You are here: Home / Archives for child pornography

Pixel Porn – How an IP address led to an international child-porn investigation | MontereyCountyWeekly.com

September 15, 2011 By Leave a Comment

Monterey County Sheriff’s Office Investigative Sgt. Terry Keiser remembers when child pornography investigations relied on eight-track tapes and paper trails. “We were working through the Postal Service to hand-deliver evidence,” the 42-year veteran investigator recalls.

Today, global file-sharing and instant access to online information and images makes pornography ever more accessible. In 2008, Internet Watch Foundation, an international nonprofit monitoring agency, tracked over 1,500 unique child pornography domains.

A new breed of investigators now follows a trail of digital bread crumbs to catch perpetrators, including Pacific Grove couple Jason Wright, 40, and Rampueng Kaeorawang, 41, who were arrested at their home Aug. 29 for possessing and manufacturing child porn.

The FBI initiated the investigation of Wright in Nov. 2010, according to Pacific Grove Police Department Cmdr. John Nyunt. A posting by Wright on an Internet bulletin board where child porn collectors and manufacturers trade information led investigators to a specific IP address. The source: a computer at Wright’s workplace in P.G.

After obtaining the computer’s hard drive, investigators retrieved thousands of deleted images containing child pornography, some of which had been shared online. On May 12, the FBI arrested Wright at his home for the interstate commerce and receipt of child pornography. He was released on $100,000 bail, and the feds sent his home computer’s hard drive to a digital data analysis lab in Santa Clara.

via Pixel Porn | MontereyCountyWeekly.com.

Filed Under: Tech Bytes Tagged With: , , , ,

Removing Common Files in E-Discovery Processing: De-NISTing Explained | GTR News

June 3, 2010 By Leave a Comment

Reducing the number of documents to review during an e-discovery project is a high priority for both attorneys and their clients. One commonly used technique is to remove files from a document set that are known to belong to certain software programs. This process is called “Known File Filtering” and is often referred to as “de-NISTing” since it uses a list of file hashes created by the National Institute of Standards and Technology (NIST).

The “NIST” list is actually a database called the National Software Reference Library (NSRL). This list contains information about software, including “hash” values which uniquely identify the data within a file, regardless of its name, date of creation or location. If two files contain identical data they will also have identical hash values.

The NSRL database represents a collection of categorized file information for software of all kinds. It organizes programs into groups, such as word processing software, system files, gaming programs, etc. This is different than several earlier file collections of common computer file information (like HashKeeper), the NSRL does not make a distinction between “good” and “bad” files and does not contain lists of contraband data, such as child pornography.

One of the key features of the NSRL is that anyone can submit software for review and inclusion in the list which has helped keep the list up to date. In fact, many e-discovery and digital forensics software companies have included the NSRL in their products to assist with culling out irrelevant data in the early stages of investigation.

The NSRL currently contains approximately 53,000,000 file entries and a new list is released every month to address software updates and newly available programs.

Using a complete list and the most current version is a very important step to properly reduce the amount of data that must be reviewed, since some software is  not automatically updated and does not contain the complete list.

De-NISTing is a very helpful part of ESI processing but is not a “silver bullet” for reducing e-discovery document sets. There are certain files or programs in the list that may actually be relevant depending on the scope of a particular case. For example, remote access software programs have legitimate IT functions but can also be utilized for nefarious purposes. In situations where misuse of this type of program is suspected, it is critical to communicate this information to an e-discovery or digital forensics vendor to ensure that key information is not inadvertently excluded. Likewise, commercially available data wiping software (such as Evidence Eliminator or Disk Redactor) is certainly present in the NSRL but may be a pivotal part of an investigation involving data deletion.

via GTR Newspapers | Find Local Tulsa, Bixby, Broken Arrow, Jenks, Union, and Owasso News, Sports, and Entertainment:Removing Common Files in E-Discovery Processing: De-NISTing Explained.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

SmartCarving Technique Aces Data Recovery | InformationWeek

May 13, 2010 By Leave a Comment

Pity the digital forensic investigator: the quantity of data stored on PCs continues to increase at a mind-boggling pace, with the gigabytes of files, images and videos growing every month. As a result, investigations — into everything from intellectual property theft and fraud to child pornography and espionage — can become lengthy undertakings.

New “SmartCarving” techniques, however, are helping speed up the process and retrieve more data than previous methods. For example, SmartCarving can reconstruct approximately 99 percent of digital images stored on a hard drive or media card. That’s an improvement over the next-best technique, called file-carving, which retrieves about 85-90% of non-overwritten images.

The forensic issue has long been fragmentation. According to a study of 350 hard drives conducted by security researcher Simson Garfinkel, 6% of data on the average hard drive is fragmented, meaning it’s intact but stored non-contiguously. Furthermore, for files with forensic importance, actual fragmentation rates were much higher: 58% for PST (Outlook) files, 17% for Word documents, and 16% for JPEGs.

via SmartCarving Technique Aces Data Recovery — Security — InformationWeek.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Report: Russian gang linked to big Citibank hack

December 22, 2009 By Leave a Comment

U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report.

The security breach at the major U.S. bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, The Wall Street Journal said Tuesday, citing unnamed government sources. The Russian Business Network is a well-known group linked to malicious software, hacking, child pornography and spam. The Federal Bureau of Investigation is probing the case, the report said.

It was not known whether the money had been recovered and a Citibank representative said the company had not had any system breach or losses, according to the report.

via Report: Russian gang linked to big Citibank hack.

Filed Under: Tech Bytes Tagged With: , , , , , , , , , , ,