NORMAN — I am sometimes asked to perform basic computer forensic analysis for customers who want to know if their computers have been used for “illicit” purposes. The results can be revealing, if not downright disturbing.
One customer, the owner of a popular hairdressing salon, needed to know if her employees had recently used a company computer to visit pornographic websites while she was out of the office. Another client, an attorney, wanted to know if a certain machine had been used to download pornography that could have possibly been viewed by children using this “family” computer.
The first job was relatively simple. Even though you can delete the temporary “cache” files of an Internet browser, a history of visited websites is still sometimes retained in a hard-to-remove “.dat” file. A little special processing and fiddling about, and, voila, I had a list of recently accessed websites. Indeed, many were porno websites.
The second job was a bit more difficult, as someone had tried to cover their tracks. There were no clues in any of the normal places. At the very least, someone had “deleted” files and then emptied the “recycle bin.” I was also told that the computers hard drive might have been reformatted in an attempt to “erase” files.
Again, after employing some special and unusual measures, I recovered thousands of hard-core porn pictures from what appeared on the surface to be a “clean” computer. Someone was in big trouble.
Keep privacy in mind before you sell or give away your old computer. A study done by students at MIT, examining 158 used hard drives purchased on eBay, found that 74 percent of the drives contained readable data, even though 36 percent of the drives had been reformatted.
Discovered were emails, medical records, financial data and 3,722 credit card numbers, not including one hard drive that came from an ATM that contained bank account numbers and 2,868 credit card numbers.