Researchers Elie Bursztein, Ivan Fontarensky, Matthieu Martin, and Jean-Michel Picod from Stanford University in California have managed to bypass the encryption on a PC’s hard drive to find out what websites a user has visited and whether they have any data stored in the cloud.
“Commercial forensic software concentrates on extracting files from a disc, but that’s not super-helpful in understanding online activity,” says Elie Bursztein, whose team developed the software. “We’ve built a tool that can reconstruct where the user has been online, and what identity they used.”
The open-source software, Offline Windows Analysis and Data Extraction (OWADE), was launched at the Black Hat 2011 security conference, and works with PCs running on the Windows operating system.
“Say you’re working on a paedophilia case and you might want to know if people had interactions with minors on social networking sites,” says [Elie] Bursztein [of Stanford University whose team developed the software]. Previously, with only access to a hard drive, the police would not be able to match suspects to online identities, let alone gain access to their accounts. “Now, law enforcement organizations can extract information from websites like Facebook to find out,” he says.
The key to the technology, reports the New Scientist, comes from unlocking Microsoft’s encryption.
The majority of sensitive data on a hard drive, including browsing history, site logins and passwords, uses an algorithm to generate an encryption key based on the standard Windows login.
Last year, Bursztein and his colleagues discovered how this system works—making them the only team in the world, other than Microsoft, able to decrypt the files. Now the team have made their discovery public, with free access.
But like any technology, the system can be used for good or bad. As the information has been put in the public domain already, tech aware users can exploit the system.
“If somebody knows what they’re doing with their data, they will try and hide it and work around [solutions like this] as much as they can,” says John Haggerty from the University of Salford, U.K.
Download Offline Windows Analysis and Data Extraction (OWADE)