Please Disseminate:  Abused Women and Electronic Trace Information (in memory of Sandy B)

February 12, 2010

As many of you know, I recently had a case that ended tragically in a murder/suicide.

My client was an incredible woman who was trying to escape an abusive situation.  She had already fled her home and was working with a safe house.

It is my opinion that her husband used a specific electronic method to obtain information and identify her location.  He then followed her and waited until she came out of a store, ran her down with his vehicle and then took his own life.

Since this occurred I have spoken with a few safe house organizations and have come to realize that, while there is a marked increase in the use of electronic means to track an abused spouse, there is not a corresponding level of information on how to “Cut The Electronic Cord”.

In a recent Houston Chronicle article (Mary Flood, ”Till Texts Do Us Part”, Houston Chronicle, Front Page, 12/17/2009) I covered with Ms. Flood a few of the areas that can be abused on cell phones and mobile devices.  While the article was helpful to a number of people, for some of them it was helpful in a way we had not intended — they were planning to use the information to further their own nefarious ends.

Realizing all of this, I have developed a web seminar that I will offer free to safe house organizations, divorce and family attorneys and abused women to attempt to share my knowledge base in the area of cutting electronic trails.  The webinar is entitled “Cutting the Electronic Cord: Managing Electronic Trace Information” and runs approximately 30 minutes.  I will provide the web seminar facility, call in number, and other resources to make this available.  There will also be a facility to handle live questions.

The seminar is NOT a marketing ploy and there will be absolutely NO commercialization or pitching of any products.

I have chosen my cause – and this is it.

If you are a family attorney or safe house organization you may contact me and schedule the webinar on your timetable.  Please be ready with at least three dates and times so that we can correlate calendars more efficiently.

On a go forward basis, I invite attorneys, safe house organizations and abused women to contact me free of charge for consultation.  I will supply safe house organizations with my direct cell phone for emergency events regarding questions related to electronic tracking means.

I am asking my business contacts, Facebook and Twitter contacts to disseminate this information, as well as my contact information, to appropriate sources so that we can start an education program in earnest.

With regards,

Aaron Hughes, CISSP
Vidoc Razor, LLC
Aaron.Hughes@VidocRazor.com
713-474-2286

1 Comment | Forensics Beyond the Hard Drive | Tagged: , , , | Permalink
Posted by inforensics

Forensics Beyond the Hard Drive: Kindle 2 Logging

June 26, 2009

Platform: Kindle 2

Artifact Type: Log

Information Type: GPS Location

Caveats: Debug mode and 611 logging must be on.

Usefulness: Very Limited

I was interested in what information was available via a Kindle 2 to assist in investigations.  In poking around to see what work others have done I found two sites that were really in depth and had great information:

Kindle Hacking: http://kindle2hacks.com/

Igorsk Blogspot: http://igorsk.blogspot.com/

These two sites do a great job dissecting the Kindle and Kindle 2.

Because inquiring minds want to know, I did a cursory review via FTK and Encase of a brand new Kindle 2, and did not find a whole lot that was very interesting.  Based on my reading of the two blogs above, it seems the more useful bits occur once you have access to the actual filesystem.

One item caught my attention: the “611 Log”.  Upon activating debug mode and turning on this log, one thing immediately stood out:  Latitude and Longitude information.

It is important to say that this log is going to be limited in an actual investigation, but it is worthy of note just the same.

The primary items that limit its usefulness are:

  • It is not on by default
  • It only logs GPS coordinates when the Kindle 2 is actually turned on (screensaver is not “On” for our purposes)
  • The readings are from cell towers, and not actual queries to GPS satellites, so the information is definitely not as accurate.

*** Important Note:  I am not forcing you to do stuff to your Kindle 2, if you do and mess your device up you have no one to blame but yourself.  These steps worked great for me, you take the life of your Kindle 2 in your own hands if you decide to play along. ***

Now that I have doused you with cold water, here is how you actually turn the logging on:

Follow the excellently written directions found on the Kindle2 hacking blog here. Look for the “Enable Debug Mode” section.  Do not continue on through the USB networking section… unless you just want to!

Next, type:   ‘help

That is a single hash, found near the “}” under the Sym menu, followed by the word help.  All of your commands from here on out will be prefaced with that character.  You should see an informational pop-up that looks like this.  Take a moment to enjoy some of the possibilities of what you are seeing.

Next, close the pop-up and type the following: ‘log611

There will be a short hesitation, a screen blink and that is it.  When you plug your Kindle 2 into the USB cable and attach to your system you will find a folder called “611″ and a log that is formatted: YYYY.MM.DD.HH  (Hour in military time).  Open that log and peruse to the “1xRTT” section.  In this section you will find “Latitude” and “Longitude”.  These are the coordinates supplied by the cell tower.

If you turn off the Kindle 2 (ie. hit the slide button so the screensaver comes on) and travel, this log will not add information until you hit the slide again and it has a chance to hop back on the network.

To turn off the logging:  Go to “Menu”> “Settings”.  Then hit “Menu”>Restart.

3 Comments | Forensics Beyond the Hard Drive | Permalink
Posted by inforensics