:: Deepquest ::

One of the justifications for an increase in the number of days a terrorist suspect can be held in the UK without charge, from 14 to 90, is the time it takes to decipher what is on a suspect’s computer hard drive.
Assistant commissioner at the Met Police, Andy Hayman, has claimed the extra time is needed in order to make sure that all the evidence from a seized PC is located before someone is released. The question is: why does it take so long?

The Met Police has a high-tech crime unit and also has access to the Forensic Science Service. Both units employ Forensic Computer Analysts who crack hard drive contents.

We asked Dr Fauzan Mirza of ProSoft Research, an expert in hard drive encryption, how the Met would set about cracking a hard drive and looking for evidence of terrorist activities. “There are two stages,” he told us, “acquisition and analysis. Acquisition is automated and takes a copy of the hard drive itself. It runs at the speed of the fastest backups, around 500MB per minute. Analysis looks at the contents. It’s usually obvious within a matter of hours whether there is evidence on it.”

“If there is evidence it can take more than a week to analyse it. It could be two to three weeks depending upon the sophistication of the means used to hide it, steganography for example.”

A Met spokesperson confirmed to us that in some terrorism cases, they were facing this exact issue. “We are dealing with encrypted messages,” he said.

more from [url=http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4727]TechWorld[/url]