在新的USB中重复使用智能手机存储芯片不仅会给计算机取证带来风险

2017年9月7日,星期四 通过 迈克尔·尼西奇

晒黑 三月份的国际计算机取证会议 今年的专家和执法合作者透露,研究人员试图通过分析USB记忆棒中的数据来获得无罪或有罪的有效证明,这是一个严峻的挑战。都 马丁·韦斯特曼, digital forensics and storage media expert as well as Aya Fukami from the National Police Agency Japan have found evidence that in some cases old data from former computer users can be found on 全新的 USB sticks.

就在一年前– in autumn of 2016 –瑞典的计算机用户发现了一个令人难以置信的发现:当他将女儿的USB闪存盘插入笔记本电脑时,除了她的婚礼照片外,他还发现了一张驱动程序的照片。´的智利个人执照。这真是一个很大的惊喜,因为女儿从未与这个男人接触过,并且USB随身碟被卖给了她。“brand new”。对此消息感到震惊的是,韦斯特曼对此问题进行了研究,发现标准eMMC存储芯片发生这种情况的频率比人们想象的要高。

这些专家认为,这对计算机法证专家构成了严重的问题。他们不能一眼就能确定他们在USB记忆棒或USB设备上找到的数据确实仅来自参与犯罪或法律调查的当前用户。因此,将来必须进行更深入的分析,以提供可靠的证据证明所发现的数据确实来自最后一个计算机用户。到目前为止,证明链如下所示:如果犯罪内容–例如色情图片或其他内容-在棍子上被发现,这足以展开调查并用于定罪。

现在–韦斯曼和深见的发现–需要做更多的工作:如果您不确定数据来自当前用户和控制棒的所有者,则必须揭示数据的整个历史记录。为此,文件的元数据–文件或图片–已检查。另外,必须读取内置存储芯片的序列号。通过该编号和相应的设备ID编号,可以识别智能手机的前所有者。 然后,调查人员必须检查犯罪内容是来自当前用户还是旧的智能手机所有者。可以看到,此过程非常耗时,但仍可以收集可靠的证据。

但是对普通计算机用户来说,牛肉是什么呢?

So what is the best solution to this problem for an ordinary consumer? The best way to cope with it is to buy not the cheapest USB stick available, but to purchase a product from a well-known brand and producer. Therefore buying loads of cheap USB sticks from a Chinese web shop might not be a good idea, since you might not only find old data from unknown people on your 全新的 stick, but they might also contain viruses as well.

Additionally these cases show the importance to every computer user to be extremely cautions to their own data on old smartphones. There are lots of acquirers of old computer equipment or smartphones in the internet or in shops, who will give some – but not lots of - money for smartphones in large quantities. Exactly these build-in memory chips will then be reused for producing cheap “brand new” USB sticks. Therefore it is essential to securely delete all your personal data from smartphones or any other external flash device before selling them or giving them away. Since flash drives are different to magnetic based storage devices, they cannot be securely and fully deleted with common erasure software. Only special software like Blancco Mobile Device Eraser (//www.blancco.com/products/mobile-device-eraser/), which can also delete data on parts of the chip, which are normally not accessible to the common computer user, should be used. Otherwise data recovery experts like the ones from Kroll 步入正轨, will be able to recover data - if necessary – which is still not properly erased from the old smartphone memory chip.

载入更多评论
谢谢你的意见!您的评论必须先获得批准


新密码