster; is he evil and thereby enjoys using windows?

Re:Okkay... (-1)

Anonymous Coward | more than 11 years ago | (#4994611)

Because Linux was mentioned. And...well. It's linux and linux is cool and stuff. I mean, c'mon, *linux*, man. Wow, linux.

Trousers (-1)

Anonymous Coward | more than 11 years ago | (#4994703)

I don't think I need to elaborate.

First (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4994591)

Magicnumber was here

In Soviet Russia... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4994597)

Linux runs forensics analysis on YOUR ass!

This is a great example... (4, Informative)

craenor (623901) | more than 11 years ago | (#4994601)

Of the fact that lawyers will argue over anything.

Heh, this seems to be a discussion about whether they used "approved methods" of retrieving a deleted email. According to one person, the LinuxGNU was the only one approved by NIST (national institute of standards and technologies). This of course, is wrong...NIST doesn't "approve" software, they just test it and declare whether or not it works.

Re:This is a great example... (0)

Anonymous Coward | more than 11 years ago | (#4994641)

Why is this being moderated, before any
mirrors are up, and while the site is being /.'ed? The moderators can't access the site
to evaluate this comment.

The comment might be good; we can't tell.

What we can tell is that moderators are either
cairvoyant or on auto pilot.

Re:This is a great example... (1, Offtopic)

craenor (623901) | more than 11 years ago | (#4994723)

huh? my comment hasn't been moderated. It started at +2 and is still at +2 as of this writing...

Re:This is a great example... (0)

Anonymous Coward | more than 11 years ago | (#4994750)

your comment appears to be a direct quote from the article

Re:This is a great example... (2)

craenor (623901) | more than 11 years ago | (#4994823)

this seems to be a discussion

In saying that, I was trying to convey the message that my comments were a summary of a portion of the discussion added to provide relevance to my comments. Sorry if this was confusing.

Re:This is a great example... (1)

spatrick_123 (459796) | more than 11 years ago | (#4994738)

Or maybe, just maybe the original poster used their +1 bonus. I would say this is likely, considering that when looking at the comment there is no moderation information at the bottom of it. Not to mention that the site is not /.ed - I just retrieved the article without any problem. Then again, I'm probably just feeding a troll.

". . . lawyers will argue over anything. " (2, Funny)

kfg (145172) | more than 11 years ago | (#4994853)

Well duh. That's their *job.*


At least... (3, Funny)

Ironica (124657) | more than 11 years ago | (#4994603)

...someone in the government seems to realize that Microsoft can't be trusted ;-)

Go to fucking bed micheal (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4994610)

How many fucktillion hours have you been up for?
Count some sheep!

