Mediaboss Marketing

What you do on your computer stays on your computer.

That may seem obvious, but a document in a new FBI terrorism case
provides fascinating reminders of just how much information
government agents can mine from your computer and other
electronics, revealing cyber secrets you thought you'd long ago
deleted.

Jamshid Muhtorov is a refugee from Uzbekistan who was living in
Aurora, Colo., until his arrest on Jan. 21. The FBI began
investigating Muhtorov last year for his
support of the Islamic Jihad Union. The group is designated a
foreign terrorist organization by the U.S. government and has
claimed responsibility for multiple attacks on coalition forces
in Afghanistan.

Muhtorov allegedly pledged money and his allegiance to the IJU,
emailing a representative of the group that he was "ready for
any task, even with the risk of dying," according to the
criminal complaint. He was taken into custody at Chicago's
O'Hare airport just before catching a flight out of the
country.

Read the criminal complaint against Jamshid
Muhtorov

In an affidavit, FBI Special Agent Donald Hale noted that
Muhtorov communicated with associates using two email
addresses, an Android Blackberry smart phone and a Sony Vaio
laptop computer that Hale suggested could yield a bounty of
information.

When "Delete" Does Not Mean Delete

"Computer files or remnants of such files can be recovered
months or even years after they have been downloaded onto a
storage medium, deleted, or viewed via the Internet," Hale
wrote in the affidavit. "Even when files have been deleted,
they can be recovered months or years later using forensic
tools."

Hale explained that when a person deletes a file on a computer,
the data doesn't actually disappear, but remains on the hard
drive until it gets overwritten by new data. The computer's
operating system may also keep records of deleted files in
something called a "swap" or "recovery" file.

A computer's internal hard drive can keep records of how it was
used, who used it, and when, Hale wrote. This digital evidence
can point to information that once lived on a hard drive or
memory stick, but was later altered or deleted. For example,
agents might even be able to see where an incriminating
paragraph was erased from a word processing document.

"Computer users typically do not erase or delete this evidence,
because special software is typically required for that task,"
agent Hale wrote.

The trail doesn't end there. Web browsers, email and chat
programs can reveal online nicknames and passwords. The
computer can also tell investigators when a memory stick or
external hard drive was connected, and how and in what sequence
files were created.

Analyzing all that electronic evidence, Hale wrote, takes
"considerable time."

That work gets done at one of 16 computer forensics
laboratories around the country run by the FBI, in partnership
with 130 state and local law enforcement agencies. The first
Regional
Computer Forensics Laboratory, as they are officially
called, was established in San Diego in 1999.

Agents who first obtain court approved search warrants can
scour cell phones, cameras, GPS units, tablet computers and
more for information that can make or break an investigation.

Read this article:
Covered Your Digital Tracks? Think Again