Digital Forensics/Network Forenesics

I attended a meeting of the British Computer Society local branch in Aberdeen last evening. It was a well attended event with a speaker (Russell May) from a company from Pasadena. The company in question specialises in the production of Foresenic software for computers. This particular talk by Russell May concerned performing forensic investigations on a computer via the network. He described how it is possible to install a Servlet on the computer which communicates with a secure server and has the ability to send back information about the contents of the hard disc (including hidden files) and also the processes that the computer is running.

This is the ultimate in ‘Big Brother’ terms as it is now possible to perform forensic investigations without having physical access to the computer. Another point was made, it is possible using this technique to examine the content of encrypted disc volumes. This is because the computer is operational and the decryption keys are all available to the servlet process.

This is not likely to find its way on to domestic PC – but it does make you think! Supposing it did then there is nothing that we can consider to be private in the digital world.

A search on Google provides access quite a bit if information on this topic.