WTF!

"Many trojans will corrupt the Windows partition table. We use data recovery software to scrutinise the hard drive and hopefully fix the problem. However, before we hand the computer back, it is standard practice to look at some images – very briefly – to make sure that the data has been recovered accurately.

That is just wrong and dodgy and utter bollocks on all fronts.... my files, my privacy.

That is basically them saying, we have a good root around to grab some juicy stuff and if we find anything dodgy we'll alert the police (after we've kept it 'for evidence' of course)

I predict a comment flood on this topic!!!!

PC World

Was it PC World by any chance?

As a PC engineer who does quite a lot of repairs to PCs that have been stuffed up by Windows I often have to do a lot of backing up of data and restoring it. To be honest I try and avoid looking into what data is stored. Sure I'll search out documents, pictures etc but the content is none of my business, I'll simply back it up and restore it and subsequently securely erase any backups I have to make as part of the process.

Of course if I did come across any child porn or terrorist stuff I would inform the police, but to be honest I don't think anyone engaging in a bit of bondage is anything to do with me.

Anonymous due to some of the home made porn I've accidentally found on a couple of machines, don't want to embarrass my customers, it's bad enough returning the machines with a straight face.

Paris, well because of the porn links.

Data integrity

Right, so let's get this straight. If I take a PC into PC World, and they, during the course of whatever they do, discovered something that they thought was questionable, they could report me to the Police and I could get into all sorts of bother.

Meanwhile, if the Police actually wanted to check my PC for questionable material, they would need to do a proper forensics job - pull the plug without shutting down, retrieve the HDD, attach to another machine and clone it at block-level, then access only the clone in order to carry out their investigation. Failure to jump through these hoops would render any findings pointless due to the potential for tampering, cross-contamination etc.

So unless the PC repair tech jumps through the same hoops (which would be pointless since they would have fixed the wrong drive), how are their findings of any use in court? Even if they find them then pass the drive straight onto the Police for a proper forensics job, the potential for tampering would still render the content of that drive inadmissable, surely?

Three words:

RAM disk cache.

Utter crap.

So, looking at a few files is meant to demonstrate that all the file structure is intact? Not a chance. After a fail, ALL data is suspect; just hope you have good backups. Everything that's good is a bonus.

For the main checks, software has a far better chance of evaluating what portion of data is likely to be suspect; just randomly selecting an image or two just isn't science.

Coupled with the whole "drive being placed in an unsecured area" in the PC tech's build room is no way to handle "evidence". It should be as admissable as "we found 3 kg of cocaine on the bus seat you occupied 3 hours before we saw it". There is no guaranteed trail of evidence that can't be altered.

This is shoddy police work at best. Created by a shoddy law from a very shoddy Government.

"We don’t browse our clients’ computers for fun"

Now thats not very BOFHlike attitude is it?

They're coming to take you away...

So that Extreme Man-on-Man-on-Donkey Pron you keep in that password protected zip file is soon to be evidence in front of your local Beak!

Resistance is futile citizen.

As the PC repair guy said

"If I saw any child porn or terror material" - no mention of "extreme porn" or "within the terms of the act" or any other bollocks. Most men(not sure about women) would not recognise anything not "child pron or terrorist stuff" as wrong anyway(& unless the terst(as the septics say) stuff is Islamic,most wouldn't notice it ).

The bloke in the story being prosecuted must have either admitted guilt or been a complete idiot. Any decent brief should have shredded their case - what a lot of old cock (of whatever species)

Inadmissable.

I won't even bother going in to the evidence integrity procedures already outlined in these comments.

But yeah, UK = Screwed. S.U.F.O!!! Sell Up, Fuck Off! Only a month or 2 left for me... Yup, I didnt just sit on the comments form whining, I got my shit sorted out.

I distinctly remember that the discovery of a client's homebrew grot to be a "techie's perk", according to the Profanisaurus...

If you are stupid enough...

....to need to take your computer to a shop to get it repaired by some "technician", AND have illegal images on it, then what can you say!? DOH.....

Another Home Support IT Engineer here

Like the second post above, I also recover data for clients. And have learnt long ago to avoid going any where near it as there are some funny hobbies among some people. (Home made S&M p0rn being only part of it)

It is private data, so I treat it all like it is too private to look at. I deal with financial advisers and nurseries among my clients, so have respect for the privacy and just "do my job". But sometimes it is hard to avoid the thumbnails.

I do worry that when I recover this data to my recover server there could be all kinds of dodgy traces left behind. Have I scrubbed all my hard disks enough? Are there dodgy files left on some of those old hard disks which are en-route to WEEE disposal? What if I got raided? It all starts to get a little messy.

Darik's Nuke n Boot or a Large Lump Hammer tend to me my friends.

