Browse By Topic

• RSS News Feed
• News Archive
• Opinion
• Features
• Wireless Technology
• Hardware
• Security/Privacy
• Integration/Networking
• Professional Development
• Special Needs Students
• Data Management
• Display/Presentation
• eLearning/Web
• Accountability/Assessment
• Policy/Research
• Funding
• Telecom
• Business Intelligence

Magazine

• Current Issue
• Archives
• Article Search
• Editorial Calendar
• Editorial Board

Newsletters

• T.H.E. News Update
• Collaboration 2.0
• THE SmartClassroom
• School Security
• Classroom Tools & Tips

Events

• FETC
• Innovative Learning Conf.
• Congress on Content

Subscription Services

• Magazine
• eNewsletters

Resources

• Learning Centers
• White Papers
• Webinars
• RoadMap to the Web
• Education Plaza
• Sylvia Charp Award
• Professional Development
• Conference Calendar
• FETC 2008 Vendor Focus
• Podcasts
• School Security
• 21st Century Skills
• Professional Development in Technology

Marketing

• About Us
• Media Kit
• Press Releases
• PR Guidelines
• Contacts

January 2008 — Features

Print this article

Click here to receive your FREE subscription to T.H.E. Journal

CSI: Hard Drive

by Julie Sturgeon

Harrold says the popularity of television's make-believe version of forensic investigation gives people the wrong notions about the business he is in. "A lot of people watch shows like CSI, where crimes are solved in an hour because there are no laboratory backlogs and things of that nature," Harrold says. "That is just not reality. It's a long process and not as glamorous as it looks on TV." Kennesaw State's Williams notes that the typical hard drive contains 150 to 200 gigabytes of memory on it, so it can take hours or even days to do one search for an image or text string.

Finding the Culprits

You can't tell at a glance which computers hold ugly secrets, nor has Williams found any reliable patterns—for example, computers in the multimedia room are more likely to contain smut than the one in the counselor's office—that he would warn to watch out for.

On the other hand, it is possible to get a whiff of misbehavior depending on the type of activity you're dealing with. If someone is using a machine to steal passwords or attack other computers, the machine itself will speak up via strange activities. It may reboot randomly, open five websites when the user asks for one, default to a porn page, or only allow users to type in certain keywords, for example.

Macs are less vulnerable than PCs to hacking pranks, but they offer no magic protection against users who are bent on foul play. Some software packages—Williams cites Guidance's EnCase, which police departments and the FBI use— do have the ability to perform computer sweeps remotely in search of various content. The tradeoff is often price, although that too is starting to change. In recent months, Guidance has rolled out a new pricing model for the K-12 market that charges $1 per student rather than its usual $100,000 to $1 million price tag, says David Hydorn, director of North American sales. That doesn't, however, factor in training costs.

"We introduced [the new pricing] after the current budget cycle, but we expect it to catch fire in the next budget round," Hydorn says. At this writing, approximately 20 school districts nationwide are using EnCase.

For many schools, random computer checks involve what the industry calls dead box forensics, a process that requires powering off the machine, taking an image of the hard drive, and then analyzing the data. But random checks are not an ideal solution. "They're very time-consuming," Karney says. "There is a threshold of pain you have to consider." He recommends publicly announcing a random check policy as a deterrent.

• « Prev
• Next »
• 1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6