four quadringentsexoctogintillion, seven hundred eighty two quadringentquinoctogintilliard, two hundred two quadringentquinoctogintillion, seven hundred eighty eight quadringentquattuoroctogintilliard, fifty four quadringentquattuoroctogintillion, six hundred twelve quadringenttreoctogintilliard, twenty nine quadringenttreoctogintillion, five hundred twenty eight quadringentdooctogintilliard, three hundred ninety two quadringentdooctogintillion, nine hundred eighty six quadringentunoctogintilliard, six hundred quadringentunoctogintillion, fifty nine quadringentoctogintilliard, ninety seven quadringentoctogintillion, four hundred fourteen quadringentnovemseptuagintilliard, nine hundred seventy one quadringentnovemseptuagintillion, seven hundred twenty four quadringentoctoseptuagintilliard, twenty two quadringentoctoseptuagintillion, three hundred sixty five quadringentseptenseptuagintilliard, eight quadringentseptenseptuagintillion, five hundred thirteen quadringentsexseptuagintilliard, three hundred forty five quadringentsexseptuagintillion, one hundred nine quadringentquinseptuagintilliard, nine hundred eighteen quadringentquinseptuagintillion, three hundred seventy eight quadringentquattuorseptuagintilliard, nine hundred fifty quadringentquattuorseptuagintillion, nine hundred forty two quadringenttreseptuagintilliard, six hundred sixty two quadringenttreseptuagintillion, nine hundred seventy quadringentdoseptuagintilliard, two hundred seventy eight quadringentdoseptuagintillion, nine hundred twenty seven quadringentunseptuagintilliard, six hundred eighty six quadringentunseptuagintillion, one hundred twelve quadringentseptuagintilliard, seven hundred seven quadringentseptuagintillion, eight hundred ninety four quadringentnovemsexagintilliard, five hundred eighty six quadringentnovemsexagintillion, eight hundred twenty four quadringentoctosexagintilliard, seven hundred twenty quadringentoctosexagintillion, nine hundred eighty one quadringentseptensexagintilliard, five hundred twenty four quadringentseptensexagintillion, two hundred fifty six quadringentsexsexagintilliard, three hundred nineteen quadringentsexsexagintillion, three hundred six quadringentquinsexagintilliard, five hundred eighty five quadringentquinsexagintillion, fifty two quadringentquattuorsexagintilliard, six hundred seventy six quadringentquattuorsexagintillion, eight hundred thirty four quadringenttresexagintilliard, eighty seven quadringenttresexagintillion, four hundred eighty quadringentdosexagintilliard, eight hundred thirty four quadringentdosexagintillion, four hundred twenty nine quadringentunsexagintilliard, four hundred thirty three quadringentunsexagintillion, two hundred sixty four quadringentsexagintilliard, seven hundred ninety seven quadringentsexagintillion, four hundred twenty five quadringentnovemquinquagintilliard, eight hundred ninety three quadringentnovemquinquagintillion, two hundred forty seven quadringentoctoquinquagintilliard, six hundred twenty three quadringentoctoquinquagintillion, six hundred eighty eight quadringentseptenquinquagintilliard, three hundred thirty one quadringentseptenquinquagintillion, twenty one quadringentsexquinquagintilliard, six hundred thirty three quadringentsexquinquagintillion, two hundred eight quadringentquinquinquagintilliard, nine hundred fifty four quadringentquinquinquagintillion, eight hundred forty seven quadringentquattuorquinquagintilliard, three hundred fifty four quadringentquattuorquinquagintillion, eight hundred five quadringenttrequinquagintilliard, seven hundred ninety nine quadringenttrequinquagintillion, nine hundred forty three quadringentdoquinquagintilliard, three hundred forty one quadringentdoquinquagintillion, three hundred nine quadringentunquinquagintilliard, eight hundred twenty five quadringentunquinquagintillion, nine hundred eighty nine quadringentquinquagintilliard, thirteen quadringentquinquagintillion, seven hundred forty three quadringentnovemquadragintilliard, eight hundred six quadringentnovemquadragintillion, one hundred eighty seven quadringentoctoquadragintilliard, one hundred nine quadringentoctoquadragintillion, five hundred eighty one quadringentseptenquadragintilliard, forty three quadringentseptenquadragintillion, one hundred forty eight quadringentsexquadragintilliard, six hundred eighty quadringentsexquadragintillion, eight hundred thirteen quadringentquinquadragintilliard, seven hundred seventy eight quadringentquinquadragintillion, three hundred twenty one quadringentquattuorquadragintilliard, five hundred thirty quadringentquattuorquadragintillion, four hundred ninety six quadringenttrequadragintilliard, seven hundred fifteen quadringenttrequadragintillion, six hundred one quadringentdoquadragintilliard, five hundred sixty three quadringentdoquadragintillion, two hundred eighty two quadringentunquadragintilliard, six hundred twenty four quadringentunquadragintillion, four hundred fourteen quadringentquadragintilliard, forty quadringentquadragintillion, three hundred ninety eight quadringentnovemtrigintilliard, one hundred forty three quadringentnovemtrigintillion, two hundred seven quadringentoctotrigintilliard, six hundred twenty two quadringentoctotrigintillion, thirty six quadringentseptentrigintilliard, two hundred seventy two quadringentseptentrigintillion, one hundred ninety quadringentsextrigintilliard, four hundred eight quadringentsextrigintillion, five hundred ninety quadringentquintrigintilliard, seven hundred ninety quadringentquintrigintillion, five hundred thirty seven quadringentquattuortrigintilliard, two hundred three quadringentquattuortrigintillion, four hundred seventy five quadringenttretrigintilliard, two hundred fifty six quadringenttretrigintillion, one hundred five quadringentdotrigintilliard, five hundred sixty four quadringentdotrigintillion, seventy one quadringentuntrigintilliard, five hundred seventy nine quadringentuntrigintillion, two hundred sixty three quadringenttrigintilliard, eight hundred sixty seven quadringenttrigintillion, eight hundred seventy five quadringentnovemvigintilliard, two hundred forty quadringentnovemvigintillion, nine hundred eighty five quadringentoctovigintilliard, five hundred seventy three quadringentoctovigintillion, three hundred fifty six quadringentseptenvigintilliard, five hundred twenty two quadringentseptenvigintillion, six hundred fifty six quadringentsexvigintilliard, one hundred eight quadringentsexvigintillion, five hundred forty two quadringentquinvigintilliard, one hundred twenty eight quadringentquinvigintillion, five hundred seventy seven quadringentquattuorvigintilliard, three hundred twenty one quadringentquattuorvigintillion, fifty seven quadringenttrevigintilliard, eight hundred seventy nine quadringenttrevigintillion, fifty two quadringentdovigintilliard, three hundred twenty eight quadringentdovigintillion, eight hundred sixty five quadringentunvigintilliard, thirty five quadringentunvigintillion, three hundred fifty five quadringentvigintilliard, eight hundred seventy three quadringentvigintillion, six hundred fifteen quadringentnovemdecilliard, six hundred seventy nine quadringentnovemdecillion, three hundred sixty three quadringentoctodecilliard, six hundred fifty five quadringentoctodecillion, eight hundred eighty nine quadringentseptendecilliard, nine hundred twenty five quadringentseptendecillion, seven hundred eleven quadringentsexdecilliard, five hundred seventy four quadringentsexdecillion, four hundred twenty quadringentquindecilliard, one hundred fifty three quadringentquindecillion, eight hundred thirty two quadringentquattuordecilliard, ninety one quadringentquattuordecillion, seven hundred fifty two quadringenttredecilliard, four hundred twenty two quadringenttredecillion, eight hundred forty three quadringentdodecilliard, forty six quadringentdodecillion, nine hundred eighteen quadringentundecilliard, eight hundred eleven quadringentundecillion, four hundred twenty seven quadringentdecilliard, four hundred quadringentdecillion, six hundred sixty two quadringentnovemtilliard, one hundred thirty five quadringentnovemtillion, five hundred fifty nine quadringentoctotilliard, three hundred three quadringentoctotillion, five hundred sixteen quadringentseptentilliard, eight hundred fifty three quadringentseptentillion, seven hundred three quadringentsextilliard, nine hundred seventy six quadringentsextillion, eight hundred twelve quadringentquintilliard, six hundred eighty six quadringentquintillion, three hundred eighty five quadringentquattuortilliard, seven hundred fifty quadringentquattuortillion, three hundred seventy six quadringenttretilliard, two hundred twenty seven quadringenttretillion, seven hundred eighty seven quadringentdotilliard, nine hundred forty nine quadringentdotillion, five hundred eighty quadringentuntilliard, five hundred eighty two quadringentuntillion, eighty one quadringentilliard, eight hundred thirty one quadringentillion, two hundred sixty one trecentnovemnonagintilliard, seven hundred twenty five trecentnovemnonagintillion, seven hundred one trecentoctononagintilliard, three trecentoctononagintillion, four hundred ninety eight trecentseptennonagintilliard, two hundred six trecentseptennonagintillion, five hundred twelve trecentsexnonagintilliard, three hundred twenty nine trecentsexnonagintillion, eight hundred seventy two trecentquinnonagintilliard, six hundred seventy seven trecentquinnonagintillion, two hundred thirty three trecentquattuornonagintilliard, four hundred eighty nine trecentquattuornonagintillion, five hundred ten trecenttrenonagintilliard, nine hundred fifty three trecenttrenonagintillion, four hundred sixty nine trecentdononagintilliard, three hundred seventy five trecentdononagintillion, six hundred eighty three trecentunnonagintilliard, thirty seven trecentunnonagintillion, thirty eight trecentnonagintilliard, three hundred seventy three trecentnonagintillion, nine hundred ninety nine trecentnovemoctogintilliard, six hundred ninety six trecentnovemoctogintillion, seven hundred seventy one trecentoctooctogintilliard, five hundred eighty five trecentoctooctogintillion, seven hundred eighty eight trecentseptenoctogintilliard, nine hundred five trecentseptenoctogintillion, six hundred thirty nine trecentsexoctogintilliard, one hundred fifteen trecentsexoctogintillion, five hundred twenty two trecentquinoctogintilliard, six hundred thirteen trecentquinoctogintillion, four hundred five trecentquattuoroctogintilliard, four hundred ninety five trecentquattuoroctogintillion, seven hundred seven trecenttreoctogintilliard, one hundred eighty four trecenttreoctogintillion, five hundred twenty four trecentdooctogintilliard, one hundred fifty eight trecentdooctogintillion, two hundred nineteen trecentunoctogintilliard, two hundred eight trecentunoctogintillion, two hundred twenty three trecentoctogintilliard, seven hundred sixty six trecentoctogintillion, four hundred forty two trecentnovemseptuagintilliard, fifty nine trecentnovemseptuagintillion, fourteen trecentoctoseptuagintilliard, five hundred ninety three trecentoctoseptuagintillion, three hundred thirty trecentseptenseptuagintilliard, six hundred fifty seven trecentseptenseptuagintillion, nine trecentsexseptuagintilliard, seven hundred twenty two trecentsexseptuagintillion, one hundred fifty three trecentquinseptuagintilliard, nine hundred sixty two trecentquinseptuagintillion, three hundred seventy six trecentquattuorseptuagintilliard, eight hundred fifty three trecentquattuorseptuagintillion, four hundred twenty three trecenttreseptuagintilliard, seven hundred seventy trecenttreseptuagintillion, four hundred eighty six trecentdoseptuagintilliard, one hundred thirty eight trecentdoseptuagintillion, five hundred seventy eight trecentunseptuagintilliard, eighty nine trecentunseptuagintillion, seven hundred seventy five trecentseptuagintilliard, six hundred twenty one trecentseptuagintillion, three hundred one trecentnovemsexagintilliard, one hundred sixty seven trecentnovemsexagintillion, eight hundred eleven trecentoctosexagintilliard, two hundred ninety nine trecentoctosexagintillion, one hundred sixty six trecentseptensexagintilliard, four hundred seven trecentseptensexagintillion, three hundred sixty one trecentsexsexagintilliard, seven hundred forty six trecentsexsexagintillion, six hundred six trecentquinsexagintilliard, six hundred ninety seven trecentquinsexagintillion, eight hundred eight trecentquattuorsexagintilliard, one hundred eighty six trecentquattuorsexagintillion, seven hundred fifty seven trecenttresexagintilliard, nine hundred sixty six trecenttresexagintillion, nine hundred fourteen trecentdosexagintilliard, six hundred seventy one trecentdosexagintillion, two hundred forty six trecentunsexagintilliard, seventy three trecentunsexagintillion, seven hundred twelve trecentsexagintilliard, nine hundred four trecentsexagintillion, two hundred trecentnovemquinquagintilliard, five hundred eighty eight trecentnovemquinquagintillion, four hundred eight trecentoctoquinquagintilliard, nine hundred twenty three trecentoctoquinquagintillion, one hundred eighty six trecentseptenquinquagintilliard, three hundred eighty seven trecentseptenquinquagintillion, seven hundred thirty seven trecentsexquinquagintilliard, eight hundred eighty seven trecentsexquinquagintillion, six hundred seventy five trecentquinquinquagintilliard, two hundred ninety two trecentquinquinquagintillion, eight hundred eighty six trecentquattuorquinquagintilliard, nine hundred fifty three trecentquattuorquinquagintillion, seven hundred ninety seven trecenttrequinquagintilliard, sixty six trecenttrequinquagintillion, nine hundred eighty trecentdoquinquagintilliard, nine hundred sixty seven trecentdoquinquagintillion, four hundred six trecentunquinquagintilliard, fifty three trecentunquinquagintillion, five hundred thirty trecentquinquagintilliard, one hundred twenty two trecentquinquagintillion, eight hundred fifty three trecentnovemquadragintilliard, five hundred thirty nine trecentnovemquadragintillion, thirty six trecentoctoquadragintilliard, nine hundred sixty five trecentoctoquadragintillion, four hundred ninety trecentseptenquadragintilliard, two hundred twenty four trecentseptenquadragintillion, seven hundred eighty four trecentsexquadragintilliard, nine hundred twenty four trecentsexquadragintillion, six hundred forty nine trecentquinquadragintilliard, seven trecentquinquadragintillion, nine hundred fifty four trecentquattuorquadragintilliard, eight hundred ninety eight trecentquattuorquadragintillion, six hundred seventy eight trecenttrequadragintilliard, five hundred three trecenttrequadragintillion, three hundred fourteen trecentdoquadragintilliard, six hundred fifty five trecentdoquadragintillion, five hundred forty six trecentunquadragintilliard, four hundred seventy five trecentunquadragintillion, five hundred four trecentquadragintilliard, five hundred one trecentquadragintillion, six hundred eighty six trecentnovemtrigintilliard, one hundred eighty seven trecentnovemtrigintillion, three hundred fifty four trecentoctotrigintilliard, eight hundred sixty six trecentoctotrigintillion, nine hundred sixty four trecentseptentrigintilliard, three hundred seventy four trecentseptentrigintillion, five hundred fifty two trecentsextrigintilliard, six hundred fourteen trecentsextrigintillion, one hundred twenty trecentquintrigintilliard, six hundred forty trecentquintrigintillion, seven hundred eighty two trecentquattuortrigintilliard, nine hundred forty nine trecentquattuortrigintillion, six hundred twenty two trecenttretrigintilliard, four hundred fifty two trecenttretrigintillion, twenty seven trecentdotrigintilliard, seven hundred eighty eight trecentdotrigintillion, nine hundred sixty two trecentuntrigintilliard, one hundred thirty eight trecentuntrigintillion, six hundred two trecenttrigintilliard, six hundred sixty five trecenttrigintillion, nine hundred thirty three trecentnovemvigintilliard, one hundred forty seven trecentnovemvigintillion, six hundred eighty seven trecentoctovigintilliard, six hundred ninety six trecentoctovigintillion, three hundred twenty two trecentseptenvigintilliard, eighty nine trecentseptenvigintillion, five hundred four trecentsexvigintilliard, two hundred seventy eight trecentsexvigintillion, seven hundred ninety one trecentquinvigintilliard, six hundred twenty four trecentquinvigintillion, six hundred fifty one trecentquattuorvigintilliard, five hundred nineteen trecentquattuorvigintillion, three hundred twelve trecenttrevigintilliard, three hundred twenty seven trecenttrevigintillion, eight hundred thirty one trecentdovigintilliard, seven hundred fifty six trecentdovigintillion, five hundred fifty three trecentunvigintilliard, seven hundred seventy nine trecentunvigintillion, three hundred seventy seven trecentvigintilliard, one hundred ninety four trecentvigintillion, five hundred twenty four trecentnovemdecilliard, six hundred seventy three trecentnovemdecillion, three hundred ninety five trecentoctodecilliard, eight hundred nineteen trecentoctodecillion, two hundred eighty one trecentseptendecilliard, four hundred eighty six trecentseptendecillion, six hundred sixty eight trecentsexdecilliard, five hundred seventy six trecentsexdecillion, three hundred eighty four trecentquindecilliard, nineteen trecentquindecillion, five hundred ninety trecentquattuordecilliard, seven hundred twenty trecentquattuordecillion, one hundred seventy nine trecenttredecilliard, four hundred thirteen trecenttredecillion, three hundred forty nine trecentdodecilliard, five hundred eighty two trecentdodecillion, nine hundred seventy trecentundecilliard, three hundred nineteen trecentundecillion, three hundred ninety three trecentdecilliard, eight hundred eighty four trecentdecillion, three hundred eighty eight trecentnovemtilliard, eight hundred ten trecentnovemtillion, four hundred ninety four trecentoctotilliard, five hundred forty six trecentoctotillion, forty trecentseptentilliard, three hundred forty two trecentseptentillion, eighty seven trecentsextilliard, five hundred thirty six trecentsextillion, five hundred sixty three trecentquintilliard, six hundred twenty eight trecentquintillion, three hundred thirty two trecentquattuortilliard, one hundred fifty two trecentquattuortillion, seventy three trecenttretilliard, one hundred eighty one trecenttretillion, six hundred fourteen trecentdotilliard, three hundred trecentdotillion, seven hundred twenty one trecentuntilliard, seven hundred sixty nine trecentuntillion, three hundred seventy one trecentilliard, four hundred twenty six trecentillion, two hundred thirty eight ducentnovemnonagintilliard, five hundred seventeen ducentnovemnonagintillion, five hundred forty ducentoctononagintilliard, five hundred twenty ducentoctononagintillion, eight hundred forty five ducentseptennonagintilliard, two hundred fourteen ducentseptennonagintillion, six hundred sixty five ducentsexnonagintilliard, three hundred thirteen ducentsexnonagintillion, three hundred one ducentquinnonagintilliard, one hundred eighty three ducentquinnonagintillion, five hundred fifty one ducentquattuornonagintilliard, nine hundred sixty two ducentquattuornonagintillion, five hundred ninety one ducenttrenonagintilliard, eight hundred forty nine ducenttrenonagintillion, five hundred fifty eight ducentdononagintilliard, nine hundred thirty eight ducentdononagintillion, four hundred ninety nine ducentunnonagintilliard, twenty five ducentunnonagintillion, three hundred forty eight ducentnonagintilliard, seven hundred eighty ducentnonagintillion, three hundred seventy six ducentnovemoctogintilliard, seven hundred sixteen ducentnovemoctogintillion, four hundred seventy seven ducentoctooctogintilliard, seventy three ducentoctooctogintillion, nine hundred thirty ducentseptenoctogintilliard, six hundred thirty four ducentseptenoctogintillion, four hundred thirty six ducentsexoctogintilliard, eight hundred forty ducentsexoctogintillion, eighty four ducentquinoctogintilliard, four hundred sixty eight ducentquinoctogintillion, two hundred fifty five ducentquattuoroctogintilliard, nine hundred thirty seven ducentquattuoroctogintillion, four hundred forty three ducenttreoctogintilliard, four hundred fifty one ducenttreoctogintillion, six hundred ninety ducentdooctogintilliard, three hundred fifteen ducentdooctogintillion, nine hundred ninety nine ducentunoctogintilliard, three hundred forty nine ducentunoctogintillion, one hundred thirty seven ducentoctogintilliard, six hundred sixty four ducentoctogintillion, six hundred thirty eight ducentnovemseptuagintilliard, nine hundred sixty eight ducentnovemseptuagintillion, nine hundred seventy two ducentoctoseptuagintilliard, six hundred fourteen ducentoctoseptuagintillion, one hundred ninety nine ducentseptenseptuagintilliard, fifteen ducentseptenseptuagintillion, three hundred four ducentsexseptuagintilliard, nine hundred six ducentsexseptuagintillion, five hundred forty seven ducentquinseptuagintilliard, eight hundred nineteen ducentquinseptuagintillion, fifty six ducentquattuorseptuagintilliard, two hundred twenty seven ducentquattuorseptuagintillion, one hundred seventy one ducenttreseptuagintilliard, two hundred twenty four ducenttreseptuagintillion, nine hundred forty seven ducentdoseptuagintilliard, seventy ducentdoseptuagintillion, seven hundred thirty nine ducentunseptuagintilliard, seven hundred sixteen ducentunseptuagintillion, three hundred ducentseptuagintilliard, nine hundred fifty three ducentseptuagintillion, seven hundred seventy five ducentnovemsexagintilliard, seven hundred forty three ducentnovemsexagintillion, four hundred forty one ducentoctosexagintilliard, three hundred seven ducentoctosexagintillion, nine hundred twenty ducentseptensexagintilliard, five hundred one ducentseptensexagintillion, eight hundred sixty three ducentsexsexagintilliard, five hundred thirty two ducentsexsexagintillion, two hundred thirty four ducentquinsexagintilliard, four hundred sixty six ducentquinsexagintillion, five hundred forty five ducentquattuorsexagintilliard, six hundred forty five ducentquattuorsexagintillion, six hundred ninety five ducenttresexagintilliard, seven hundred seventy four ducenttresexagintillion, three hundred thirty one ducentdosexagintilliard, eight hundred eighty five ducentdosexagintillion, forty four ducentunsexagintilliard, nine hundred seventy eight ducentunsexagintillion, two hundred fifty ducentsexagintilliard, one hundred forty eight ducentsexagintillion, six hundred sixty three ducentnovemquinquagintilliard, four hundred sixty seven ducentnovemquinquagintillion, three hundred seventy two ducentoctoquinquagintilliard, one