Post by Shadow on Jan 25, 2006 20:12:32 GMT -5
CNET
By Robert Vamosi
Senior editor, CNET Reviews
January 20, 2006
Back 2001 and 2002, in the southeast corner of London, a gang of thieves defrauded dealers of Jaguars, Mercedes, and BMWs by hijacking someone else's identity and using that information to make loan-free car purchases. In the end, it was the presence of several high-end cars parked in a relatively poor neighborhood that led authorities to raid one of the addresses there. The incriminating evidence they found at the scene? An iPod crammed with stolen identities and contact information of criminal associates.
iPod gets bigger, more ubiquitous
The Apple iPod is a great music player and a passable video device, but at its core, it's a multiplatform (Mac, Windows, and, yes, even Linux OS) flash or hard drive with the capacity of up to 60GB that you can slip into your shirt pocket. I have a 40GB hard drive on a notebook at my desk, and I'm nowhere near filling that. In other words, with an iPod, I can take the maxed-out contents of my notebook, plus an additional 20GB of data anywhere I go.
Which gets us back to the above-mentioned crime: iPods have not only grown in capacity but in functionality as well; they include rudimentary contact management features, plus the ability to store data files of any kind. For example, members of the London gang were able to use their iPods to download and save copies of other people's bank statements, credit statements, and driver's licenses, as well as coordinate appointments at dealerships, and do so in plain sight of everyone. But before you think Apple has created the perfect socially acceptable, high-data volume criminal accessory, think again.
The iPod, soon to be seen on CSI?
Turns out Apple did some clever things within the iPod that should indirectly help criminal investigators and discourage would-be criminals. I found this PDF-formated forensic document examining the iPod's file structure. (The document predates the iPod Shuffle and the iPod Nano, both of which use flash memory instead of a hard drive, and the following discussion refers only to the hard drive versions, not the flash-based models.) The authors, Christopher Marisco and Marcus K. Rogers, from Purdue University, point out that unlike PDAs, which have to remain charged or lose their data, iPods can remain in storage for a long time; that's good if a trial takes several years to commence, because the data will last. But more importantly, the authors found that deleted data on the iPod tends to last a long time, as well.
On a typical Windows drive, deleted files aren't really deleted, they are taken out of the master boot record, but the files themselves remain on the hard drive. The deleted files aren't accessible by users, but the space used can be and often is overwritten by new files. This can cause uneven wear on the drives. iPods are similar, in that deleted files aren't strictly erased, just marked as such. But Apple made it so that the tiny iPods write to the drive until the disk's real estate is used before rewriting space that holds files that are marked as deleted. For a criminal investigator, that's a boon: old data is less likely to be overwritten. If you did commit a crime, just deleting the evidence isn't going to help.
By Robert Vamosi
Senior editor, CNET Reviews
January 20, 2006
Back 2001 and 2002, in the southeast corner of London, a gang of thieves defrauded dealers of Jaguars, Mercedes, and BMWs by hijacking someone else's identity and using that information to make loan-free car purchases. In the end, it was the presence of several high-end cars parked in a relatively poor neighborhood that led authorities to raid one of the addresses there. The incriminating evidence they found at the scene? An iPod crammed with stolen identities and contact information of criminal associates.
iPod gets bigger, more ubiquitous
The Apple iPod is a great music player and a passable video device, but at its core, it's a multiplatform (Mac, Windows, and, yes, even Linux OS) flash or hard drive with the capacity of up to 60GB that you can slip into your shirt pocket. I have a 40GB hard drive on a notebook at my desk, and I'm nowhere near filling that. In other words, with an iPod, I can take the maxed-out contents of my notebook, plus an additional 20GB of data anywhere I go.
Which gets us back to the above-mentioned crime: iPods have not only grown in capacity but in functionality as well; they include rudimentary contact management features, plus the ability to store data files of any kind. For example, members of the London gang were able to use their iPods to download and save copies of other people's bank statements, credit statements, and driver's licenses, as well as coordinate appointments at dealerships, and do so in plain sight of everyone. But before you think Apple has created the perfect socially acceptable, high-data volume criminal accessory, think again.
The iPod, soon to be seen on CSI?
Turns out Apple did some clever things within the iPod that should indirectly help criminal investigators and discourage would-be criminals. I found this PDF-formated forensic document examining the iPod's file structure. (The document predates the iPod Shuffle and the iPod Nano, both of which use flash memory instead of a hard drive, and the following discussion refers only to the hard drive versions, not the flash-based models.) The authors, Christopher Marisco and Marcus K. Rogers, from Purdue University, point out that unlike PDAs, which have to remain charged or lose their data, iPods can remain in storage for a long time; that's good if a trial takes several years to commence, because the data will last. But more importantly, the authors found that deleted data on the iPod tends to last a long time, as well.
On a typical Windows drive, deleted files aren't really deleted, they are taken out of the master boot record, but the files themselves remain on the hard drive. The deleted files aren't accessible by users, but the space used can be and often is overwritten by new files. This can cause uneven wear on the drives. iPods are similar, in that deleted files aren't strictly erased, just marked as such. But Apple made it so that the tiny iPods write to the drive until the disk's real estate is used before rewriting space that holds files that are marked as deleted. For a criminal investigator, that's a boon: old data is less likely to be overwritten. If you did commit a crime, just deleting the evidence isn't going to help.