Menu

Technology

What Hidden Secrets Could Weiner's Hard Drive Hold?

Hand Bacteria

A new technique developed at CU‑Boulder to identify individuals by the unique communities of hand bacteria they leave behind on objects they have handled may prove to be a valuable forensic tool in the future.Steve Miller, CIRES

Diamonds are forever -- and so it seems is computer data.

Tweets, digital images, chat messages and more that New York Democratic Rep. Anthony Weiner's sent to college cuties and porn stars alike may prove to be his downfall. Computer forensic experts told FoxNews.com that an exhaustive hunt through his or any hard drive turns up tons of information -- even files a user has deleted or erased. 

For these geeks, the ones and zeroes in a computer are like the clues at a crime scene. And there are a lot of ones and zeroes.

"It's like a murderer tracking blood around the room -- they're trying to cover things up but instead creating even more footprints," Douglas Brush, chief forensic examiner with the Digital Forensic Group, told FoxNews.com.

The basic methodology is called "file carving." Using a forensic disk image -- an exact replica of every byte of data on a computer's hard drive -- a forensic analyst can study the raw bits on the hard drive to piece together artifacts and recreate files, "carving them out" of the raw data.

If there are a lot of items in the raw, "unallocated" space, it shows that someone was possibly trying to hide things -- a bad idea, Brush explained.

"A lot of users will attempt to hide their actions. It only complicates things," he told FoxNews.com. "It can make it even worse for them." Experts can detect those guilty efforts to hide data and  point to it as circumstantial evidence.

There's even a term for it.

"Spoliation," said Chris Miles, owner of computer forensics investigation company Miles Technologies, "describes the intentional destroying or spoiling of evidence."

Erasing all those zeroes and ones takes a lot of work, Brush explained. Instead the computer removes the marker or the "index entry" that tells where a file is, but not the entire file itself. And forensics firms know when a file was erased.

Deleting data doesn't hide it from these bloodhounds, in other words.

"They might cover up their tracks, but they don't do as good a job covering up the covering up of their tracks," Miles said.

In addition, there are bits of data in digital images that can be used to create a complete picture of a picture.

"Pictures have 'EXIF' data that can give info about the camera that was used to take a shot. And some have geolocating info that can say where a picture was taken," Brush said.

Using these file remnants, as well as emails, documents, pictures, and videos, gives forensic experts a complete view of a person's activities. And professional grade software tools such as EnCase by Guidance Software and Forensic Toolkit (FTK) by Access Dataa can comb through it all.

"You have some very distinct dates and times of what a particular gentleman was doing," Brush told FoxNews.com. "We can say on this date and this time precisely what a person was doing."

Miles agreed.

"We can say, for example, he emailed his mom at 11:03 and responded to some other email at 11:04 -- and then at 11:05 he surfed porn," Miles said, showing just how precisely his firm can break down a timeline from digital records.

Cell phones act like little computers, both experts agreed, and can be tracked and analyzed in precisely the same fashion. 

"You really are piecing together a puzzle," Miles said.

Jeremy A. Kaplan is Science and Technology editor at FoxNews.com, where he heads up coverage of gadgets, the online world, space travel, nature, the environment, and more. Prior to joining Fox, he was executive editor of PC Magazine, co-host of the Fastest Geek competition, and a founding editor of GoodCleanTech.