Blog‎ > ‎

New forensics tool can expose all your online activity

posted 8 Sep 2011, 02:27 by Jamie Condliffe


It is another escalation in the computer security arms race. Software that can uncover all of a person's online activity could, in the hands of the police, put more sex offenders behind bars - but it may also be exploited to develop new ways of avoiding being caught.

Researchers from Stanford University in California have managed to bypass the encryption on a PC's hard drive to find out what websites a user has visited and whether they have any data stored in the cloud.

"Commercial forensic software concentrates on extracting files from a disc, but that's not super-helpful in understanding online activity," says Elie Bursztein, whose team developed the software. "We've built a tool that can reconstruct where the user has been online, and what identity they used." The open-source software, Offline Windows Analysis and Data Extraction (OWADE), was launched at the Black Hat 2011 security conference and works with PCs running on the Windows operating system.

The majority of sensitive data on a hard drive, including browsing history, site logins and passwords, uses an algorithm to generate an encryption key based on the standard Windows login.

Last year, Bursztein and his colleagues discovered how this system works - making them the only team in the world, other than Microsoft, able to decrypt the files. Now the team have made their discovery public, with free access.

The OWADE software combines this new knowledge with existing data-extraction techniques to create a single package that can uncover illegal online activities.

Comments