Funniest occasion I have had though is when recovering the family photos for a client I had a quiet word with him about those photos all parents have. The ones where the naked kids are in the bath. Innocent photos of your own children that are now illegal. I have to be honest - I had fun winding up the Met Copper who's hard disk it was by giving him a lecture in the letter of the law.

Police can do what the **** they want

"For instance, if the police have obtained a warrant to search premises by deception, then evidence found as a result of that search may be ruled inadmissible."

*may*

So when was the last time a judge threw a case out because the police abused their power ?

No, I can't recall either.

So the police have no reason to follow the law.

Bollox.......!!!

It was(and no doubt still is) standard practice during hardware/software refresh projects to skim all PC's for *.mp3's ,Mpeg's, AVI's, and JPG's for any thing juicy.

So far we topped out at 20GB of mixed european music and some interesting home vids of Regional Managers getting upto hijinks with who we presume was thier wifes ;p

made for quite interesting migration sessions during the dull boring bits....

though this was a numbr of years ago, and all names have been changed to protect the guilty....

Tech's at work...... syphoning up all that juicy data for use at some later date, at thier leasure....

You know what the real answer is - Truecypt

Come on people, you know that you absolutely cannot rely on anyone to protect your privacy - other than yourself. So Truecypt, Truecypt, Truecrypt.

Rubbish,

The tech obviously put the images there himself as it was a difficult customer.

(And if that is not true, What is stopping it from being true? the Hippocratic oath taken buy PC repair techs?)

trojans etc.

Many trojans also put undesirable material on your PC, sometimes hidden in secret hidden folders, sometimes visible.

It would be fairly normal for somebody to delete anything they notice, and not notice anything that's been hidden.

Running data recovery software is likely to uncover such hidden or deleted data, which you would then be responsible for.

Oh well, like people really needed another reason to never use PC world for repairs anyway.

WTF

>> Many trojans will corrupt the Windows partition table.

Many? I suppose it happens, but it isn't common. Drive failure is much more common.

>> We use data recovery software to scrutinise the hard drive and hopefully fix the problem.

>> However, before we hand the computer back, it is standard practice to look at some images

>> – very briefly – to make sure that the data has been recovered accurately.

If all that has happened to the system is that the partition table has been corrupted, then recovery will be pretty obvious. If you suspect that files have been corrupted, there are automatic tools which can check many types of files for corruption - corruption in compressed files such as jpegs, mpegs, zip is usually easily detectable, doing it automatically will allow every such file on the system (ignoring the users browser cache, which will often be full of partial and therefore corrupt fies) - "very briefly" looking at a few files because they have racy names isn't exactly thorough.

>> "We don’t browse our clients’ computers for fun: but we do look at a range of files to check

>> that we have done the job successfully. If, in the course of that check, I came across

>> something serious – child porn or terror material – I would certainly alert the police."

Would you also inform the police that the computer was infected with malware (which you have now removed all traces of - after all you only 'check' the users files when you think it is fixed), malware which could have downloaded any number of files to the PC without the user's knowledge or consent? I'm not saying you shouldn't inform the police, however as a knowledgeable technician, you have a responsibilty to inform the authorities that what you have found is far from categorical proof of wrong doing on the owner's part.

The crime here gentlemen....

Taking your computer to PC World in the first place!! Why have a bunch of ill-educated on-offtards inspect your machine? And what pillock would leave pictures of his missus in full landing gear and vegetable paraphernalia on his PC prior to repair anyway?

The bit about websites downloading far dodgier material to your PC unawares? Bollocks! Not In 15 years of perusing jugtastic tinterweb content have I discovered anything more horrendously off topic than a popup for a Macbook! Yes, sick I hear you cry, but not kiddy fiddling material. If it’s on your drive then you put it there – guilty as charged and off to the castration chamber for you!

new icons!!

how late am I spotting this?

beer, 'cause its Friday, hurraah!

hmmm

If you follow this logic then if I see a pc repair guy showing his friend something dodgy on their laptop then you could report him to the rozzers and they wouldn't have to go through the same channels to get to his data?

Or maybe the government should have free and unrestricted access to all pc repair shop computers and if they find anything dodgy on them (and I am sure you would, either stuff they have copied from clients or brought in themselves) then they could be done for it.

@Pete

lol love it, you've been keeping up with the BOFH

@ "PC World"

Even as a former PC World employee who used to do hard drive recovery, I would never look at people's files. Disk checking utilities are more than capable of telling whether the data integrity on the hard drive is OK without me sifting through their personal files.

I love the "very briefly"

I only stabbed him quickly, gov.

There is a secondary risk - blackmail and deliberate planting of "evidence". Not of the type of "I have found" but "I shall ruin your life because the UK has all but abandoned the principle of innocent until proven guilty".

I wonder what would happen if someone offers a reward for such a concept for anyone handling the PC of certain politicians. I'm all for seeing irony at work..