hundred thirty ducentoctoquinquagintillion, three hundred ninety two ducentseptenquinquagintilliard, ninety nine ducentseptenquinquagintillion, eight hundred ninety four ducentsexquinquagintilliard, eight hundred fifty two ducentsexquinquagintillion, one hundred forty five ducentquinquinquagintilliard, one hundred ninety ducentquinquinquagintillion, nine hundred ninety eight ducentquattuorquinquagintilliard, two hundred thirty two ducentquattuorquinquagintillion, eight hundred seventy eight ducenttrequinquagintilliard, seven hundred seventy two ducenttrequinquagintillion, four hundred eighty six ducentdoquinquagintilliard, six hundred fifty ducentdoquinquagintillion, five hundred thirteen ducentunquinquagintilliard, ten ducentunquinquagintillion, eight hundred sixteen ducentquinquagintilliard, seven hundred sixty nine ducentquinquagintillion, nine hundred two ducentnovemquadragintilliard, eight hundred ninety two ducentnovemquadragintillion, five hundred eighteen ducentoctoquadragintilliard, seven hundred nineteen ducentoctoquadragintillion, two hundred fifty ducentseptenquadragintilliard, sixty six ducentseptenquadragintillion, nine hundred forty seven ducentsexquadragintilliard, two hundred fifteen ducentsexquadragintillion, seven hundred six ducentquinquadragintilliard, five hundred thirty six ducentquinquadragintillion, two hundred sixteen ducentquattuorquadragintilliard, two hundred forty eight ducentquattuorquadragintillion, six hundred ninety six ducenttrequadragintilliard, two hundred forty ducenttrequadragintillion, five hundred sixty nine ducentdoquadragintilliard, two hundred fifty six ducentdoquadragintillion, eight hundred sixty five ducentunquadragintilliard, five hundred fifty four ducentunquadragintillion, two hundred ninety six ducentquadragintilliard, two hundred twenty one ducentquadragintillion, five hundred fifty two ducentnovemtrigintilliard, two hundred eleven ducentnovemtrigintillion, five hundred sixty ducentoctotrigintilliard, four hundred twenty seven ducentoctotrigintillion, seven hundred seventy eight ducentseptentrigintilliard, six hundred sixty two ducentseptentrigintillion, five hundred forty five ducentsextrigintilliard, nine hundred thirty six ducentsextrigintillion, nine hundred ninety eight ducentquintrigintilliard, eight hundred one ducentquintrigintillion, seventy ducentquattuortrigintilliard, one hundred eighty six ducentquattuortrigintillion, one hundred sixty two ducenttretrigintilliard, six hundred one ducenttretrigintillion, four hundred seventy six ducentdotrigintilliard, four hundred seventy four ducentdotrigintillion, two hundred ninety three ducentuntrigintilliard, four hundred fifty nine ducentuntrigintillion, eight hundred thirty ducenttrigintilliard, one hundred eighty three ducenttrigintillion, six hundred fifty one ducentnovemvigintilliard, two hundred seventy three ducentnovemvigintillion, three hundred sixty three ducentoctovigintilliard, four hundred sixty two ducentoctovigintillion, seven hundred thirty two ducentseptenvigintilliard, six hundred seventy five ducentseptenvigintillion, eight hundred eighty three ducentsexvigintilliard, sixty ducentsexvigintillion, seven hundred one ducentquinvigintilliard, four hundred ten ducentquinvigintillion, three hundred fifty nine ducentquattuorvigintilliard, two hundred fifty four ducentquattuorvigintillion, eight hundred twenty nine ducenttrevigintilliard, one hundred forty nine ducenttrevigintillion, seven hundred seventy four ducentdovigintilliard, three hundred thirty nine ducentdovigintillion, two hundred ninety seven ducentunvigintilliard, one hundred seventy three ducentunvigintillion, six hundred eighty ducentvigintilliard, seven hundred sixty five ducentvigintillion, six hundred ten ducentnovemdecilliard, nine hundred fifty nine ducentnovemdecillion, five hundred ninety nine ducentoctodecilliard, nine hundred eleven ducentoctodecillion, three hundred nine ducentseptendecilliard, one hundred eighty nine ducentseptendecillion, seven hundred eighty eight ducentsexdecilliard, two hundred thirty eight ducentsexdecillion, three hundred fifty ducentquindecilliard, one hundred thirty one ducentquindecillion, six hundred thirty five ducentquattuordecilliard, six hundred seventy two ducentquattuordecillion, six hundred sixty one ducenttredecilliard, four hundred thirty five ducenttredecillion, nine hundred sixty nine ducentdodecilliard, two hundred eighteen ducentdodecillion, two hundred thirty nine ducentundecilliard, nine hundred seventy seven ducentundecillion, one hundred ninety six ducentdecilliard, nine hundred thirty three ducentdecillion, eight hundred seventy four ducentnovemtilliard, three hundred ninety five ducentnovemtillion, four hundred three ducentoctotilliard, nine hundred ninety six ducentoctotillion, six hundred twenty three ducentseptentilliard, six hundred seventy five ducentseptentillion, five hundred eighty ducentsextilliard, five hundred twenty eight ducentsextillion, two hundred eleven ducentquintilliard, two hundred seven ducentquintillion, one hundred thirty six ducentquattuortilliard, three hundred ninety six ducentquattuortillion, three hundred seventy ducenttretilliard, eight hundred fifty eight ducenttretillion, fifty six ducentdotilliard, fifty one ducentdotillion, one hundred sixty ducentuntilliard, seven hundred eighty one ducentuntillion, seven hundred seventy ducentilliard, nine hundred eighty five ducentillion, four hundred fifty two centnovemnonagintilliard, five hundred seventy six centnovemnonagintillion, nine hundred eighty eight centoctononagintilliard, thirty two centoctononagintillion, three hundred thirty three centseptennonagintilliard, eight hundred twelve centseptennonagintillion, nine hundred thirty nine centsexnonagintilliard, two hundred seventy two centsexnonagintillion, seven hundred fifty two centquinnonagintilliard, one hundred one centquinnonagintillion, nine hundred forty four centquattuornonagintilliard, six hundred twenty nine centquattuornonagintillion, five hundred twenty seven centtrenonagintilliard, four hundred ninety centtrenonagintillion, three hundred thirteen centdononagintilliard, eight hundred thirty five centdononagintillion, five hundred fifty one centunnonagintilliard, nine hundred eighty five centunnonagintillion, one hundred ninety seven centnonagintilliard, ninety five centnonagintillion, nine hundred twenty eight centnovemoctogintilliard, eight hundred eighty five centnovemoctogintillion, two hundred thirty six centoctooctogintilliard, four hundred fifteen centoctooctogintillion, three hundred one centseptenoctogintilliard, seven hundred eighty nine centseptenoctogintillion, two hundred eighteen centsexoctogintilliard, six hundred seventy five centsexoctogintillion, one hundred forty one centquinoctogintilliard, fourteen centquinoctogintillion, five hundred forty one centquattuoroctogintilliard, two hundred three centquattuoroctogintillion, ninety six centtreoctogintilliard, one hundred ninety one centtreoctogintillion, two hundred seventy centdooctogintilliard, nine hundred thirty four centdooctogintillion, three hundred sixty nine centunoctogintilliard, thirty nine centunoctogintillion, five hundred twenty two centoctogintilliard, ninety eight centoctogintillion, two hundred eighty centnovemseptuagintilliard, three hundred seventeen centnovemseptuagintillion, six hundred sixty eight centoctoseptuagintilliard, nine hundred forty two centoctoseptuagintillion, sixty one centseptenseptuagintilliard, three hundred twenty five centseptenseptuagintillion, five hundred seventy two centsexseptuagintilliard, three hundred forty nine centsexseptuagintillion, six hundred forty three centquinseptuagintilliard, six hundred thirty eight centquinseptuagintillion, four hundred three centquattuorseptuagintilliard, fifty six centquattuorseptuagintillion, four hundred eighty seven centtreseptuagintilliard, three hundred forty nine centtreseptuagintillion, two hundred ninety centdoseptuagintilliard, eight hundred eighty four centdoseptuagintillion, two hundred twenty three centunseptuagintilliard, seven hundred eighty six centunseptuagintillion, two hundred ninety two centseptuagintilliard, eight hundred eighty seven centseptuagintillion, four hundred seventy two centnovemsexagintilliard, two hundred thirty one centnovemsexagintillion, two hundred nineteen centoctosexagintilliard, thirty two centoctosexagintillion, three hundred eighty five centseptensexagintilliard, two hundred eighty one centseptensexagintillion, thirty four centsexsexagintilliard, ninety one centsexsexagintillion, eight hundred twenty four centquinsexagintilliard, three hundred six centquinsexagintillion, six hundred eighteen centquattuorsexagintilliard, nine hundred forty seven centquattuorsexagintillion, seven hundred forty centtresexagintilliard, seven hundred twenty seven centtresexagintillion, two hundred sixty five centdosexagintilliard, five hundred twenty four centdosexagintillion, two hundred eighty four centunsexagintilliard, eight hundred ninety three centunsexagintillion, three hundred four centsexagintilliard, four hundred seventy four centsexagintillion, eight hundred sixty one centnovemquinquagintilliard, four hundred fifty four centnovemquinquagintillion, nine hundred forty two centoctoquinquagintilliard, seventy six centoctoquinquagintillion, seven hundred ninety nine centseptenquinquagintilliard, forty one centseptenquinquagintillion, seven hundred thirty nine centsexquinquagintilliard, four hundred forty seven centsexquinquagintillion, one hundred sixty five centquinquinquagintilliard, eight hundred thirty eight centquinquinquagintillion, two hundred eighty one centquattuorquinquagintilliard, six hundred seventy one centquattuorquinquagintillion, four hundred ten centtrequinquagintilliard, four hundred thirty five centtrequinquagintillion, eight hundred thirty one centdoquinquagintilliard, two hundred six centdoquinquagintillion, seven hundred ninety centunquinquagintilliard, five hundred one centunquinquagintillion, nine hundred fourteen centquinquagintilliard, five hundred twenty seven centquinquagintillion, three hundred twenty six centnovemquadragintilliard, two hundred eighty seven centnovemquadragintillion, three hundred seventy centoctoquadragintilliard, three hundred thirty nine centoctoquadragintillion, nine hundred seventy four centseptenquadragintilliard, seven hundred seven centseptenquadragintillion, two hundred six centsexquadragintilliard, sixteen centsexquadragintillion, eight hundred eighty two centquinquadragintilliard, five hundred sixty two centquinquadragintillion, eight hundred twenty seven centquattuorquadragintilliard, four hundred four centquattuorquadragintillion, two hundred seventy centtrequadragintilliard, one hundred seventy centtrequadragintillion, three hundred twenty two centdoquadragintilliard, six hundred six centdoquadragintillion, seven hundred twenty seven centunquadragintilliard, nine hundred eighty centunquadragintillion, three hundred forty three centquadragintilliard, four hundred seventy nine centquadragintillion, three hundred twenty six centnovemtrigintilliard, four hundred twenty five centnovemtrigintillion, seven hundred thirty centoctotrigintilliard, ninety one centoctotrigintillion, eight hundred thirty nine centseptentrigintilliard, eight hundred thirteen centseptentrigintillion, seventy seven centsextrigintilliard, seven hundred nineteen centsextrigintillion, three hundred twenty two centquintrigintilliard, four hundred fifty five centquintrigintillion, three hundred ninety four centquattuortrigintilliard, seven hundred sixty three centquattuortrigintillion, nine hundred sixty centtretrigintilliard, six hundred six centtretrigintillion, five hundred eighty eight centdotrigintilliard, two hundred fourteen centdotrigintillion, three hundred twenty six centuntrigintilliard, six hundred three centuntrigintillion, one hundred fifty six centtrigintilliard, one hundred forty one centtrigintillion, four hundred ninety centnovemvigintilliard, seven hundred forty centnovemvigintillion, five hundred fifty seven centoctovigintilliard, six hundred ninety eight centoctovigintillion, fifty five centseptenvigintilliard, one hundred sixty six centseptenvigintillion, two hundred sixty three centsexvigintilliard, forty four centsexvigintillion, four hundred forty seven centquinvigintilliard, five hundred eighty three centquinvigintillion, seven hundred fifty six centquattuorvigintilliard, seven hundred eleven centquattuorvigintillion, five hundred sixteen centtrevigintilliard, four hundred ninety centtrevigintillion, one hundred eighty one centdovigintilliard, one hundred ninety three centdovigintillion, four hundred forty two centunvigintilliard, two hundred thirty six centunvigintillion, eight hundred fifty nine centvigintilliard, four hundred twenty four centvigintillion, one hundred fifty one centnovemdecilliard, eight hundred forty three centnovemdecillion, seven hundred ninety five centoctodecilliard, three hundred eighty nine centoctodecillion, three hundred thirty five centseptendecilliard, seven hundred sixty five centseptendecillion, four hundred thirty two centsexdecilliard, one hundred twenty nine centsexdecillion, nine hundred forty four centquindecilliard, fifty four centquindecillion, eight hundred fifty five centquattuordecilliard, three hundred forty five centquattuordecillion, one hundred fifty five centtredecilliard, eight hundred fifty nine centtredecillion, two hundred seventy three centdodecilliard, four hundred twenty four centdodecillion, five hundred sixty one centundecilliard, eight hundred twenty five centundecillion, one hundred forty six centdecilliard, eight hundred thirteen centdecillion, seven hundred fourteen centnovemtilliard, seven hundred twenty centnovemtillion, six hundred six centoctotilliard, two hundred eighty seven centoctotillion, seven hundred eighty one centseptentilliard, twenty one centseptentillion, two hundred forty centsextilliard, nine hundred twenty three centsextillion, seven hundred eight centquintilliard, twenty one centquintillion, four hundred ninety two centquattuortilliard, two hundred ninety eight centquattuortillion, three hundred forty nine centtretilliard, six hundred thirty five centtretillion, one hundred seventy nine centdotilliard, five hundred twenty seven centdotillion, two hundred seventy centuntilliard, three hundred two centuntillion, nine hundred sixty two centilliard, nine hundred seventy centillion, one hundred fifty six novemnonagintilliard, nine hundred twenty seven novemnonagintillion, six hundred eighty six octononagintilliard, five hundred eleven octononagintillion, six hundred thirty five septennonagintilliard, fifty septennonagintillion, eighty sexnonagintilliard, four hundred seven sexnonagintillion, two hundred eighty two quinnonagintilliard, six hundred seventy four quinnonagintillion, two hundred fifty two quattuornonagintilliard, three hundred sixty two quattuornonagintillion, six hundred forty four trenonagintilliard, six hundred ninety five trenonagintillion, seven hundred ten dononagintilliard, seven hundred sixty nine dononagintillion, seven hundred sixty eight unnonagintilliard, eight hundred sixty six unnonagintillion, one hundred thirty seven nonagintilliard, three hundred two nonagintillion, seven hundred eighty nine novemoctogintilliard, three hundred thirteen novemoctogintillion, six hundred nine octooctogintilliard, six hundred seventy four octooctogintillion, three hundred eighty two septenoctogintilliard, seven hundred nineteen septenoctogintillion, seventeen sexoctogintilliard, three hundred eighty five sexoctogintillion, five hundred eight quinoctogintilliard, four hundred eighty four quinoctogintillion, six hundred sixty three quattuoroctogintilliard, three hundred seventy three quattuoroctogintillion, four hundred seventy six treoctogintilliard, one hundred twenty treoctogintillion, eight hundred forty three dooctogintilliard, five hundred sixty seven dooctogintillion, nine hundred eighty three unoctogintilliard, sixty five unoctogintillion, fifty nine octogintilliard, five hundred fifty eight octogintillion, seventy two novemseptuagintilliard, nine hundred thirty five novemseptuagintillion, one hundred ten octoseptuagintilliard, six hundred thirty seven octoseptuagintillion, five hundred forty four septenseptuagintilliard, two hundred forty septenseptuagintillion, eight hundred seven sexseptuagintilliard, three hundred fifty sexseptuagintillion, six hundred sixty seven quinseptuagintilliard, eighty two quinseptuagintillion, nine hundred eighty seven quattuorseptuagintilliard, two hundred thirty three quattuorseptuagintillion, seven hundred seventy nine treseptuagintilliard, seven hundred sixty eight treseptuagintillion, eight hundred seventy four doseptuagintilliard, nine hundred thirty eight doseptuagintillion, nine hundred eighty three unseptuagintilliard, five hundred eighty four unseptuagintillion, five hundred twenty three septuagintilliard, ninety five septuagintillion, six hundred thirty eight novemsexagintilliard, nine hundred ninety six novemsexagintillion, one hundred twenty octosexagintilliard, six hundred sixteen octosexagintillion, three hundred eighteen septensexagintilliard, six hundred thirty four septensexagintillion, three hundred ninety one sexsexagintilliard, nine hundred sixty seven sexsexagintillion, one hundred twelve quinsexagintilliard, eighty six quinsexagintillion, four hundred sixty four quattuorsexagintilliard, three hundred eighty four quattuorsexagintillion, six hundred forty nine tresexagintilliard, four hundred seventy tresexagintillion, nine hundred sixty three dosexagintilliard, two hundred thirty dosexagintillion, seventy two unsexagintilliard, seven hundred twenty nine unsexagintillion, two hundred sexagintilliard, nine hundred twelve sexagintillion, five hundred eighty six novemquinquagintilliard, one hundred forty seven novemquinquagintillion, two hundred sixty seven octoquinquagintilliard, nine hundred ninety nine octoquinquagintillion, seven hundred sixty two septenquinquagintilliard, four hundred ninety six septenquinquagintillion, seven hundred nine sexquinquagintilliard, eight hundred fifty two sexquinquagintillion, seven hundred sixty nine quinquinquagintilliard, five hundred three quinquinquagintillion, five hundred thirty five quattuorquinquagintilliard, seven hundred thirty three quattuorquinquagintillion, nine hundred twenty four trequinquagintilliard, four hundred sixteen trequinquagintillion, two hundred two doquinquagintilliard, six hundred fifty seven doquinquagintillion, seven hundred twenty unquinquagintilliard, seven hundred forty one unquinquagintillion, two hundred forty eight quinquagintilliard, six hundred eighty three quinquagintillion, five hundred ninety two novemquadragintilliard, two hundred two novemquadragintillion, eight hundred twenty eight octoquadragintilliard, nine hundred eighty three octoquadragintillion, three hundred eleven septenquadragintilliard, one hundred forty septenquadragintillion, eight hundred thirty three sexquadragintilliard, nine hundred twenty three sexquadragintillion, three hundred two quinquadragintilliard, four hundred thirty three quinquadragintillion, nine hundred seventeen quattuorquadragintilliard, seven hundred ninety seven quattuorquadragintillion, nine hundred seventy six trequadragintilliard, nine hundred ninety trequadragintillion, three hundred eleven doquadragintilliard, four hundred twenty five doquadragintillion, eight hundred forty three unquadragintilliard, six hundred nineteen unquadragintillion, three hundred fifty quadragintilliard, nine hundred thirty six quadragintillion, seven hundred fifty four novemtrigintilliard, four hundred eighty three novemtrigintillion, eight hundred eleven octotrigintilliard, one hundred ninety four octotrigintillion, four hundred eight septentrigintilliard, eight hundred twelve septentrigintillion, seven hundred sixty three sextrigintilliard, three hundred eighty eight sextrigintillion, eighty four quintrigintilliard, two hundred four quintrigintillion, four hundred fifty one quattuortrigintilliard, eight hundred four quattuortrigintillion, nine hundred twelve tretrigintilliard, four hundred fifty four tretrigintillion, three hundred eighty three dotrigintilliard, eight hundred eighty four dotrigintillion, one hundred eighty untrigintilliard, eight hundred untrigintillion, nine hundred forty five trigintilliard, two hundred seventy five trigintillion, six hundred twenty six novemvigintilliard, six hundred sixty eight novemvigintillion, fifty seven octovigintilliard, six hundred twenty eight octovigintillion, nine hundred fifty four septenvigintilliard, seven hundred sixty three septenvigintillion, three hundred eighty four sexvigintilliard, six hundred forty one sexvigintillion, three hundred five quinvigintilliard, one hundred seven quinvigintillion, seven hundred fifty three quattuorvigintilliard, seven hundred seventy three quattuorvigintillion, two hundred forty seven trevigintilliard, eighty two trevigintillion, four hundred ninety five dovigintilliard, eight hundred four dovigintillion, five hundred thirty three unvigintilliard, three hundred fifty five unvigintillion, seven hundred seventeen vigintilliard, four hundred eighty one vigintillion, nine hundred sixty five novemdecilliard, twenty five novemdecillion, seventy octodecilliard, eight hundred nineteen octodecillion, seven hundred thirty septendecilliard, four hundred sixty six septendecillion, four hundred twenty two sexdecilliard, eight hundred twenty six sexdecillion, one hundred five quindecilliard, six hundred ninety seven quindecillion, five hundred ten quattuordecilliard, five hundred sixty four quattuordecillion, two hundred eighty nine tredecilliard, seven hundred ninety eight tredecillion, nine hundred fifty one dodecilliard, one hundred eighty two dodecillion, one hundred ninety two undecilliard, eight hundred eighty five undecillion, nine hundred seventy six decilliard, three hundred fifty two decillion, two hundred twenty nine nonilliard, fifty three nonillion, eight hundred ninety eight octilliard, nine hundred forty eight octillion, seven hundred thirty seven septilliard, six hundred fourteen septillion, six hundred forty two sextilliard, one hundred thirty nine sextillion, nine hundred ten quintilliard, nine hundred eleven quintillion, five hundred thirty five quadrilliard, eight hundred sixty four quadrillion, five hundred five trilliard, eight hundred eighteen trillion, nine hundred ninety two billiard, six hundred ninety six billion, eight hundred twenty six milliard, two hundred twenty five million, seven hundred fifty four thousand, one hundred eleven

