New Forensics Tool Can Expose All Your Online Activity
New Scientist (09/07/11) Jamie Condliffe
Software developed by researchers from Stanford University can be used to bypass the encryption on a personal computer's hard drive to find what Web sites a user has visited and whether any data has been stored in the cloud. The team launched the Windows-based open source software, Offline Windows Analysis and Data Extraction (OWADE), at the Black Hat 2011 security conference. Most sensitive data on a hard drive, including browsing history, site logins, and passwords, uses an algorithm to generate an encryption key based on the standard Windows login. Elie Bursztein and colleagues discovered how to decrypt the files a year ago. OWADE combines their knowledge of how this system works with existing data-extraction techniques into a single forensics package. "We've built a tool that can reconstruct where the user has been online, and what identity they used," Bursztein says. Law enforcement would be able to use the tool to track sex offenders, but people who want to remain anonymous could potentially exploit the software and develop new ways of avoiding being caught.
New Scientist (09/07/11) Jamie Condliffe
Software developed by researchers from Stanford University can be used to bypass the encryption on a personal computer's hard drive to find what Web sites a user has visited and whether any data has been stored in the cloud. The team launched the Windows-based open source software, Offline Windows Analysis and Data Extraction (OWADE), at the Black Hat 2011 security conference. Most sensitive data on a hard drive, including browsing history, site logins, and passwords, uses an algorithm to generate an encryption key based on the standard Windows login. Elie Bursztein and colleagues discovered how to decrypt the files a year ago. OWADE combines their knowledge of how this system works with existing data-extraction techniques into a single forensics package. "We've built a tool that can reconstruct where the user has been online, and what identity they used," Bursztein says. Law enforcement would be able to use the tool to track sex offenders, but people who want to remain anonymous could potentially exploit the software and develop new ways of avoiding being caught.
No comments:
Post a Comment