Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Data Storage Privacy

File Systems for Electronic Surveillance Devices? 136

Posted by Cliff from the discrete-audio-data-storage dept.
An anonymous reader asks: "A friend recently discovered that her vehicle had been bugged by the police (for reasons I won't go into here). It seems the set-up had been wired into the car's electronics, so that whenever the car was going the microphones were recording the occupants' conversations. Unfortunately I didn't get to see everything she recovered, as she was a bit exuberant in her removal and disposal. However, I have been given a 20G Fujitsu notebook hard drive and some kind of audio processing chip from a manufacturer by the name of Topoint, and have been asked if I can examine the contents. You can read on to hear about my efforts so far, but I have several questions: If the surveillance device came from a vendor, what kind of file system might they use, and if - as I suspect - it is encrypted, do I have any options other than writing zeros over the drive and putting it to less controversial use?"
"Not knowing what to do with the audio chip, I focused on the notebook hard drive. I got an adapter, connected it as master on my desktop and booted up. After checking the BIOS to see if the drive was recognised (it was), I was presented with a full-screen simple line diagram showing the floppy drive slot, a floppy with an arrow in front of it and across the bottom, the F keys with the F1 key depressed. Hitting F1 with or without entering a disk resulted in 'Non-system disk error...' So much for the direct approach.

Next I set the drive as slave and booted Linux (Mandrake and then a few Live CDs), but the drive contents weren't recognised due to the lack of a partition table. So, I kept it as slave and ran a few forensic and data recovery tools in Windows: DFSee and tools from Mare Software and Runtime Software. I couldn't recognize the file system or recover anything from the drive with these, so I figure it isn't formatted with any of the standard FAT, FAT32, HPFS, NTFS, JFS, EXT2/3 or REISER file systems. I've kind of reached the limit of my abilities here, but my curiosity has been stoked.

Does anyone have any suggestions or comments - useful or otherwise? To anticipate a few in advance: Yes, listening devices might well run Linux. We're not in the US and are more interested in human rights than terrorism. My friend obviously knows most of what has been recorded, but wants to figure out how long the bug was in place."
This discussion has been archived. No new comments can be posted.

File Systems for Electronic Surveillance Devices? More

File Systems for Electronic Surveillance Devices?

Comments Filter:

  • Interesting...could it be that there isn't a FS? (Score:5, Interesting)

    by mc_barron ( 546164 ) on Tuesday March 15, 2005 @07:29PM (#11948157) Homepage
    What an interesting story! Could it be possible that the drive has no structure? Couldn't the audio data be directly written from the beginning to the end of the disk sectors without being an actual file?

    I would try grabbing the data off of the drive as an image, then "playing" the image as if it were one large audio file.

    • Re:Interesting...could it be that there isn't a FS (Score:3, Interesting)

      by Anonymous Coward
      If the drive does lack a file system there will most likely have been a header written at the start of each 'session' possibly with a timestamp. Have you tried looking for repeating patterns in the raw data that might delineate chunks of audio.

      Two things to try (assuming you have the drive as hdb.
      1. strings /dev/hdb
      2. cat /dev/hdb > /dev/dsp

      You never know, they may have been that lazy.
    • I would try grabbing the data off of the drive as an image, then "playing" the image as if it were one large audio file.

      Yah, drag it to iTunes!

  • They bugged her car with a 20G laptop harddrive?

    I smell bullshit.

    Either way, what you are doing is a aiding and abetting. You should give it back to her after wiping your prints off it.
    • Not to mention receiving stolen goods, tampering with government computers, interfering with an investigation...

      If this cat's on the level, I forsee a nice, government-paid vacation soon...

      • How is this tampering and stealing? (Score:2, Interesting)

        by Anonymous Coward
        He/She found a hard drive in a car. How can the police prove that he/she knew that it was police/government property? Does it have "property of the police" stamped on it? Also, how is the device "stolen"? It was found in the person's car. They didn't steal it from some house, or from someone else's car. If I find an item in my car, am I stealing it if I remove it? What am I supposed to do, leave it there? I would say that whoever installed the device in the car is the person doing the stealing, because it u
    • I smell something fishy. Tsunami fishy. [slashdot.org]

    • They bugged her car with a 20G laptop harddrive? I smell bullshit.