is mersenne prime #21

Re:Go to fucking bed micheal (-1, Flamebait)

stevejsmith (614145) | more than 11 years ago | (#4994633)

You fucking dumbass Brit. What the fuck is a billiard? Here in "the States" (yeah, the ones who beat you in 1778) we use real numbers.

Re:Go to fucking bed micheal (0)

Anonymous Coward | more than 11 years ago | (#4994649)

What the fuck is a billiard?

I don't know, but I think it has something to do with a type of pool you can't swim in.

billiard (0)

Anonymous Coward | more than 11 years ago | (#4994656)

A shot in billiards in which the cue ball successively strikes two other balls.

So, uh, shut the fuck up.

Re:Go to fucking bed micheal (0)

Anonymous Coward | more than 11 years ago | (#4994689)

he used this [] , it was on freshmeat frontpage til this morning.

Secure File Deletion (5, Informative)

b1ng0 (7449) | more than 11 years ago | (#4994613)

To anyone who is concerned about having their deleted files recovered, take a look at Wipe [] - in its strongest mode it will make 37 passes over the data in order to be sure that electron microscopes cannot reconstruct the bit patterns.

37? My girlfriend sucked 37 dicks. (-1, Offtopic)

FunkyELF (609131) | more than 11 years ago | (#4994684)

in a row?

Re:37? My girlfriend sucked 37 dicks. (0)

Anonymous Coward | more than 11 years ago | (#4994739)

this isn't flamebait, some mods just don't get the reference

shut up (0)

Anonymous Coward | more than 11 years ago | (#4994762)

I don't think that the number 37 is enough to anchor that joke to the topic.

Not flamebait, but definitely offtopic.

Re:Secure File Deletion (2)

caluml (551744) | more than 11 years ago | (#4994715)

Or of course there is shred.

From the man page: shred delete a file securely, first overwriting it to hide its contents

It comes with the fileutils package (on RedHat anyway). Can't see any differences between wipe and shred. Apart from the fact that one comes already installed. Is there any difference?

shred obsolescence (3, Informative)

radon28 (593565) | more than 11 years ago | (#4994799)

the shred utility will only work on non-log structured and non-journaling filesystems, i.e. ext2, but not ext3, jfs, reiserfs, etc. see: "man 1 shred" for more info.

Re:shred obsolescence (3, Informative)

ahi (29259) | more than 11 years ago | (#4994807)

Nor will wipe, according to the author's page [] . In fact, no user-space utility can.

Re:Secure File Deletion (0)

Anonymous Coward | more than 11 years ago | (#4994716)

For 'doze, there's this.

Re:Secure File Deletion (1)

zabieru (622547) | more than 11 years ago | (#4994721)

PGP will do this too. In fact, it also has a mode that will wipe all the free space on your drives.

Eraser is the best for windows (1, Informative)

Anonymous Coward | more than 11 years ago | (#4994760)

shell integration
uses Guttmann's method /proceed ings/sec96/full_papers/gutmann/
can also do free disk space
I think there is also a dos version you can use with a boot disk which would be better.

