a ?? for LEOs: Is that normal?

granfire

granfire

Sr. Grandmaster
Joined
Dec 8, 2007
Messages
16,065
Reaction score
1,669
Location
In Pain
Not to go into too many details, since it's all very fresh and on a somewhat personal level:

Family loses small child to unexplained death. so far so bad, the official channels go through all the moves, making sure it was not foul play (thank you Nancy Grace)

Mother's personal computer is taken...

When she gets it back it's full of cooties, suspected keyloggers...

Is that what one has to expect when the law looks at your stuff/
 
granfire said:
Not to go into too many details, since it's all very fresh and on a somewhat personal level:

Family loses small child to unexplained death. so far so bad, the official channels go through all the moves, making sure it was not foul play (thank you Nancy Grace)

Mother's personal computer is taken...

When she gets it back it's full of cooties, suspected keyloggers...

Is that what one has to expect when the law looks at your stuff/
Click to expand...

Im assuming that she ran a scan after getting it back to see if the POlice are snooping on her? And she finds "something". Im thinking someone is paranoid. How does she know that they were not there before?

In answer to your question..no. Not without a wiretap authorization and if they did have THAT I doubt she would have been able to find anything on her comp. Without a valid tap nothing gained could be used. Personally, I've never seen a "keylogger wiretap"...not that they don't exist, it's just outside my experience.
 
If a computer forensic was ran on it, I suppose it's possible that there is some trace of the software used to search it on the drive somewhere...maybe.....
 
Not a LEO, I have never heard of a keylogger used for CALEA purposes. It sounds more to me as if the system wasn't clean when the police investigated, and when it was returned the user either ran a complete system scan, or hit upon 'fake virus scanner' malware. All it takes is one click on the wrong link to hose up a system.

Can't see key loggers as being that interesting to LE. Key loggers do not store context, they just store keystrokes. Lets say the keylogger captures the word "murder". Why were they typing "murder"? Figure of speech? Movie review? Writing a book? Searching for a news story? Hard for data like that to be evidenciary.

On the other hand, a google search for "how to murder a small child" is likely more useful.
 
Being that I work on computers daily at my day job...if I were you I would just reformat my computer anyways. If anyone had my computer in a situation like that...I would also change the hard drive and the Ram as well.
 
Sensei Payne said:
Being that I work on computers daily at my day job...if I were you I would just reformat my computer anyways. If anyone had my computer in a situation like that...I would also change the hard drive and the Ram as well.
Click to expand...


The RAM?
Never thought of that.
(thankfully it's not me. I just kill computers outright)
 
The LEOs would not work on the computer anyway. They would take forensic copies of the hard drive and let the analysis tools work on the copies. Tey would never take the chance of anything happening with thte orifginal drive if it ever was needed as evidence.

The RAM?? seriously??? you are paranoid.
 
Carol said:
Not a LEO, I have never heard of a keylogger used for CALEA purposes. It sounds more to me as if the system wasn't clean when the police investigated, and when it was returned the user either ran a complete system scan, or hit upon 'fake virus scanner' malware. All it takes is one click on the wrong link to hose up a system.

Can't see key loggers as being that interesting to LE. Key loggers do not store context, they just store keystrokes. Lets say the keylogger captures the word "murder". Why were they typing "murder"? Figure of speech? Movie review? Writing a book? Searching for a news story? Hard for data like that to be evidenciary.

On the other hand, a google search for "how to murder a small child" is likely more useful.
Click to expand...

well, there are some nasties out there that also take screen shots...really nasty crap!

(also, after the Rental Place being found out to be able to do that and take pictures with the build in webcams....nothing really surprises me anymore in terms of deviousness)
 
CanuckMA said:
The LEOs would not work on the computer anyway. They would take forensic copies of the hard drive and let the analysis tools work on the copies. Tey would never take the chance of anything happening with thte orifginal drive if it ever was needed as evidence.

The RAM?? seriously??? you are paranoid.
Click to expand...


just to be sure...you never know.
 
Carol said:
Not a LEO, I have never heard of a keylogger used for CALEA purposes. It sounds more to me as if the system wasn't clean when the police investigated, and when it was returned the user either ran a complete system scan, or hit upon 'fake virus scanner' malware. All it takes is one click on the wrong link to hose up a system.

Can't see key loggers as being that interesting to LE. Key loggers do not store context, they just store keystrokes. Lets say the keylogger captures the word "murder". Why were they typing "murder"? Figure of speech? Movie review? Writing a book? Searching for a news story? Hard for data like that to be evidenciary.

On the other hand, a google search for "how to murder a small child" is likely more useful.
Click to expand...
This would be my guess, as well. It's kind of like blaming the doctor for finding cancer at a check-up. The doc didn't make you sick; he simply discovered it.

If there's a concern, your friend can contact the police department, and should be able to get an explanation of what was done.
 
CanuckMA said:
The RAM?? seriously??? you are paranoid.
Click to expand...

No, he's not. If there is any concern, that is an important change to make. Working with computers on a daily basis myself and having played the role of a black hat and white hat on multiple occasions as part of my job for several years, I firmly agree with Canuck's prescription, I likely would do the same.

That said, another, just as likely possibility, the LEO's connected that system to a network and the LEO's network itself is infected and this computer got infected by extension.
 
Ping898 said:
No, he's not. If there is any concern, that is an important change to make. Working with computers on a daily basis myself and having played the role of a black hat and white hat on multiple occasions as part of my job for several years, I firmly agree with Canuck's prescription, I likely would do the same.

That said, another, just as likely possibility, the LEO's connected that system to a network and the LEO's network itself is infected and this computer got infected by extension.
Click to expand...


So you would change the RAM or not?
(I did get a wee bit confused, then again it does not take much...)
 
Seeing as RAM is volatile memory that requires current for it to maintain information, I would not. In 30 years in IT, I've never seen data in RAM survive a power down.
 
I hear it's not unusual to get computers back months or years later, disassembled into many small pieces. Be glad it's still functional.
 
granfire said:
So you would change the RAM or not?
(I did get a wee bit confused, then again it does not take much...)
Click to expand...
I was confusing my posters....I would replace the RAM. Though it is unlikely and rare, there are attacks that can be perpetrated against powered down computer RAM. It is so cheap these days...if you are concerned about what happened to your computer, why take the chance. Besides, this may very well have been a laptop or something that was really just put to sleep, not totally powered down.
 
You must log in or register to reply here.

“Perfect Storm” May Clobber Global Economy

Previous Thread

Victor davis Hanson, America viewed from overseas

Next Thread

Similar threads

G
Sushi lovers, is this normal?
Replies
11
Views
907
fireman00
F
M
Starbucks Sued For Wrongful Death
Replies
15
Views
2K
MJS
M
tellner
  • Locked
LEO abuse of authority?
2 3 4
Replies
74
Views
7K
Kreth
Kreth
shesulsa
Sucking up to 'Normal'
Replies
8
Views
831
shesulsa
shesulsa
bydand
Mommy Sleeping
2
Replies
20
Views
3K
Ceicei
Ceicei

Latest Discussions

Back
Top