      Why? A bug has to store its recordings somewhere. Despite what you see on The Sopranos, radio links are unreliable and do not produce quality recordings. There are alternatives for storage such as Flash ROM, but none of them have any really compelling advantages. A notebook drive is small enough to conceal easily amongst all the hardware under the hood of a car. 20 GB is probably overkill, but nowadays it's hard to buy hard drives smaller

    • what you are doing is a aiding and abetting.Aiding *what*? Sounds like the friend discovered a hard drive in her car and decided to keep it, which is perfectly reasonable.

      Last time I checked it still isn't a crime to disassemble your own property, despite what Lexmark says.

      Sounds like the dipshits who can't even spy on people without being discovered lost the right to their harddrive.

      • Last time I checked it still isn't a crime to disassemble your own property

        In the Land of Free and Home of Brave® it could be a crime. My limited understanding of the DMCA suggests I can't use DeCSS in my own house in the USA to look at the DVD I just bought with my own money because it would "circumvent a copyright protection device".

        [I wish they'd just concentrate on enforcement of actual instances of copyright infringment such as copying and distributing for a profit or, better, on reforming copy

      • All the world is not teh USA, ya know.
    • IF the submitter took advice from a helpful comment, would the poster be aiding and abetting as well?

    • It sounds to me more like somebody lying to inflate her ego.

      But that chip is weird.

      http://64.233.167.104/search?q=cache:h7sCqBKO0YEJ: www.topoint.cc/eng_topoint/profile.htm+Topoint&hl= en [64.233.167.104]

      Hey, they're "inglorious in plagiarizing"

  • Hmm (Score:1, Offtopic)

    by Goon Number 1 ( 168487 )
    Ok, so you've got a hard drive that was a part of a criminial investigation on your hands. And you are trying to get the data off it, which, while fun, sure, is interfering with said criminal investigation.

    So then you go and post on Slashdot about how best to hack the hardware you have in hand.

    I think you have bigger probems than the technical ones you are facing. Get a lawyer.
    • Apparently there are even bigger problems than that involved. The summary says that this isn't the US, and that there are "human rights concerns" which I would suspect go above and beyond the concerns of any one person, particularly if the police are acting to restrict those human rights.

      If that's the case, then impeding the investigation could well be the least of your worries.

      • I don't disagree with a thing that you have said, however, in most places interfering with the police for any reason is a HUGE no no. If you are in a country where human rights are a concern, you had better tread carefully when breaking their toys.

        Aside - Toppoint appears to be a Chinese manufacturer, according what turned up on google [topoint.cc].

        • Re:Hmm (Score:5, Informative)

          by ar32h ( 45035 ) <jda@ta p o d i . net> on Tuesday March 15, 2005 @08:21PM (#11948695) Homepage Journal
          Toppoint may build custom chips / build clone chips.
          Any/all numbers on the chip would probably be more useful than the manufacturer's name.

          Also, and perhaps a red herring, could the device in question be the product found here [gpevergrowth.com]?
          It is a GPS tracker with audio recording capability. It also happens to take 20G drives and uses a SOIC for control.
          It may be a jump, but Toppoint could have been the board builder.

    • Re:Hmm (Score:4, Interesting)

      by monkeyserver.com ( 311067 ) on Tuesday March 15, 2005 @07:40PM (#11948248) Homepage Journal
      I wonder, how is that illegal? She finds this stuff in her car, it's in her personal vehicle. Does it say, "Government property - no tampering!" If not, then I would assume that if some one places something into my personal property, and leaves it there, it becomes mine. Which means I can do whatever I want with it.

      That may not be true, but it's such a gray area, how am I supposed to know what it is, or why it's there. I mean for all I know it could be part of my car, in which case I can do what I want with it.

      But yes, I'd agree that telling the world via slashdot that I want to foil the police's efforts to find a "criminal" is pretty dumb.

      • Re:Hmm (Score:1, Interesting)

        by Anonymous Coward
        I wonder, how is that illegal? She finds this stuff in her car, it's in her personal vehicle. Does it say, "Government property - no tampering!" If not, then I would assume that if some one places something into my personal property, and leaves it there, it becomes mine.

        Except the submitter assumes it was placed by the police, so we have to trust him that he knows it's government property. Anyway, all that's mute. If this is real, it's probably likely the police don't worry too much about following the

      • Well, interfering with a wiretap is a federal crime. For example, if there is a tap on your phone, and you notice it, and you remove it, they can send you to jail. Has nothing to do with whose property you assume it is. Assume all the way to the clink.