Don't waste your time with other crap like bcwipe or the one that came with your system utility software.
Besides running your disks through a grinder, this is the best deletion software available commerical or not. There are no "better" proprieatary software methods and anything you would pay for is a waste. Either use this set to Guttmann, or physcially destroy the disk.

Realize that no software is 100%, especially if the agency wants your info back enough, but this software is the best if your not going to destroy your disk(again destroying is preferred).

Re:Secure File Deletion (4, Informative)

Speare (84249) | more than 11 years ago | (#4994770)

It seems that journaling filesystems like ext3 cause hell for secure deletions, because changes aren't always committed as the application level assumes and requires. Has anyone suggested a kernel/filesystem hook to make secure media deletions possible?

Re:Secure File Deletion (3, Informative)

Pathwalker (103) | more than 11 years ago | (#4994777)

Or, for FreeBSD, you could just do rm -P.
Overwrite regular files before deleting them. Files are overwritten three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted.

Re:Secure File Deletion (2, Insightful)

Anonymous Coward | more than 11 years ago | (#4994797)

You can't trust those tools anymore. Today's hard drives will physically move sectors around on disk to avoid areas that are bordering on causing media errors.

Re:Secure File Deletion (5, Informative)

bloxnet (637785) | more than 11 years ago | (#4994854)

Wipe is a nice program, but it is simply overkill. It has been shown in studies that typically 3 passes of a data wiping program should make your data non-recoverable by standard means (using popular forensics tools such as EnCase, Maresware, NTI's batch of programs, or disk editors on whatever platform you are interested in). As to how much the U.S. government investigators are able to retrieve...well that falls into your urban legends category I suppose. For the most part, DoJ guildelines suggest wiping your data 7 times as part of the norm. This is because of the non precise manner in which hard drive read/write heads pass over the disk itself (more of a wobble rather than a perfect circular motion). I just recently saw a whitepaper on Encase's site that covered users of WinXP using EFS (encrypted filesystem) secure deletion (which just does 3 passes) that makes recovery of the files deleted not possible this is the whitepaper [] . Just as the above reference article concludes, it should be kept in mind that there is so many places to look on Windows and Unix machines other than what files were deleted. Perhaps pictures of your latest porn stash or the Word document covering your NDA violations are gone, but registry settings, file slack (as was mentioned in the parent article briefly), pagefiles, memory dumps, and many other locations that track your activities on a given machine can be used as well. Wow, I did not mean to get so long winded...I just really get into computer forensics. My personal advice for decent file security and deletion is encryption + multi-pass deletion. There are several encrypted filesystems out there for both Windows and *nix, and a few options that are viable with both (BestCrypt File system containers and also BCWipe for deletion [] is a good example). I don't see the need to start advertising products, so check out the options for OS level and OS independent solutions.

How is wipe overkill? (1, Interesting)

Anonymous Coward | more than 11 years ago | (#4994907)

3 passes of an encrypted system may be enough for the lowgrade programs you listed, but for realworld, aka non-encrypted systems which 99% of us use, 3 wipes is not enough.

You need something like eraser combined with a dos boot disk or the target drive set as a slave to do anything useful.

I'll post the link if I can find it soon, but I've seen cases of deleted data being recovered after 24 passes of "wiping" programs.

Bottom line like you mentioned is for serious software deletion you need to start with encryption on a virgin disk, and then do multipass guttmann wipes. Even then who knows? Destruction is still the only real method.

Hotmail and Privacy in this article: (0)

Anonymous Coward | more than 11 years ago | (#4994615)

MSN Hotmail subscriber information is not shared with other entities or third parties except as follows:

(A) Non-personally identifiable information (e.g., demographics information such as age, city, state and postal code) is shared with the MSN Hotmail marketing department;

(B) In 2001, account name, city, state and postal code were shared with INFOSPACE, a web-based publisher of an e-mail address directory, if, at the time of registering the account, the account subscriber did not elect to prohibit the sharing of this information;

(C) MSN Hotmail account e-mail is automatically deleted whenever the account subscriber fails to access the account for a period of thirty (30) days;

(D) A MSN Hotmail account is automatically deleted, and no record of it is thereafter maintained by MSN Hotmail, whenever the account subscriber fails to access the account for a period of 90 days;

(E) While, in theory, there could be references to a subsequently deleted hotmail e-mail account stored in data of other Microsoft services (e.g., a message posted to a MSN Group), such references would not be traceable to the registration information of that account holder as it would already have been deleted.

Re:Hotmail and Privacy in this article: (2, Informative)

zabieru (622547) | more than 11 years ago | (#4994701)

You do realize that in the event of a search warrant or subpoena that privacy policy no longer applies, right? Of course, they can't turn over anything they no longer have, but if they have it the government will too. On a side note, the libraries in my city (seattle) have a very explicit privacy policy that states that they do not ever save information about books a patron has read and returned. The only things on the books are currently checked-out items, for exactly this reason.

Cat got your tongue? (something important seems to (-1, Offtopic)

stevejsmith (614145) | more than 11 years ago | (#4994616)

Could the fact that the e-mail was unrecoverable be due to the fact that a hamster is powering their web server and had a heart attack (read: Slashdotted) after three posts?

Why not a windows tool (-1, Troll)

it0 (567968) | more than 11 years ago | (#4994623)

it amazes me that they used linux as I assume that there must be easier tools under windows that do the same?

That is what I would like to know, i mean it must be easier to find the tool under windows thebn setup a linux machine purely for the dd tool which must also be available under bsd?

Re:Why not a windows tool (2)

SwellJoe (100612) | more than 11 years ago | (#4994664)

A troll, of course, but due to lack of moderator points:

dd /dev/hdb

Yep. That would be much simpler under Windows.

Re:Why not a windows tool (2)

SwellJoe (100612) | more than 11 years ago | (#4994676)

Argh...Once more with preview:

dd < /dev/hda > /dev/hdb

Re:Why not a windows tool (1, Informative)

Anonymous Coward | more than 11 years ago | (#4994709)

wrong again.

dd if=/dev/hdax of=/dev/hdbx

And what could be easier than using a bootCD to use dd? No need to install anything on any computer. Hell, they can just hook up their drive to the suspects computer.

Re:Why not a windows tool (1)

radon28 (593565) | more than 11 years ago | (#4994850)

the fbi typically (and rightfully so) makes a habit of not trusting the suspect's own hardware. who knows what lengths people will go to to make sure their data is safe?

Re:Why not a windows tool (0)

Anonymous Coward | more than 11 years ago | (#4994730)

dd if=/dev/hda of=/dev/hdb ibs=512 obs=1M --

Re:Why not a windows tool (2, Informative)

zabieru (622547) | more than 11 years ago | (#4994680)

Actually, if you read on in the article, they state that Linux dd COULD have been used, that NIST had tested it and found it acceptable, but if you read the procedures used to the four HDDs, they actually used the other methods listed exclusively.

Re:Why not a windows tool (3, Informative)

grub (11606) | more than 11 years ago | (#4994694)

dd is a common Unix program. The SGIs at work have it, my various BSDs at home and work have it and Linux has it.

You may assume anything you wish. . . (5, Funny)

kfg (145172) | more than 11 years ago | (#4994745)

but according to NIST, and my own experince, such is not the case. Not only is dd cheaper by thousands of dollars than the "professional" apps made to do such things, but it's often *more* effective, and almost always easier to use.

At its heart it's just a simple copy command.

In fact, the dd tool is so simple, and simple minded, that it would be easier to write a simple graphical front end for it than to learn the GUI of exiting Windows apps designed to do the same thing.

I don't know quite how to break this to you, but *sometimes* language is the simpler, more powerful and more *intuitive* means of getting something across than pointing at a picture and grunting.

Unless, of course, your intellect hasn't yet advanced to that level of sophistication.


Re:Why not a windows tool (2)

Zemran (3101) | more than 11 years ago | (#4994757)

Great idea. dd comes as standard with Linux, do you happen to know the name of the util that comes with Windows that can do what dd can do?

P.S. good troll :)

Re:Why not a windows tool (3, Insightful)

g4dget (579145) | more than 11 years ago | (#4994839)

it amazes me that they used linux as I assume that there must be easier tools under windows that do the same?

Well, that is primarily indicative of your ignorance of Linux and your willingness to buy into Microsoft propaganda.

i mean it must be easier to find the tool under windows thebn setup a linux machine

There is nothing to set up. Linux can boot and run from CD, with all software installed (check for DemonLinux and Knoppix, for example). That's one of the many reasons Linux is so good at this sort of thing.

How easy is it?

  • Connect drive you want to copy to to the disk controller or USB port, or plug in Ethernet card.
  • Insert bootable Linux CD and boot from CD.
  • If you just want to mirror the drive, type something like "dd if=/dev/hda of=/dev/hdb".
  • To mirror it over the network, type something like "pump; cat /dev/hda | ssh me@host cat \> image".
I mean, how much easier can it get?

For forensic applications, you might want to make sure that you hardware write-protect the source drive first, just to avoid accidents.

These people know what they are doing and how to reduce their workload. That is why they are using Linux.

Re:Why not a windows tool (2)

Gekko (45112) | more than 11 years ago | (#4994875)

While I know you are trolling I will bit anyway.

Not only is dd on various *nixes, bsd's, etc, it is also available on windows. It is called cygwin, and it has dd also.

Re:Why not a windows tool (1)

bloxnet (637785) | more than 11 years ago | (#4994882)

I am very suprised that more forensic investigators and the companies the create forensics software do not use Linux as a primary workstation solution. Windows simply does not have the ability to handle so many different file systems types, etc as compared to Linux (or BSD, etc, etc.. I go with Linux because I think it is a happy medium for a Unix evironment). I mean, with my forensics workstation, Linux allows me to pretty much mount and work with any filesystem type in use, yet I have to swap OS drives and reboot to use most of the commerical forensics tools. Getting Windows to read other filesystems is not that simple, there are occasional bit pieces like explore2fs and the like, but handling non-Windows based files and file systems is not as simplistic as can be arranged on a Linux workstation with a very flexible kernel. As for all of the people mocking your question...that seems silly. What I have yet to try though is using a tool like rawwrite on windows to try and make or copy images. I'll admit so far I am lazy and have not worked with it yet since I have so much of the functionality I need already, but I would imagine getting DD itself (if rawwrite is not an option) to work on Windows (outside of a Cygwin type option) would not be too hard.

Breaking News! (4, Funny)

chunkwhite86 (593696) | more than 11 years ago | (#4994632)

Linux is used by humans outside of the Slashdot community! Stay Tuned!

it figures! (0)

Anonymous Coward | more than 11 years ago | (#4994634)

Linux, the OS used only by dirty hippies, communists, and terrorists. Don't fall into the trap!

Oh Please! (5, Interesting)

Snowbeam (96416) | more than 11 years ago | (#4994636)

How is this news? They are using "dd" a Linux utility. Seeing "Linux" in an article does not warrant a story about it. This demeans Linux by using every little scrap of news to attempt to show that it is in use. Instead we should be demostrating it's uses, rather that reporting that it is in use.

Re:Oh Please! (3, Informative)

The Turd Report (527733) | more than 11 years ago | (#4994665)

To be honest, 'dd' is not a Linux utility. Various *nixes used it before Linux was even started.

Re:Oh Please! (1)

Covener (32114) | more than 11 years ago | (#4994794)

and os/360 JCL programmers were using DD before it found its way into unix...

Re:Oh Please! (2)

kasperd (592156) | more than 11 years ago | (#4994857)

To be honest, 'dd' is not a Linux utility. Various *nixes used it before Linux was even started.

In fact dd is even overkill for this purpose. The same could be achieved by cat or something even simpler. This task is so simple that we shouldn't really care how they did it. I could have written a 42 line Turbo Pascal program under DOS that could do it.

Re:Oh Please! (1)

zabieru (622547) | more than 11 years ago | (#4994688)

Actually, it's even more demeaning, because the government DIDN'T USE Linux. They merely listed it as an option. If you read on, it was an option which was not used.

