Archive for Sunday, July 06, 2008
PC ‘wipers’ not spot-free
Evidence Eliminator and similar software can kill out files and perform other tasks. But their use can raise red flags in a legal dispute.
When British software developers came up with a program that could wipe files from computer hard drives, they gave it a hard-core name: Evidence Eliminator.
It gets the point across, but can sure sound bad if a user gets hauled into court and is accused of illegally destroying documents.
That’s what happened in the high-stakes trial, now in federal court in Riverside, over who owns the rights to the hugely successful Bratz line of dolls.
Toy giant Mattel Inc. sued the far smaller MGA Entertainment Inc. to get a stake of Bratz because it claims the doll’s creator was in its employ when he came up with the concept.
The designer, Carter Bryant, has been accused by Mattel of using Evidence Eliminator on his laptop computer just two days before investigators were due to copy its hard drive.
Carter hasn’t denied that the program was run on his computer, but he said it wasn’t to destroy evidence. He said he had legitimate reasons to use the software.
Evidence Eliminator and similar programs on the market, such as Window Washer from Webroot Software Inc., perform consumer tasks other than killing content to foil investigators. For example, they can clean out temporary files created during the installation of programs. This can help make the computer run faster and more efficiently.
“They can clean up the computer detritus that builds up over time,” said Gary Kessler, a network security consultant and professor who teaches forensic science.
And Evidence Eliminator, as well as other programs including some that are free, can wipe out histories of Internet searches.
The company behind Evidence Eliminator – Robin Hood Software, based in London – refused to do an interview. But in an e-mail message, the program’s inventor, Andy Churchill – who referred to himself as “a 10-year veteran of the Internet adult-entertainment market” – said that if even the judge in the case “heard his own computer was to be investigated in a couple of days’ time, he’d be buying Evidence Eliminator.”
But it’s the software’s use to wipe out text files, e-mail and other content that makes Evidence Eliminator, Window Washer and other similar programs – sometimes called wipers – occasionally newsworthy.
The program’s recent notoriety provides a reminder that normal methods of deleting content from PCs – such as dragging it to the recycling bin on the desktop – only get rid of the electronic directory entry that acts as the address to the file.
Take away that address and the computer can’t, under normal circumstances, locate the content. It would be like searching for a house on an unfamiliar, unlit street in the dead of night.
“But the content does not actually go away,” said Kessler, who teaches at Champlain College in Burlington, Vt. “It becomes unallocated space on the hard drive.”
You might not be able to find it, but a skilled computer forensic expert could do so easily, without even having to take much of a break from “Grand Theft Auto.”
Unless one of two things happens.
The first is that the unallocated space is filled by new content. In that case, the old stuff is written over and becomes far more difficult to retrieve.
Because many people use only a small fraction of the available space on their hard drives, this overwriting doesn’t happen a lot.
The second is with the use of a wiper program. Among the several on the market, Evidence Eliminator is one of the most expensive at $150. Window Washer is $30, but it requires a two-step process in which programs are first trashed in the usual way, then the contents of the trash are wiped out.
“It would take a laboratory far more sophisticated than most of those in use to retrieve a file” killed by a wiper program, Kessler said. Extraordinary means usually are reserved for national security and other matters of major importance.
“There were folks who were able to get data off the melted hard drive in the Challenger space shuttle,” he said.
But the wiper programs don’t ensure a clean getaway. They leave behind a kind of digital calling card.
“Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint,” Kessler said. “Evidence Eliminator leaves one that’s different from Window Washer, and so on.”
It’s the kind of information that can be brought up in court. And if the digital calling card was left by Evidence Eliminator, it could raise some eyebrows, even if the wiper was used for the most innocent of reasons.
“It was a poor choice of names,” Kessler said. “I use Window Washer. It doesn’t sound as nefarious.”
Save/Share:
- First AME pastor's spending examined
- Time for Dad to die
- A cloud over India's Muslims
- Recipe: Turkey pot pie
- Systemic failure seen in India's response to attacks
- Consensus emerging on universal healthcare
- Muslims -- India's new 'untouchables'
- New tax rules add to anxiety for small businesses
- Gilberto Bosques SaldÃvar, the 'Mexican Schindler,' is honored by the Anti-Defamation League
- First AME pastor apologizes to congregation for alleged misspending
- Muslims -- India's new 'untouchables'
- Solace, for some, is set in stone
- Lakers don't need Kobe Bryant to dominate
- Government coffers feel drop in auto sales
- Hillary Clinton, Robert Gates on Obama national security team
- Man dead, girl wounded in South L.A. shooting
- Elephant exhibit underway at L.A. Zoo raising a ruckus
- Trouble in 'Oz': the Munchkins' dirty secret
- Ex-brother-in-law arrested in Hudson family deaths
- Schwarzenegger declares fiscal emergency