      • Re:Hmm (Score:2)

        by hey! ( 33014 )
        Well, there's obstruction of justice, here's one choice bit:

        Title 18 U.S.C. 3. Accessory after the fact. Whoever, knowing that an offense against the United States had been committed, receives, relieves, comforts or assists the offender in order to hinder or prevent his apprehension, trial or punishment, is an accessory after the fact.

        Furthermore, if the bug was put there with a court order, it has every legal right to be there. It is not legally speaking trespassing on the bugee's private property.

    • Re:Hmm (Score:1, Funny)

      by Anonymous Coward

      I think you have bigger probems than the technical ones you are facing. Get a lawyer.

      Or better yet, dd the HD contents into a file and put it up on bittorrent.

    • How do you know it was a criminal investigation. The investigatee may have been a member of a political party other than the encumbant party. This happens all the time even in so-called democratic countries.

  • What I'd really like to know... (Score:2, Interesting)

    by Anonymous Coward
    ...is how she discovered the bug? Just random digging through the car's guts one day, or was there something suspicious that tipped her off? If there's a way of spotting it, that sort of info could be useful to the rest of us. For that matter, how would you even tell this wasn't just part of the car's electronics if you weren't a mechanic?
    • that's an interesting thought. Maybe the microphones were part of the handsfree mobile phone system she recently had installed. Maybe the disk was found floating around on the back floor and was accidently left there by her teenage son... no filesystem 'cos he'd just bought it.

      Does the car actually still work? Is your friend blonde?

  • Neat, but you might want to talk to a lawyer... (Score:4, Interesting)

    by CokeJunky ( 51666 ) on Tuesday March 15, 2005 @07:36PM (#11948212)
    Sounds like a fun little project and I wish you the best of luck, but someone should point out that what you are doing may be considered as some form of interferance with the law, and at the very least you will be making some detectives at the PD very unhappy. I think I would wash my hands of it and return it to the friend... stay out of it. Or if you have good reason to get involved in it, you should probably consult a lawyer before you go any farther.

    Perhaps I should start a pool as to when /. posts the article about a person who was arrested for interfering in an investigation and tampering with police property?

    I would find it a hard choice to make myself -- just on the coolness factor, but use some common sense before you find yourself in hot water!
    • Perhaps I should start a pool as to when /. posts the article about a person who was arrested for interfering in an investigation and tampering with police property?

      If it isn't marked, who's to know who it belongs to or who installed it? We can make educated assumptions, but unless it says "Property of XYZ Police Department", who knows? And even than, it's in your car, without your permission, what the hell do you know why it's there?

      But, I think this post is a load of shit from someone who wants to see s

  • First, make a copy! (Score:5, Informative)

    by PaulBu ( 473180 ) on Tuesday March 15, 2005 @07:36PM (#11948213) Homepage
    dd if=/dev/hdb of=/home/me/image

    (assuming you have free 20G on your HDD)

    Then try file /home/me/image -- if disk was
    used just to dump data, you might as well see that it is a WAV file.

    Then try strings /home/me/image|less and see if you notice anything special. If all your strings will be 4-letter random words, most probably it is encrypted and you are out of luck. Or maybe not, if they used something like XOR -- try building a hystogram of byte values distribution. If it is flat -- well, then you are screwed with a well-encrypted disk, and your best bet is to secretly ship the disk to a TLA of your country's adversary. ;-)

    Paul B.

    • Re:First, make a copy! (Score:5, Insightful)

      by fm6 ( 162816 ) on Tuesday March 15, 2005 @07:58PM (#11948473) Homepage Journal
      (assuming you have free 20G on your HDD)
      If he doesn't, he should spend a few bucks on a new disk before proceeding. Working off a copy is absolutely mandatory for something like this.
      • Yeah, I thought about mentioning that too, but take into account that the poster is not in the US and the nearest Fry's might be a bit too far. ;-)

        Paul B.
        • In this day and age, Fry's is as close as Slashdot. I mean, they both have web sites. I suppose expense might be an issue.