Re:Oh Please!-Examine carefully. (0)

Anonymous Coward | more than 11 years ago | (#4994885)

" Actually, it's even more demeaning, because the government DIDN'T USE Linux. They merely listed it as an option. If you read on, it was an option which was not used"

"15. On October 18, 2002, I was informed, in substance, by FBI HQ CART Examiner Lee Shepps of the following:

(A) On October 18, 2002, CART Examiner Shepps restored the SafeBack image made by SA/FE Jerry DeWees on September 11, 2001, of the hard drive of Mr. Moussaoui's Toshiba laptop, serial number 11552157G, to a hard drive;

(B) On October 18, 2002, CART Examiner Shepps examined the restored SafeBack image of the Moussaoui laptop using a Linux Boot CD and found it to have only one primary partition (one FAT 32 partition);

(C) On October 18, 2002, CART Examiner Shepps executed a md5sum command (-b /dev/hda1) to generate a value for the restored SafeBack image of the Moussaoui Toshiba laptop hard drive and noted the value to be "de12b076f9d6cc168fe3344dc1e07c58;"

(D) On October 18, 2002, CART Examiner Shepps examined the original hard drive of the Moussaoui Toshiba laptop, serial number 11552157G using a Linux Boot CD and found it contained only one FAT 32 partition; and,

(E) On October 18, 2002, CART Examiner Shepps executed a md5sum command (-b /dev/hda1) to generate a value for the hard drive of the Moussaoui Toshiba laptop, serial number 11552157G, and noted the value to be "de12b076f9d6cc168fe3344dc1e07c58." "

"17. On October 18, 2002, I was informed, in substance, by FBI HQ CART Examiner Lee Shepps of the following:

(A) On October 18, 2002, CART Examiner Shepps restored the SafeBack image made by SA/FE Timothy Ogiela on September 16, 2001, of the hard drive of Mr. Mukkarum Ali's laptop, serial number 88914368A-1, to a hard drive;

(B) On October 18, 2002, CART Examiner Shepps examined the restored SafeBack image of the Ali laptop using a Linux Boot CD and found it to have only one FAT 32 partition;

(C) On October 18, 2002, CART Examiner Shepps executed a md5sum command (-b /dev/hda1) to generate a value for the restored SafeBack image of the Ali laptop and noted the value to be "a665ee60525f795bd99703cd0666937b;"

(D) On October 24, 2002, CART Examiner Shepps examined the original hard drive of the Ali laptop, serial number 88914368A-1, using a Linux Boot CD and found it contained one FAT32 partition; and,

(E) On October 24, 2002, CART Examiner Shepps executed a md5sum command (-b/dev/hda1) to generate a value for the hard drive of the Ali laptop, serial number 88914368A-1, and noted the value to be "a665ee60525f795bd99703cd0666937b."

Actually Linux was used. Also the fact that dd was part of the comparison of valid imaging methods even if not used is a win.

Re:Oh Please! (0, Offtopic)

WWWWolf (2428) | more than 11 years ago | (#4994927)

How is this news?

How many times I've been thinking "Oh, people are again Tuning with some expensive and clumsy programs, if they would have been using *NIX this would have been a lot easier." ... well, in this case, they actually did the Obvious Thing: used dd to copy image of a drive. =)

"If I had been making an image of the disk, I would have used dd... oh, wait, they used dd. Never mind."

But yes, still hardly newsworthy.

NIST Computer Forensics Tool Testing (5, Informative)

metatruk (315048) | more than 11 years ago | (#4994659)

From the article:
Before addressing the authentication for the four specific computers, an error in Mr. Allison's affidavit must be corrected. In his affidavit, Mr. Allison writes: "Many methods are available to create an exact duplicate; however, only one method - the GNU/Linux routine dd - has been approved by the National Institute of Standards and Technologies." Allison Affidavit at 3. This statement is simply wrong. The National Institute of Standards and Technologies (NIST) does not "approve" software, it merely tests it and then publishes the results of its tests.

The test reults are abailable here: []

electron microscopes (4, Interesting)

Alien54 (180860) | more than 11 years ago | (#4994663)

I am confused.(yes, we all know this)

The document states that image files were generated fo the contents of the hard drives. I do not have confidence that an image would also display latent data.

I know myself that when I do a data recovery on a system, I can get many more megs of recovered data from file fragments, deleted folders, etc than can fit on the drive. Most of this extra stuff ias junk data, but you get the idea.

There is no substitue for the original.

Recovery can require a minimum of specialized software or be as complicated as looking at the platters under an electron microscope. I see nothing here that indicates use of such specialized technology, and yet this is supposed to be a national security matter.

Re:electron microscopes (1)

MeanMF (631837) | more than 11 years ago | (#4994675)

dd does a complete image copy of the partition, byte by byte... It doesn't matter what's on the drive, what file system it is, etc. It copies everything.

Re:electron microscopes (4, Interesting)

g4dget (579145) | more than 11 years ago | (#4994736)

The document states that image files were generated fo the contents of the hard drives. I do not have confidence that an image would also display latent data.

It's pretty clear what "dd" images: the entire content of the hard disk drive as it is readable by its disk controller. It won't image residual data that has been erased.

I know myself that when I do a data recovery on a system, I can get many more megs of recovered data from file fragments, deleted folders, etc than can fit on the drive. Most of this extra stuff ias junk data, but you get the idea.

Unless your recovery efforts involve custom hardware, the disk image obtained with "dd", together with bad block information and drive geometry, contains every bit of information you are ever going to get out of that drive. Any software-based recovery working on that image is going to be equivalent to recovery working on the original drive.

Trying to recover data that has been physically overwritten, using analog methods or imaging, is so expensive and time consuming that it is feasible only in special cases.

Re:electron microscopes (0)

Anonymous Coward | more than 11 years ago | (#4994914)

Trying to recover data that has been physically overwritten, using analog methods or imaging, is so expensive and time consuming that it is feasible only in special cases.

One would surmize that the "20th hijacker" would qualify as a spaecial case.

More info at Cryptome (3, Informative)

Alien54 (180860) | more than 11 years ago | (#4994788)

Cryptome has, on it's front page, details on what the FBI is up against [] . Just scroll down a bit.
  • The Eagan, Minnesota Kinkos Computers

    19. The Initial September 2001 Inquiry at the Eagan, MN Kinkos: On October 17, 2002, I spoke with Minneapolis FBI Special Agent David Rapp. At that time, SA Rapp told me that, to the best of SA Rapps unrefreshed recollection, on or about September 19, 2001, SA Rapp went to the Kinkos store in Eagan, Minnesota, to inquire about a receipt found on the person of Zacarias Moussaoui at the time of his arrest. At that time, SA Rapp met with a person who represented himself as a Kinkos employee responsible for managing and maintaining customer computer workstations. At that time, the Kinkos employee informed SA Rapp, in substance, as follows:

    (A) The Kinkos receipt did indicate that a computer workstation had been utilized;

    (B) It could not be determined from the copy of the Moussaoui receipt alone which computer workstation was used;

    (C) In response to SA Rapps inquiry about the possibility of acquiring any information from the computer workstations regarding the use of the computers by Moussaoui, the Kinkos employee stated that, since the date of the receipt, all computers had been wiped clean/formatted and started with a fresh install; and,

    (D) The computer workstations were generally wiped weekly or bi-weekly approximately, even though Kinkos policy called for weekly wipings. At a minimum, the Eagan Kinkos store wiped the computers at least once per month.


    21. Eagan Follow-up: On October 11, 2002, I requested that the Minneapolis FBI Field Office contact Kinkos personnel at the Eagan store and determine if, as alleged by the defense, the Kinkos computer could still maintain evidence of defendant Zacarias Moussaouis use from August 2001. On or about October 15, 2002, Special Agents Brendan Hansen and Christopher Lester visited the Eagan Kinkos and interviewed Brian Fay, who, as of August 11, 2001, was one of two Kinkos employees who knew how to restore an image onto the six computers with internet access designated for customer use. Mr. Fay stated that the six computers presently at the store are the same computers (with the same hard drives) that were present in August of 2001. These six computers are leased and scheduled to be replaced at the end of this year.

    The computers are maintained by formatting the computers hard drives and reloading an image using Norton Ghost whenever business is slow and time allows. There are no logs recording the dates or frequency of loading images on to the computers and Fay could not estimate how frequently they were imaged. Although Fay was not personally familiar with the exact details of the formatting and imaging process he administers to the computers, Fay had been advised by Kinkos that the formatting and restoration process destroyed all files associated with previous users.

This would be rather thorough, it seems.


Re:electron microscopes (1)

Covener (32114) | more than 11 years ago | (#4994800)

It isn't an effort to get at 'hidden' data. It's an effort to allow many people to have access to the data that was on the disk when it was imaged.

Otherwise you're trusting someone else's report, or passing around a mechanical disk (defense attorneys wouldn't be so thrilled about either).

CRC/SHA-1/MD5 (1, Interesting)

MeanMF (631837) | more than 11 years ago | (#4994666)

If the hash value of the original prior to duplication matches identically the hash value after the duplication, one may conclude that the duplicate file accurately reflects the data on the original file. The fact that the hash values match is typically more important than the hash values themselves.

Are they saying that two different files can't have the same hash value? That's a load of crap! It's not hard at all to modify data to create any hash value that you want, especially when you're including "deleted space" in the CRC calculations... It's good at telling you if there were any random modifications caused by errors during copying, but not that the files are identical.

Easy? I don't think so... (3, Insightful)

Subcarrier (262294) | more than 11 years ago | (#4994708)

It's not hard at all to modify data to create any hash value that you want, especially when you're including "deleted space" in the CRC calculations...

That kind of depends on the strength of the hash algorithm, wouldn't you say?

Re:CRC/SHA-1/MD5 (2)

Henry V .009 (518000) | more than 11 years ago | (#4994741)

Sure you can. But to be able to do it with something like MD5, you need to factor some very large prime numbers. Hence the security.

Re:CRC/SHA-1/MD5 (3, Funny)

Henry V .009 (518000) | more than 11 years ago | (#4994758)

Oops...If they were prime, they would be easy to factor. You need to factor the products of some very large primes.

(The last post wasn't a mistake--it was my intentional FUD to keep the terrorist from figuring out RSA. Shhhh!)

Re:CRC/SHA-1/MD5 (5, Informative)

metatruk (315048) | more than 11 years ago | (#4994796)

Are they saying that two different files can't have the same hash value? That's a load of crap! It's not hard at all to modify data to create any hash value that you want

From [] :

The SHA-1 is called secure because it is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest. Any change to a message in transit will, with very high probability, result in a different message digest, and the signature will fail to verify.
So yes, two different files can have the same hash, but it's infeasible to do this. That's why hashing methods like SHA are used in cryptography; SHA-1 is used in DSA signatures.

Re:CRC/SHA-1/MD5 (0)

Anonymous Coward | more than 11 years ago | (#4994815)

bear in mind these are lawyers we're talking about, and probably ones that are not exactly technically minded enough to realize the significance of hashes and message digests in computers.

Re:CRC/SHA-1/MD5 (2)

Edgewize (262271) | more than 11 years ago | (#4994816)

That's a load of crap! It's not hard at all to modify data to create any hash value that you want, especially when you're including "deleted space" in the CRC calculations...

CRC-32, sure. CRC is meant to check for small random transmission errors, not to function as a secure hash algorithm. But if you've figured out a way to force data to match a given SHA-1, you better get a press agent and a secretary because every crypto nut in the world is gonna call bullshit. And no, "trying lots of combinations" doesn't count.

Re:CRC/SHA-1/MD5 (2)

kfg (145172) | more than 11 years ago | (#4994832)

No, what they are saying is that they copied a disc and the two discs had the same hash value.

If you *don't care* what the contents of the original disc are, as is the case with forensic investigation, only that the dupe acurately reflects it, than checking the hash value of both against each is a perfectly valid test.

What they're testing for here *is* random errors in the copy process, not intentional tampering.


Re:CRC/SHA-1/MD5 (3, Informative)

bwt (68845) | more than 11 years ago | (#4994923)

Are they saying that two different files can't have the same hash value? That's a load of crap! It's not hard at all to modify data to create any hash value that you want, especially when you're including "deleted space" in the CRC calculations... It's good at telling you if there were any random modifications caused by errors during copying, but not that the files are identical.

There are no known examples of two files that have the same MD5 (or SHA-1) hash values, so I think you should reevaluate your statement. While it certainly is true that such files do exist (2^128 MD5 values, > 2^128 possible files, pigeon-hole principle, etc...), that does not mean that finding them is computationally easy or even possible.

A brute force search of files would require ~2^128 files to be search to find a match. If 2^32 computers each processed 2^16 files a second on average per year (60*60*24*365 20^30 seconds), then it would take greater than 2^50 years to find a match. Equivalently, the odds that any of the files that have ever been produced by humans have the same MD5 are pretty bad.

It might be possbile that a cryptographic flaw in MD5 exists that could be exploited to reduce the number of files that needed to be searched. I believe no such flaw is known. If one does exist, I'm quite sure it doesn't provide dramatic benefits.

Obvious Solitaire remark (2)

jaymzter (452402) | more than 11 years ago | (#4994668)

Solitaire Forensics Kit, SFK-000A hand-held disk duplicator by Logicube, Inc. (hereafter "Logicube")

I thought Solitaire only duplicated wasted work hours!