"low social skills"..?

I'm wondering if this is code for "The police shouted at the poor f*cker until they got a confession, at which point the option of challenging the actual evidence became academic."

But in keeping with Dan10 and others above, I think it would be instructive for all if such evidence *were* properly scrutinised in a test case.

AC because, well, I frankly have no idea what web pages I've visited might have surreptitiously put in my web cache:

<div style='display: none'>

<img href='http://www.garyglitter.com/gallery/christknowswhat.jpg' />

</div>

Be very afraid...

Seen too often.....

lots of comments here, talk of truecrupt, RAM disk cache etc. However most of the PC's left in my shop haven't even got antivius protection - These are basic users, problem creators, fuckwits etc, they can't even understand that stuff gets saved when they visit webpages.

I back-up the shit, do the repair/re-install - stick Picasa on it and ask it to scan the fucking lot - one quick scan through allows me to DELETE the whole lot (no not copy it) - so I don't get the mother of some 15yr old halfwit coming in screaming at me because of what was on the PC when she got it home.

Sorry for the rant, but for all the moral "I would never look at anyone's files" crap you sometimes have to look at a different perspective

Funny

"Terrorist Material"

I once found an infected computer. That had an open HTTP server installed on it.

There was lots of .doc files. With the Islamic scribble. (I dont know what its called)

Should I have told the police?

How would he know its terrorist material....

This was St Helens remember

I live close enough to the place (and shop there at times) to be able to confirm a large proportion remind me of the townsfolk in The League of Gentlemen.

Just replace the "are you local?" with "we're inter-bred"

I've seen 2 arrested...

I worked for a big box retailer for a couple of years, from 2001 until about 2 months after they changed the uniform to that "geekier" thing (at that boint I gout out as fast as I could...)

Part of the training I had to give all my techs was that when they were working on a customer machine:

1) ensure no "explicit" images are displayed on the screen before connecting it to the overhead monitors. (I watched a guy get fired for putting a desktop on display to a crowd of people featuring a nude woman as the wallpaper)

2) when working on a PC, don't make an effort to search, but if you find evidence of child pornography or other federally illegal activity a) stop, b) notify management, and c) management will notify the FBI, and d) do not make the customer aware.

We had one PC come in, this guy was obviously an idiot, it was covered in stickers of naked 12 year old girls and one reading "if it's of age, it's too old!". We accepted it, logged his credit card and phone number, and called the police the second he was out the door. The FBI showed up, took it away (we never powered it on btw), and then called us back later. They asked us to tell him to come in to discuss the repair costs and pre-pay, and we set an appointment. The FBI was waiting when he came in and arrested him on the spot. Over 1800 images were found on his system and he got a sentance of over 25 years.

Another guy had his little girl (who he brought in with him to drop it off) pictured nude on his desktop. She was 13. We told him it would only take 15-20 minutes to add the RAM he wanted and to wander around the store for a while. He was arrested less than 10 minutes later. Some of the pictures they found on his machine had him in sexual positions with his daughter...

If you're going to have blantantly illegal crap on your computer, DON'T BRING IT TO A RETAIL STORE FOR REPAIR!!!

Per a member of the FBI we spoke to after the first arest, they told us that not only was it our duty to call the police, and they thanked us for doing so, but they reminded us that if we saw child porn on a machine that we ourselved could be subject to arrest if we DIDN'T alert the police. Our company execs confirmed that was the case. Not reporting an incedent of kiddie porn is itself a federal offense.

Now, i can agree, it;s possible that in places like your internet cache, tmp folders, and other places viruses stick images, you could very likely have illegal images on your machine you honestly know nothing about. When it;s your desktop image, and it;s you and your daughter, you have no case.... When you have a photo management app, and meticulously organized images, also sorted into clearly identifyable folders in the file system in common locations a user could not possibly overlook (like a folder ON THE DESKTOP called "13yrold golden showers"), you're guilty. As a tech, I've seen some pretty nasty stuff on people's computers (dump.gif), and much of it was actually in plain sight!

I've seen machines with web browser home pages set to illegal porn sites, e-amil archives with hundreds of porn photos shared with others, desktops with nasty images, chat apps that auto-launch and connect and then immediately get hit with invites to sexual chat, newgroup servers defaulted to alt.fettish feeds. People please... Provided it's legal stuff, the least you can do is make it so i don't have to see that crap on your PC when you bring it in for service... If you;re that depraived, don;t bring it in!

Priceless Jacqui Cartoon

Absolutely priceless how Scarfe can bring the mighty down with just a few strokes of his pen. I wonder if her hubby had a few strokes watching those movies? Bet his PC could not bear close scrutiny; nor for that matter the average coppers as it'd probably be chock full of torture videos from Gitmo, Abu Ghraib & Baghram.