          • Re:First, make a copy! (Score:2, Informative)

            by BJH ( 11355 )
            If you're living in the US, you might not be aware of it, but most major US retail sites make it quite difficult for people overseas to utilise their services.
            For example, they refuse to allow the use of credit cards with a billing address outside the US, require a copy of the front and back of the card to be sent to them by snailmail, charge absolutely exorbitant shipping rates (I'm talking $US40 for non-express shipping on a $US100 item that's no bigger than a hardback book), and that sort of thing.
        • There ARE computer stores in other countries too you know...
    • If all your strings will be 4-letter random words, most probably it is encrypted
      Either that, or the device was previously used in a Mafia investigation.

  • "Data Recovery" (Score:2, Insightful)

    by vancera ( 517585 )
    It would be fun to send that drive to one of those data recovery outfits that do free quotes. They are the pros, they might see something you might miss.

  • If the police bug your car, do they still own the bug, or have they abandoned the property? Anyone know any precedent for that one?

    • > Anyone know any precedent for that one?

      eh, any precedent would be country-specific anyway. and he ain't tellin' which country, for obvious reasons.

      • eh, any precedent would be country-specific anyway. and he ain't tellin' which country, for obvious reasons.

        Obvious reasons? Like 'cause then it limits down his identity to one of a few million people?

        Anyway, pick a country, doesn't matter if it's his or not. I'd be interested in hearing about it, because it's a strange legal situation.

        • Re:Whose property is it? (Score:1, Funny)

          by Anonymous Coward
          eh, any precedent would be country-specific anyway. and he ain't tellin' which country, for obvious reasons.

          Obvious reasons? Like 'cause then it limits down his identity to one of a few million people?

          Um, I would hope that there aren't that many countries that are targeting "a few million people". Or heck, even targeting enough people so that they and each of a dozen of their closest friends adds up to "a few million people".

  • A better idea (Score:5, Funny)

    by crstophr ( 529410 ) on Tuesday March 15, 2005 @07:50PM (#11948379) Homepage
    Forget reading the data.

    Format the whole thing with fat32
    Fill the entire drive with gay porn.

    Reinstall in car.

  • Investigate the audio chip first (Score:5, Insightful)

    by DavidYaw ( 447706 ) on Tuesday March 15, 2005 @07:53PM (#11948409) Homepage
    Assuming the audio chip has a part number on it, try to get the datasheet from the manufacturer. See what format data it outputs, and perhaps the data on the hard drive is raw output from the audio chip. (If the audio chip's native format is 12 bit, 8k samples/sec, then that might be what's on the HD. If the audio chip supports some sort of audio compression, etc...)

    A reasonable first step would be to try to take the entire contents of the drive and send it out your sound card... (dd /dev/hdb /dev/audio or something like that (I'm not a Linux guy)). If the HD was used just to dump raw wave data to, you'll hear something (possibly squeaky voices if it's the wrong format, but you'll be able to tell there's something there). Even if there's a filesystem of some sort that you can't interpret, that would just be noise at the beginning of the playback, before it got to the real audio.

    If it really is encrypted, then you'd have to do some sort of cryptanalysis, and I have no idea how to even begin cryptanalysis on audio data. At that point, I say open the HD up and scrape the platters until they're shiny silver instead of shiny brown.

  • Things to try (Score:5, Interesting)

    by Requiem Aristos ( 152789 ) on Tuesday March 15, 2005 @08:04PM (#11948533)
    First, if you encounter something like this in the future, don't try to boot from it. (It's always possible there could be code to detect an unauthorized machine and start deleting itself.)

    Next, as another poster suggested, use dd to get a copy of the disk. Make a few copies while you're at it, and write them to DVDs, DLTs, or some other media.

    Finally, do the processing. Here are some ideas:
    Write all zeros to the drive, then put it back in the car. Drive around for set intervals of time (100 minutes, 200 minutes, etc.) then pull the data from the drive to see how much was filled up. (Hint: it's from the start of the drive to where the long string of zeros starts.) Try it with minimal noise, try it with talking, and try it with music.

    Run 'file' or 'strings' on the image. Try catting it to your sound device. Plot the data in both 2D and 3D and look for any patterns. (Encrypted data shouldn't have any.)

    • Re:Things to try (Score:1, Informative)

      by Anonymous Coward
      Plot the data in both 2D and 3D and look for any patterns. (Encrypted data shouldn't have any.)
      Plot what vs. what (vs. what)? As for randomness, well-compressed data won't have any patterns either!
      • data vs. position, I would think.