Ohhh, ohhhh.... (2, Insightful)

evilviper (135110) | more than 11 years ago | (#4994679)

Oohhhhhh... Someone said the word ``Linux"... Better put it on the front page...

Re:Ohhh, ohhhh.... (2)

metatruk (315048) | more than 11 years ago | (#4994828)

Not only was the word "Linux" mentioned, but so were the words "computer evidence," and "court."
Hey, this is Slashdot. News for Nerds. Stuff that matters.
A lot of us are interested in things such as Linux and computer security. I found this document to be an interesting read, and I am glad it was posted on Slashdot.

email from his pc (4, Funny)

grub (11606) | more than 11 years ago | (#4994682)

Sept. 10, 2001

We're going off flying tommorrow, hope to see you on the other side. Last one there gets the 70 ugliest virgins!

M. Atta

Re:email from his pc (2, Funny)

Anonymous Coward | more than 11 years ago | (#4994696)

Last one there gets the 70 ugliest virgins!

So who did wind up getting the Slashdot editors?

Re:email from his pc (0)

Anonymous Coward | more than 11 years ago | (#4994830)

Mohammad may not have told you this, but the almighty Allah told me last night a little something about those virgins up there. To make a long story short, they're men.

So does this mean... (0)

Anonymous Coward | more than 11 years ago | (#4994687)

Only terrorists use Linux and red blooded americans happily throw
their money at microsoft? Or is it the other way around...
terrorists use Microsoft, in which case, anybody who uses
microsoft is evil. Oh well, good thing I use *BSD,
made in America and other places :)

Re:So does this mean... (2)

VB (82433) | more than 11 years ago | (#4994763)

It doesn't mean anything if you don't read the affidavit. Linux dd was used (is used) as one of 3 methods by the FBI CART to image disks during discovery. That's all it means.

Linux is made in America and other places, too.

To make up for my fp (1, Informative)

danielsmc (577116) | more than 11 years ago | (#4994704)

The United States respectfully responds to Standby Counsel's Reply to the Government's Response to the Court's Order on Computer and E-Mail Evidence (hereafter "Reply") as follows:


The foundation of standby counsel's discovery requests regarding the computer and e-mail evidence rests upon their complaints regarding the "authentication" of the hard drives provided in discovery. "Authentication" in this context means the process of ensuring that the duplicate of the hard drive provided in discovery is an exact copy of what the FBI originally acquired. As FBI Supervisory Special Agent Dara Sewell explains in her attached affidavit, the FBI uses three different methods to duplicate or image a hard drive:1
(1) GNU/Linux routine dd command via Red Hat Linux 7.1 (hereafter "Linux dd");

(2) Safeback version 2.18 imaging software by New Technologies (hereafter "Safeback");

(3) Solitaire Forensics Kit, SFK-000A hand-held disk duplicator by Logicube, Inc. (hereafter "Logicube").

Sewell Affidavit at 2. Standby counsel seek the "complete authentication information for all of the hard drives produced in discovery, particularly the information for Mr. Moussaoui's laptop, the University of Oklahoma system, and Mukkarum Ali's laptop." Reply at 8.

Before addressing the authentication for the four specific computers, an error in Mr. Allison's affidavit must be corrected. In his affidavit, Mr. Allison writes: "Many methods are available to create an exact duplicate; however, only one method - the GNU/Linux routine dd - has been approved by the National Institute of Standards and Technologies." Allison Affidavit at 3. This statement is simply wrong. The National Institute of Standards and Technologies (NIST) does not "approve" software, it merely tests it and then publishes the results of its tests. NIST did, indeed, test Linux dd and publish the results, which included some criticism. Sewell Affidavit at 3. Like Linux dd, Safeback has also been submitted to NIST for review and its final report was published on December 13, 2002. Sewell Affidavit at 3. NIST reported criticisms of Safeback comparable to those cited for GNU/Linux routine dd. Sewell Affidavit at 3-4.2 Thus, for purposes of NIST, both Linux dd and Safeback are accurate imaging tools. With this in mind, the authentication of the four computers at issue follows.3

More important, the manufacturers of both Safeback and Logicube engaged in extensive self-testing of their programs before marketing them. Further, both contain verification programs\functions that ensure that the image\duplicate accurately reflects the data contained on the original. Sewell Affidavit at 4-5. Finally, FBI CART has validated the use of both Safeback and Logicube during their own use of the methods on hundreds of computers. Sewell affidavit at 4-5. Both Safeback and Logicube, like Linux dd, are methods that are accepted within the forensic computer community. Sewell Affidavit at 4-5.

Additionally, Mr. Allison writes: "Further, once the duplicate has been created, a product such as the Message Digest version 5 (MD5) or the Secure Hash Algorithm version 1 (SHA-1) should be used to confirm that the duplication process has been done properly." Allison Affidavit at 3. Mr. Allison refers to programs that generate a unique value for both the data on the original hard drive and the data on a purported duplicate of that hard drive in order to further verify the results of the duplication process. However, as set forth in detail in SSA Sewell's affidavit, both Safeback and Logicube contain self-validating programs that ensure the image or copy process generates an exact duplicate of the original. Sewell Affidavit at 4-6. Therefore, the MD5 or SHA-1 programs only provide an additional layer of verification beyond the already proven reliability of the tool itself. Sewell Affidavit at 6.

Both defendant's and Mukkarum Ali's laptops were duplicated using the Safeback software. To eliminate any questions about authentication, the FBI employed the MD5 program suggested by Mr. Allison on both laptops. The program demonstrated that the images of both laptops provided to the defense in discovery were accurate reproductions of the originals. Sewell Affidavit at 7-10. The significance of this point is two-fold. First, there can be no question that the defense has the exact same copy of the original that the Government has, so they can conduct any further investigation on their copy that they wish. Second, the results of the MD5 program as to these two laptops further demonstrate the reliability of the Safeback program.

Finally, standby counsel seek the BIOS (Basic Input/Output System) settings for defendant's laptop based upon the following assertion by Mr. Allison in his affidavit:
The complete authentication information for Mr. Moussaoui's laptop is even more critical given the indication in the above documents, particularly Bates no. M-LBR-0002265, that the laptop had lost all power by the time of the government's CART examination on August 6, 2002. [Footnote omitted]. The loss of all power means that the original date and time settings cannot be retrieved, and that other settings, such as how the computer performed its boot sequence, the types of ports and peripherals enabled, and the settings regarding the hard disk and the controller, are all lost as well. All of this is essential information on how the laptop was set up.

Allison Declaration at 3-4. As SSA Sewell makes clear in her affidavit, however, the BIOS settings for defendant's laptop were recorded at the time that it was imaged, September 11, 2001, before any loss of power. The BIOS settings are set forth in SSA Sewell's affidavit. Sewell Affidavit at 11. Therefore, no authentication issues exist as to defendant's or Mukkarum Ali's laptops.4

Unlike the laptops, the two hard drives at the University of Oklahoma (known as "PC 11" and "PC 14") were never removed from the university and are not currently in the Government's possession. Due to the nature of the hard drives, the FBI used the Logicube hand-held disk duplicator to copy the drives and then imaged the duplicates with the Safeback program. Logicube was selected to duplicate the University of Oklahoma hard drives because of its portability. Sewell Affidavit at 3-5, 18. Like Safeback, Logicube has been verified by both its manufacturer and the FBI. Moreover, Logicube performs self-checking functions to ensure that the duplicate drive accurately reflects the contents of the original drive. Finally, although Logicube has not yet been reviewed by the NIST, hand-held disk-duplicators such as Logicube are widely accepted in the information and forensic communities. Sewell Affidavit at 5. Consequently, there can be no challenge to the authenticity of the duplicates of the University of Oklahoma hard drives.

The Request for a Chart for the Remaining Hard Drives

Standby counsel next seek a chart "for the approximately 140 remaining hard drives. At a minimum, the chart should include the origin/source for each drive and the significance of the drive to the case." Reply at 9.5 On November 22, 2002, the Government supplied the defense with a chart listing each hard drive produced in discovery, when it was produced, and a detailed description of its source from which the defense can assess its significance. Further, in a letter dated December 18, 2002, the Government identified the computer evidence that it believes to be relevant for this prosecution. Of course, the burden rests with the defense to determine the significance of a piece of evidence to their defense. Cf. United States v. Comosona, 848 F.2d 1110, 1115 (10 th Cir. 1988) ("The Government has no obligation to disclose possible theories of the defense to a defendant. If a statement does not contain any expressly exculpatory material, the Government need not produce that statement to the defense. To hold otherwise would impose an insuperable burden on the Government to determine what facially non-exculpatory evidence might possibly be favorable to the accused by inferential reasoning."); United States v. Nachamie, 91 F. Supp. 2d 565, 569 (S.D.N.Y. 2000) ("The clear language of Rule 16(a)(1), however, does not require the Government to identify which documents fall in each category - it only requires the production of documents responsive to any category."); United States v. Greyling, 2002 WL 424655 at *3 (S.D.N.Y. 2002) ("Fed. R. Cr. P. 16(a)(1)(C) only requires that the Government afford defendants an opportunity to inspect the documents it intends to introduce at trial. It does not require the Government to identify which documents it intends to introduce.") (emphasis in original). Therefore, this request is now moot.

The University of Oklahoma Hard Drive

Standby counsel next request the Court to "[o]rder the Government to confirm that the UO hard drive produced in discovery has not been contaminated and explain why the 70 GB of unused storage space on that hard drive contains material that should not be there." Reply at 9. As the affidavit of SSA Sewell makes clear, the following answers Mr. Allison's concerns about University of Oklahoma PC 11. Approximately 9.537 gigabytes of information were duplicated from PC 11's hard drive by the Logicube program onto a 40 gigabyte drive. Thereafter, all data on the Logicube 40 gigabyte drive was imaged and later restored using the Safeback program onto a 80 gigabyte hard drive, which was then turned over to the defense. The primary partition which exists on the defense 80 gigabyte duplicate hard drive accurately represents the approximately 9.529 gigabytes captured from the primary partition of PC 11 without contamination. The balance of the space on the 80 gigabyte hard drive provided to the defense contains the following:
(1) Approximately 7.26 megabytes of data of the 9.537 gigabytes of data captured from PC 11. This information actually appeared on PC 11 outside of the primary partition and was duplicated by Logicube. Therefore, this data previously existed on the PC 11 and did not result from the imaging/duplication process;

(2) Unused space which consists of a series of zeroes; and,

(3) Approximately 4 megabytes of repetition of the 9.537 gigabytes of information captured from PC 11, which was created by the Logicube tool when it first began to duplicate the material contained on PC 11.6

Sewell Affidavit at 19-20. All of this simply means that the first 9.537 gigabytes of the 80 gigabyte hard drive provided to the defense accurately contains all of the data that existed on PC 11 at the time of duplication and was not "contaminated" by any outside data.

The Examination of Moussaoui's Laptop

Standby counsel's fourth request questions whether the defendant's laptop was imaged before it lost power. The defendant's laptop was imaged on September 11, 2001, before the laptop lost power. Sewell Affidavit at 11. The BIOS settings for the laptop requested by standby counsel are set forth in SSA Sewell's affidavit. Sewell Affidavit at 11. Therefore, this request is now moot.

The xdesertman@hotmail Account and Other E-Mail Accounts

In their fifth request, standby counsel ask the Court to "[o]rder the Government to examine all of the temporary files of the computers Mr. Moussaoui used (those at UO, his laptop, and Mukkarum Ali's laptop) and determine whether information can be obtained from them concerning the account and the other email accounts listed in paragraph 33 of the Lawler Affidavit." Reply at 10. SSA Sewell's affidavit describes the unsuccessful searches of each hard drive conducted by FBI CART Field Examiner Thomas Lawler for the e-mail account as well as at least 27 variations of this account and other e-mail accounts associated with the investigation of this case. Sewell Affidavit at 15. Moreover, as previously demonstrated in the first section of this pleading addressing the authentication issues, the defense now has an exact copy of what the Government has. Therefore, there is no reason that the defense, including their computer expert, cannot conduct the same examinations of the four hard drives at issue as the Government. Consequently, this request should be denied.

Similarly, in their sixth request, standby counsel ask the Court to order the Government to conduct an investigation at their behest when they have the same ability to conduct the investigation. The defense possesses the same subpoena power as the Government and, if they wish to serve a subpoena on Hotmail, Microsoft, or any other company, they should do so. See Fed. R. Crim. P. 17(c); 18 U.S.C. 3005. Moreover, the Group Manager for Policy Enforcement for MSN Hotmail reports that a search as suggested by Mr. Allison in his Declaration (see Allison Declaration at 6) would have no success. Sewell Affidavit at 21-22. Therefore, this request should fail.

