March 2012: I gave a talk on web security systems at NORUT, Tromsø, Norway.

February 2012: New paper on web security systems is out!

February 2012: I gave a talk on web security systems at the University of Jyvaskyla, Finland.

October 2011: I gave a talk on robotics at Lund, Sweden. The videos I referred to in the talk are here.*

July 2011: New paper on whistleblowing and file compression is out!


2011: The beginning of the end for digital forensic recovery?

In late December 2010 I published a paper with Richard Boddington in the Journal of Digital Forensics, Security and Law, describing how modern SSD firmware designs invalidate one of the key ideas underlying forensic recovery and analysis of data. This paper has been well received by practitioners and the media.

Presently, police forces and workplace investigators have a well-established system for managing digital evidence found on hard drives, which has been used for decades. Unfortunately, if they approach SSD drives the same way, they can accidentally ruin the evidence and there is no indication that anything has happened. This can have the consequence of making guilty people seem innocent, and innocent people seem guilty, amongst other difficulties.

The nice thing about this paper's result is that you can easily reproduce it at home without a big budget or forensic software. The links below point to some of the media articles describing our work.

The paper is free to download (Click here) and I've written a Frequently Asked Questions guide to accompany it, which you can download here: (FAQ).

Media coverage of this article

Techworld (01/03/2011) (John Dunn): SSD firmware destroys digital evidence, researchers find; forensic analysis of drives by investigators now uncertain.

The Register (01/03/2011): Self-erasing flash drives destroy court evidence; 'Golden age' of forensics coming to close.

SANS: Digital Forensics Case Leads: Do SSD Drives Auto Destroy Forensic Evidence? Industrial Espionage, and Cloud Computing Forensics

Slashdot (01/03/2011): SSDs cause Crisis for Digital Forensics.

Macitynet.it (Italy):
I firmware dei drive SSD complicano il lavoro degli esperti di informatica forense

Computerra.ru (Russia): Кивино гнездо: Закон Мерфи для хранения данных

TechCentral.ie (Ireland): SSD firmware destroys digital evidence: Forensic analysis of drives by investigators now uncertain, researchers find.

Geek.com.br (Brazil): Memórias em estado sólido podem prejudicao trabalho de tribunais

InfoSec Daily Podcast: Self-Corrosion

Webhosting.pl (Poland):
Przejscie na SSD jednak sluzy prywatnosci? Firmware tych pamieci niszczy cyfrowe dowody

SSD Freaks.com:
Modern SSDs self-destroy court evidence

Digital Forensics Magazine:
SSD FIRMWARE DESTROYS DIGITAL EVIDENCE

Sydney Morning Herald (Australia):
High-tech criminals outsmarting the law

Image and Data Magazine:
Solid state storage may have shaky foundations

Tom's Hardware (Italy):
SSD, incubo della Polizia: dati irrecuperabili!

ITNews.it (Italy):
SD: RAPIDA LA CANCELLAZIONE PERMANENTE DEI DATI

E-week Europe and ITEspresso.de (Germany):
SSD Firmware Causes Forensic Concern

ITNEXT (India):
SSD behavior underlying digital forensics

Stuff.co.nz (New Zealand)
High-tech criminals outsmarting the law

Also syndication and further articles at:

Macworld | CIO Magazine | Computerworld.com | Computerworld NZ | IT World.com | IDG NEWS SERVICE (Norway) | CSO.com.au (Chief Security Officer magazine Australia) | Seguranca (Brazil) | IT Secure Site | TechTalk Seattle.gov | StorageNewsletter.com | InfoSec News.org Mailing list | David Ottenheimer | Media-geek.com | The Age (Australia) | Forensics Wiki | Infosec Island | Root CZ (Czechoslovakia) | Webmasterpoint.org (Italy)

... and via many kind bloggers and webforum authors ... :-)