      • Plot the data and look for patterns, yes. (Score:4, Interesting)

        by Myself ( 57572 ) on Wednesday March 16, 2005 @05:36AM (#11951603) Journal
        Parent has it right. The Advanced Hex Editor (AXE) [jbrowse.com] has this functionality. Lots of fun when looking at uncompressed graphic formats like icons stored in executables. :)

        Grab a few megs from the start of the disk and use sox, the sond exchange [sourceforge.net] to tack audio headers onto it, and try various codec conversions, endian swaps, etc.

        There's every chance that the audio chip was interfaced to the drive very simply, as you theorized, without a filesystem. I'm aware of a product which lets you access an ATA device via RS232, it's called the StampDrive [star.net]. As far as I can tell, it's a PICmicro that's been taught a basic subset of the ATA spec, and it acts as a storage broker for any device that can speak async serial.

        People who build their own dataloggers have lots of experience with this sort of dirt-cheap interfacing. Your audio bug is, after all, just a specialized datalogger. A few minutes with a search engine should find plenty of info on the subject.

        Post back with any success stories. :)
    • yes... except for the fact that the poster actually states that the recording device was taken apart inexpertly. So I don't think it's possible to reinsert the drive and get an operational configuration.

  • Exact same thing happened to me. (Score:4, Informative)

    by Perdo ( 151843 ) on Tuesday March 15, 2005 @08:32PM (#11948804) Homepage Journal
    And unless you want to be charged as an accessory after the fact or evidence tampering, you will get far, far away from that woman, even if the sex is good.

    No, really.
  • you only want to know how long, you say? easy. just look for the stamp or sticker that gives the date of insta ... oh, wait, you said you were outside the US? nevermind then....
  • Check for UFS variants (UFS, FFS, UFS2). Pico and NanoBSD are popular choices for really small single-purpose devices.

  • Personally I would physically destroy it. As in place it in a crucible and turn it into a sculpture of something else.

    The FBI can read disks after being erased 7 times. (Or so they have admitted. Technology has changed since then so I don't know what the current abilities are) SRM (secure rm, google it) might be able to do something, but when the police are after me I wouldn't trust it.

    Note when I say destroy it, I don't mean you do it. I mean she should do this. You don't want to be charged with

    • A) How in the hell can they read zeroes? Perhaps if you *deleted* the data (i.e. on an OS level) they can read it, but I doubt that if you filled the drive with zeros they could do anything.

      B) Assuming they can, destroy it in some other way.

      • When you change a bit on a hard drive, the head never passes over the same spot exactly. The edges of the physical bit can be examined and used to reconstruct the last value(s). Which is why you can't just write all 0s or 1s, you have to use several semi-random patterns.
      • Basically, it comes down to knowing how the drive stores data. The whole: "magnetically aligns modecules of the platter" thing. Then there is the read: "general magnetic field in this general area of the platter".

        When you overwrite data, it flips the majority of the molecules, but not all of them. If you read the drive at a higher resolution then the drie head uses, you can determine the sectors and also what may have been previously written due to statistical analysis of the ratios of orientations.

        I coul
      • Duh! [sourceforge.net]. 7 /dev/zero writes is nothing.
      • Simplistically: When you write a zero over a one, the value doesn't change to 0, but something like 0.1. When you write a 1 over a zero, the value doesn't change to a 1, but something like 0.9.

        Thus using special hardware, they could technically recover not only data written previously... but data written onto the disk many times before that.
    • There's a difference between "erased seven times" (or "written all zeros seven times") and "written with random data seven times" which would tend to make things a good bit harder to read.

      If you apply a consistent effect (say, erasing) to a magnetic disk, the patterns that were there before might still be distinguishable with the proper technology. If the effect is randomized, this becomes much harder.

      Writing random data 7 times on a 20GB drive should be a pretty easy process, and not even too time-c

  • Is it really audio? (Score:3, Insightful)

    by Jah-Wren Ryel ( 80510 ) on Tuesday March 15, 2005 @11:46PM (#11950302)
    Are you sure it was really used to record audio? I would think they would want to hear what people say when the car is turned off too. Just running the chip 100% of the time and only recording to disk when there is actual audio would make sense and should be a low enough power draw to avoid draining the car battery if she drives it more than once a week.