The Internet Provider Address for University of Oklahoma PC 11 Computer

Next, standby counsel ask the Court to "[o]rder the Government to (A) explain the reason for the discrepancy in IP addresses for the UO PC 11 computer, (B) confirm that the UO hard drive produced to the defense in discovery ( comes from the computer used by Mr. Moussaoui at the University of Oklahoma, and (C) confirm that Mr. Moussaoui did not use any other UO computer." Reply at 11. Simply put, a typographical error exists in the Lawler Affidavit submitted by the Government. The correct internet provider address for University of Oklahoma PC 11 computer is Sewell Affidavit at 18. As discussed in the first section of this pleading regarding authentication, a duplicate of the hard drive for PC 11 has been provided to the defense. As to whether Mr. Moussaoui used any other computer at the University of Oklahoma, only the defendant definitively knows the answer. The only evidence that the Government has regarding Mr. Moussaoui's computer use at the University of Oklahoma involves PC 11 and PC 14, copies of which have been provided to the defense in discovery.

The Kinko's in Eagan, Minnesota

In their eighth request, standby counsel seek "more information about the procedures used by Kinko's personnel and the steps they took to clean the Kinko's system and verify that no evidence of Mr. Moussaoui's communications via Kinko's internet access still remains on the Kinko's system." Reply at 11. SSA Sewell's affidavit describes in detail the procedures used by Kinko's to overwrite ("clean") their systems. The affidavit reveals that during the month between the defendant's use of the computers at Kinko's on August 12, 2001, and September 11, 2001, Kinko's cleaned their machines at least one time and perhaps many more, since their policy was to re-image (clean) the computers weekly. Sewell Affidavit at 12. Since September 11, 2001, the computers have been re-imaged several times and Kinko's personnel adamantly state that they are unable to recover any pre-existing data from a work station hard drive after the re-imaging process. Sewell Affidavit at 13. Further supporting the inability to locate references to is the fact that FBI CART examiners searched all data related to this e-mail account on both defendant's and Mukkarum Ali's laptops as well as the University of Oklahoma computers, none of which were ever "cleansed" or overwritten, and no data was found collaborating even the existence of any such account, or its use by the defendant. Sewell Affidavit at 15-17. Thus, there is no reason to believe that a search of the Kinko's computers in Eagan, Minnesota, would recover any relevant information about the defendant's e-mail use on these computers. Sewell Affidavit at 17.7

The "File Slack" Portions of Mukkarum Ali's Laptop

Standby counsel next ask "the Government to confirm that the 'file slack' portions of Mukkarum Ali's computer do not contain relevant information about Mr. Moussaoui's use of the computer to send e-mails." Reply at 11. As previously stated in the first section of this pleading addressing authentication, the defense has an identical duplicate of what the Government has; therefore, they can search Mukkarum Ali's computer as they wish. Moreover, FBI Cart Examiner Thomas Lawler thoroughly reviewed Mukkarum Ali's computer, including the "file slack" portions, and found no relevant information. Sewell Affidavit at 15. Therefore, this request should be denied.

The "Ghosting" of the University of Oklahoma Computers

Standby counsel conclude their requests by asking "the Government to identify the procedures employed by UO personnel to 'ghost' the computer(s) allegedly used by Mr. Moussaoui and order the Government, despite the fact that it may be 'likely lost' (see Lawler Affidavit at 28), to retrieve any forensic evidence showing use of those computers by Mr. Moussaoui and what he did while using those computers." Reply at 11. Calvin Weeks, the technical security officer for the University of Oklahoma, told the FBI that the University of Oklahoma used the commercial software Norton Ghost to restore a previously recorded hard drive image. Sewell Affidavit at 21. As to the second part of standby counsel's request, the defense has in their possession a duplicate of University of Oklahoma PC 11 and PC 14; therefore, they can perform any investigation of these hard drives that the Government can. Therefore, this request should be denied.


The attached affidavit by SSA Sewell fully addresses the issues raised by standby counsel and demonstrates beyond question that the FBI properly and exhaustively examined all computer evidence in this case.

Respectfully Submitted,


By: /s/

Robert A. Spencer
Kenneth M. Karas
David J. Novak
Assistant United States Attorneys

FBI HQ originally denied e-mail search request (4, Interesting)

michaelmalak (91262) | more than 11 years ago | (#4994720)

See my Aug. 29, 2002 blog article FBI didn't get Moussaoui's e-mail despite having his laptop [] , which notes the irony that "the U.S. government is interested in the e-mail of all those in the U.S. except for alleged terrorists" and which links to an Aug. 29, 2002 Washington Post article [] .

(Recall that Massaoui was already in jail before Sep. 11. These pre-Sep. 11 e-mail search requests were rebuffed, according to FBI whistleblower Colleen Rowley.)

Re:FBI HQ originally denied e-mail search request (0)

Anonymous Coward | more than 11 years ago | (#4994748)

Another Bill Clinton legacy.

Just like North Korea.

What an asswipe.

Privacy irony & national security (4, Interesting)

MacAndrew (463832) | more than 11 years ago | (#4994844)

Note that the FBI, charged by so many with violating people's privacy in every way imaginable, here dropped the ball by bring too cautious about someone's privacy.

You can't win -- bungling cuts both ways.

Anyone wonder why the heck the Minnesota FBI office went to Washington for a piddly search warrant, instead of their friendly local court? Because this was not an ordinary warrant, but a national security warrant designed to investigate suspected terrorists who might not have committed any crime to provide probable cause for a regular warrant. (You know, like Minority Report. OK, it's not that bad. :)

It will be interesting to see who gets blamed once all of the finger-pointing is over.

From NYT [] by James Risen*:
According to Ms. Rowley's letter and other bureau officials, the Minneapolis field office believed that the French report on Mr. Moussaoui provided enough troubling information about his ties to Islamic extremism to go to court to obtain a search warrant under the federal law that allows the government to carry out searches and surveillance in espionage and terrorism cases. Under the statute, investigators do not have to show that a subject committed a crime, only that they have reason to believe the suspect is engaged in terrorist activity or espionage on behalf of a foreign power or a terrorist organization.

* Another little note -- James Risen with Jeff Gerth were the NYT reporters blamed with stoking the fire over Wen Ho Lee debacle. Of course, lots of people were blamed [] -- sound familiar?

Re:Privacy irony & national security (2)

nathanm (12287) | more than 11 years ago | (#4994880)

Anyone wonder why the heck the Minnesota FBI office went to Washington for a piddly search warrant, instead of their friendly local court? Because this was not an ordinary warrant, but a national security warrant designed to investigate suspected terrorists who might not have committed any crime to provide probable cause for a regular warrant.
I think you answered your own question pretty well. I live in Minneapolis, and I doubt the local district court [] has the facilities for classified proceedings involving national security issues. Just the fact they had to check with French intelligence agencies was probably enough to warrant (no pun intended) going to Washington with the case.

Moussaoui is the exception that proves the rule (3, Insightful)

michaelmalak (91262) | more than 11 years ago | (#4994908)

It is universally agreed that privacy and security are in conflict with each other and must be balanced. But this is a case where a warrant was sought for an individual based on a reasonable suspicion. Contrast this with Carnivore and Total Information Awareness, which are warrantless fishing expeditions of entire populations. I'm a staunch privacy advocate [] , yet advocate reasonable searches of a very small number of suspected terrorists.

You say that the FBI was "too cautious" -- do you have any evidence that that was the motive?

I see no irony in being a privacy advocate while decrying FBI supervisors for denying the request to search Moussaoui's e-mail.

P.S. In another related story [] , the FBI supervisor who thwarted Rowley's investigation recently got a big cash bonus.

Mark of desperation? (0)

Anonymous Coward | more than 11 years ago | (#4994724)

It seems as though Moussaoui's lawyers are desperate to keep his emails out of his trial.

I just have one question: Can I be the one to flip the switch that will make him do the 60-cycle shuffle?

Im not the nerd I thought I was (1)

JeanBaptiste (537955) | more than 11 years ago | (#4994740)

A detailed discussion for all 140 hard drives provided in discovery

Mousauoiioio whatever his name is sure had a lot more computer stuff than I do...

RIAA Math (2)

Cyno01 (573917) | more than 11 years ago | (#4994835)

He probably just had one or two drives, but they were really big, so they were the equivalent of 140 drives.

'dd' isn't _quite_ an image (3, Insightful)

wfmcwalter (124904) | more than 11 years ago | (#4994759)

Neglecting the STEM/SQUID recovery issues mentioned above, it's rather dissapointing to see the feds using only a generic imager like dd to image the disk, as it's not quite a full image of all the stuff on the disk.

The contents any LBA that is in the drive's remap table (i.e. blocks that the drive electronics have previously determined either to be bad or going bad) aren't captured by dd - the drive instead sends the data payload corresponding to the LBA's remapped physical address. The bad/bad-ish block remains, and its data is quite possibly still valid (or perhaps valid but for a couple of localised errors). These blocks thus hold tiny slivers of data stored on the drive sometime in the past (the last thing written before the block went bad).

Although this missed data represents a microscopic fraction of the total data on the disk it could, at least in theory, contain recoverable data of an evidenciary nature. The only way to see this is a drive-vendor specific low-level read - I don't know much about the other two tools the article describes, but it doesn't sound like those do that either.

Given that there's only a handful of drive manufacturers left, and the (non-servo) parts of the firmware on their drives doesn't vary hugely between models, it really wouldn't be too hard for law-enforcement types to have proper physical-level imaging tools for any drive they're likely to encounter.

Re:'dd' isn't _quite_ an image (0)

Anonymous Coward | more than 11 years ago | (#4994811)

dd, et al don't take remapped blocks into consideration
Sounds good. At least now we know what to do if we want to set aside a few blocks to store personal, private bytes on a hard disk if we want them to have a chance of remaining private.

Re:'dd' isn't _quite_ an image (4, Informative)

wfmcwalter (124904) | more than 11 years ago | (#4994838)

Hey, there's something else - they're doing checksum calculation not on the disk image (/dev/hda) but on the partition image (/dev/hda1) - which means they're not entirely capturing everything that's potentially on the disk (in particular: the boot sector, the MBR, and any other partitions).

Now, the document says the examiner determined that there was only one partition, and that he used a "a Linux Boot CD" - this implies (it's not terribly clear what that actually is) that he used linux's fdisk command (or diskdruid or something) to determine that there was indeed only one partition - by examining the current contents of the drive's partition table.

Doing this doesn't capture any space not currently assigned to a partition - in particular, if another partition were present but was then deleted, or if the extant FAT32 partition were resized (say with partition magic).

Infact it's rather unusual for a windows laptop to only have one FAT32 partition - many (most?) vendor-created laptops ship with a sleep-to-disk partition on the disk as well (Dell seems to always to this on windows systems).

In a non-forensic setting, these gripes would be beyond pedantic, but given the seriousness of the crime concerned, and the alleged technical skill of the terrorist groups implicated, these omissions are not immaterial. I do hope that they're omissions only in this document and that the examiners actual procedure did properly image, checksum and examine _all_ of the disk's contents.

Re:'dd' isn't _quite_ an image (1)

GigsVT (208848) | more than 11 years ago | (#4994868)

The thing is, it's usually enough. Only in very high stakes cases will forensics require anything more than a dd image, and a reconstruction of some parts of some deleted files. It's all about cost and benefit. The chances of something critical being in a spared sector are pretty slim, and if they can get what they need from a dd image, why bother?

I'm suprised the Mac zealots aren't saying! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4994769)

Look! Terrorists don't use Macintoshes!

IP = Internet Provider, according to F B I (1, Funny)

Anonymous Coward | more than 11 years ago | (#4994890)

R O T F L!

[Start Quote]--

The Internet Provider Address for University of Oklahoma PC 11 Computer

Next, standby counsel ask the Court to "[o]rder the Government to (A) explain the reason for the discrepancy in IP addresses for the UO PC 11 computer, (B) confirm that the UO hard drive produced to the defense in discovery ( comes from the computer used by Mr. Moussaoui at the University of Oklahoma, and (C) confirm that Mr. Moussaoui did not use any other UO computer." Reply at 11. Simply put, a typographical error exists in the Lawler Affidavit submitted by the Government. The correct internet provider address for University of Oklahoma PC 11 computer is

--[End Quote]

I don't know whether to laugh or cry that the security of our nation is in the hands of these FBI "experts". :(
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>