Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: williamlucas
New Today: 1
New Yesterday: 2
Overall: 29661

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Esta zapatilla para correr Air Max Plus TN también se puede
 Software to search an FTK Lite Mounted drive with keyword
 How much can be found?
 Computer Forensic in responding to Data Breach issues
 A bunch of numbers about digital evidences collection

Computer Forensics World Forums


Pages Served
We received
59488518
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Length of Investigation
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Length of Investigation

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues
View previous topic :: View next topic  
Author Message
CMaricle
Newbie
Newbie


Joined: Mar 07, 2012
Posts: 2

PostPosted: Thu Mar 08, 2012 6:13 am    Post subject: Length of Investigation Reply with quote

Hi,
I have a question that I have not been able to find the answer for all over the internet. I live in the State of Minnesota and 8 months ago I received a phone call at work that a government agency (MCA) was at my house with a search warrant for all computer systems in my household due to a ping on my IP address for child pornography. Please understand that I know each and every person in my household is innocent. The accusation of such a thing has put my family in turmoil and we have been 100% cooperative with the detectives for the last 8 months.

A total of 3 desktops, 3 laptops, and 2 external hard drives where seized. Among those devices, 1 desktop, 1 laptop, and both external hard drives are for my work and contain the only copies of source codes I need for a project I am working on and need to make upcoming modifications too.

I have no clue as to how they received a ping from my IP address as I have WPA2-PSK encryption on my household wireless network which I know is not bulletproof especially with all the connected devices associated with it. The computers have not been used by anyone outside the household as well. My theory is someone got on my WIiFi.

Their was a similar case that happened around the same time in my town which is rather small (23,000 population) where a guy was busted using local WiFi networks (open only?) to download child pornography according to our county attorney and I believe we could have been a victim if he possessed the basic wireless security skills required.

My question, is their a time limit on how long they can keep our systems to examine by law or is it a on their time basis?

Any input or advice on this case from someone with knowledge on it would be much appreciated. I am at the point of contacting a lawyer now which I thought was not necessary at first and filling a complaint with Internal Affairs at the MCA.

Thanks in advance Smile
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Thu Mar 08, 2012 7:16 am    Post subject: Reply with quote

It is pretty much based on how long it takes them to examine the computers. With backlog and such it could take quite a while. I know hind sight is 20/20 but this is a great example of why off site backups are such a necessity.

As for how someone could have used the system for that, using wpa2-psk makes it so that cracking would take so many years that it is extremely unlikely that anyone used your wireless without having been given the key. Especially since it is just easier to go down the street and find someone with open wireless.

If you are truly innocent, once they get the computers examined they will be returned.

I will say that they don't give out search warrants without having something that the judge believed was probable cause. That doesn't necessarily mean you are guilty, only that there appeared to be enough evidence to make the judge believe they should look deeper.

You SHOULD contact a lawyer, whether innocent or not. You should have contacted a lawyer as soon as it happened.
Back to top
View user's profile
CMaricle
Newbie
Newbie


Joined: Mar 07, 2012
Posts: 2

PostPosted: Thu Mar 08, 2012 9:09 am    Post subject: Reply with quote

Thanks for the quick response cybercop.

However, I disagree with you about cracking WPA2-PSK wireless encryption as it is a rather simple process. Its just a matter of capturing the 4 way handshake and cracking the pre-shared key. A simple passphrase such as the one I used being only 8 lowercase characters built on words from the dictionary could be done rather quickly. I kept it simple for my family to remember and all my own network communications are going through a company VPN using 256-bit AES encryption.

You are right that is seems rather pointless to mess with my network and would be easier just find a open network. And, you are very correct about the importance of off site backups which was the external drive taken. The original files stored on the company server where corrupted by a new employee in my department.

Although I did not come here to discuss security related issues, I was simply wondering if there is a time frame by law that they are required to complete the job. As it seems according to you cybercop, they can take their sweet time. I will be contacting my lawyer tomorrow on this.

Thanks again.
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Thu Mar 08, 2012 9:48 am    Post subject: Reply with quote

CMaricle wrote:
Although I did not come here to discuss security related issues, I was simply wondering if there is a time frame by law that they are required to complete the job. As it seems according to you cybercop, they can take their sweet time. I will be contacting my lawyer tomorrow on this.
It is not so much that law enforcement can "take their sweet time" as much as computer forensics is a lengthy process and the examiners/investigators are probably swamped with cases.

Your attorney should be able to get a forfeiture hearing scheduled if you have one specific piece of media that is inhibiting your ability to work. That is if the device can be shown to be a business asset and by keeping you from using that device it is impacting your livelihood, you can usually have that one item considered more quickly.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. © 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.