    Maybe it is some sort of location/gps recorder. The car should not move when turned off, so wiring it to the ignition/accessories circuits makes more sense and the "microphone(s)" were actually gps antennae. Plus, maybe the name on the chip is really "Topo Int" as in short for "topographic intelligence."

    I want to know more about how she discovered it. Where was it exactly and what made her decide to look in the first place?
    • Assuming they don't want to get caught by /. reading police, he shouldn't say how she found it, or it would give the police another search string to google with and find this story, and then track down the people interfering with their bugging.

  • Some ideas. (Score:5, Interesting)

    by CyberVenom ( 697959 ) on Tuesday March 15, 2005 @11:47PM (#11950313)
    Well, considering you posted to Slashdot, I would assume that either you don't care if the authorities find out that their "bug" has been reappropriated, or perhaps you wish to blatenly rub that fact in their face? If your friend can be reasnoably certain that the bug did not capture any sensitive conversation (which I might guess is the case by her willingness to trust you with the drive rather than destrying it outright), then why not post a torrent? I'm sure plenty of amatuer and moonlight crypanalysists, file-system and audio engineers would love to check that data out. You can use "cat /dev/hdb | gzip > /image.gz" to pull the image off the drive, compress it, and dump it into a file which you could then release to the public.

    Most filesystems store data at the lowest level in a more-or-less raw format on the disk for performance reasons. (on-the-fly compression or encryption is CPU intensive) Even something like ReiserFS would have chunks of recognizable (though perhaps out-of-order) raw audio file visible on the drive. Try feeding the output to your sound card. A good way to do this would be with "SoX" (Sound eXchange, an audio conversion tool for linux... "apt-get install sox"). SoX comes with "play" a command which basically just sends data to the sound card, and for raw data allows you to specify what format (8 bit or 16 bit? 22khz or 48khz?) it should play the audio at. Also if you suspect something other than 8 or 16 bit, try bitshifting the sample a couple times so that the first sample begins on a byte boundry.

    Another useful tool is called "ent", which applies a number of entropy tests to a sample. True raw audio data should have only some entropy. Blank filesystem structure should have almost no entropy. Encrypted or very highly compressed data will appear to be almost entirely entropy. ("apt-get install ent" on Debian or Knoppix)

    You could anylise the drive in chunks to see how much is filled with medium entropy (uncompressed audio), how much is high entropy (encrypted or compressed data) and how much has almost no entropy (empty space), and using this statistic in conjunction with any info you can find on the sample rate and number of bits from the chip, calculate how much audio is stored on the drive, and thus how long it has been installed.

    I've seen that "line-drawing" before. It is probably just your BIOS telling you it can't find a boot sector on the drive. (which isn't terribly supprising) But if the people who made the device were particularily nefarious, it could be a fake splash screen which only *looks* like your BIOS, at which you must enter the secret code to proceed into the true playback application. (But that's almost too far-fetched to be a possibility. almost...) If you really wanted to eliminate that possablity, you would use hexedit (apt-get install hexedit) to look at the first sector for the magic number. it should be at the end of the sector (offset of 512k minus 4 I think), but I can't remember off the top of my head what the magic number is supposed to be for bootable i386 media. If the magic number is not there, that splash screen is just your BIOS. (Also a good way to check for stealth-boot-sector viruses. >:-} )

    Anyway, good luck, and I hope you have firm legal ground to stand on where you are. Be careful. Angry Feds are not a pleasant thing.
    • I've seen that line drawing before as well. It's either an IBM machine or it's one of those Compaq computers that stored part of the BIOS on a "special" partition on the hard drive complaining about the right hard drive not being connected.

  • Lo-Jack (Score:1, Funny)

    by Anonymous Coward
    LOL, she just tore out her dealer-installed Lo-Jack system. I'd hate to be her at the end of her lease term....
  • You may effectively disabled a factory-installed diagnostic set that was installed in every N car by its automotive engineering team.

    When the dealer gets the flag based on your VIN, then he proceeds to replace it.

  • Failed due process on Computing Forensic (Score:4, Interesting)

    by Dark Coder ( 66759 ) on Wednesday March 16, 2005 @12:41AM (#11950577)

    Never power up a suspected drive. Always treat it as a computing forensic evidence and process it accordingly.

    Boot partition checkout (try all 18 of them). If that fails, entropy is the first stage of resolution.

    Partition identification will take you a long way.

    Only google on Topoint is in mainland China,
    Check out http://www.topoint.com.cn/
  • ...if they had gone to the trouble to bug the ride, that the crib and the phone, etc would be bugged as well?

    You might want to be looking more places than those small platters right now....

  • Get a lawyer. (Score:3, Insightful)

    by rjh ( 40933 ) <rjh@sixdemonbag.org> on Wednesday March 16, 2005 @01:52AM (#11950927)
    Get a lawyer.

    No, no, not later. Not in a couple of days. Close your browser window right now and go talk to a lawyer before you wind up spending five-to-ten in Federal pound-me-in-the-ass prison.

    What are you, mental?

    Do you have any idea how few eavesdropping devices are planted each year? Do you have any idea how much legal rigamarole law-enforcement has to do to actually do a B&E and plant bugs? We already know law-enforcement cares enough about the situation to do God knows how much paperwork: do you think they'll just say "oh, good catch, you got us, don't worry, you can go free"?

    And then, to make matters worse, you post on Slashdot where you acknowledge that you know the material is evidence in an ongoing investigation and ask for help in tampering with it?

    Let me say this one more time: you are not 1337. You are not too cool for school. You are not immune to prosecution.

    At some point they're going to want that information. They're going to discover that it's been removed from the car. At that point, they know they don't need to be subtle--someone already knows they were bugging. So they're going to haul in your friend and point out just how long five years in a Federal penitentiary is, and they're going to ask her--probably her, directly, since if she's anything like you she's dumb enough not to want a lawyer present--what she did with it. If she cooperates, they'll play nice. If she doesn't, well... hey. One more conviction in the old win-loss book is always a good thing.

    And then they're going to come after you. And when they get to you, you're not going to have anyone you can rat out on. You're going to be left holding the Fuck-Me-Harder bag.

    Get a lawyer right now. Not later. Not in an hour. RIGHT. NOW.

    And grow up, while you're at it.
    • *mutter*

      "Federal penitentiary"
      THEY'RE NOT IN THE US!

    • Get a lawyer. (Score:2, Informative)


      by rjh (40933) on
      Wednesday March 16, @12:52AM (#11950927)


      Somehow I don't think "right now" is really a suitable option...
    • Did you even read the post? From the post:
      We're not in the US and are more interested in human rights than terrorism.
      Yet you say:
      five years in a Federal penitentiary
      -Kurt

    • You're the worst type of citizen: you find something unknown and unlabelled on your property, and you assume your own lack of rights and the need to pay money to consult legal advice. What kind of society does that build?

      Honestly, you find something in your house, in/on your property, etc, and it is unlabelled, unmarked -- there's absolutely no reason to assume, or defer, to the fact that it may be official.

      What the poster should do is not tamper with it: simply take it off, and store it somewhere (prefer
  • 'from the discrete-audio-data-storage dept.'. Have they looked up 'discrete' [google.com]? Perhaps they are looking for 'discreet' [google.com]? This flagrant and execrable cacology is offensive to the verbivorous or well-educated Slashdotters. And I see this cacography everywhere!

    Billy

  • OK, we've had lots of clever answers about what can be done with this hard drive but so far I haven't seen the most important question being asked. So I'll ask if for you.

    WHY WAS YOUR FRIEND BEING BUGGED?

    Getting something done like this is not easy and whoever planted the listening device in your friends car went to a load of trouble just to hear her conversations. Government authorities do not bug people just for fun, so what is it that your friend has done to make the Feds (or whoever they are) notice h

  • Play the contents of the disk as raw data... (Score:3, Interesting)

    by dpbsmith ( 263124 ) on Wednesday March 16, 2005 @01:09PM (#11954555) Homepage
    using plausible guesses for data rate and integer width.

    The ear and brain are very good at hearing patterns and extracting information.

    In the days of analog "scrambling" it turned out that it was extremely difficult to scramble speech in such a way as to make it unrecognizable; all sorts of plausible-sounding signal transformations could be interpreted by ear with practice.

    It's worth a try. At the beginning, don't spend a lot of time trying to figure out whether you're decoding it properly. Just do _something_ that will get data off the disk and into a speaker _quickly_ and listen to samples.

Slashdot Top Deals

"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight

Close