Posts
http://www.slate.com/blogs/future_tense/2012/12/21/adam_lanza_s_hard_drive_might_be_destroyed_but_we_can_still_follow_his_electronic.html
Adam Lanza Tried To Destroy His Hard Drive. Here’s How We Can Still Follow His Electronic Trail.
|
Posted
Friday, Dec. 21, 2012, at 9:03 AM ET
Newtown police officers on the street where Adam Lanza and his mother, Nancy Lanza, lived
Photo by Jared Wickerham/Getty Images
Photo by Jared Wickerham/Getty Images
Last week, before committing one of the worst mass shootings in modern American history, Adam Lanza tried to destroy the hard drive on his computer.
But whatever he was trying to hide might still be recoverable—and other
options are available when it comes to uncovering his digital trail.
According to report published Wednesday by the Washington Post,
the authorities are moving swiftly to try to salvage the damaged
computer. Investigators reportedly believe before massacring 20 children
and six adults at Sandy Hook Elementary School in Newtown, Conn., Lanza
took a screwdriver or hammer to the hard drive. This creates a hurdle
for the cops trying to gain an insight into what was going on inside Lanza’s head
in the lead up to his terrible shooting frenzy. But depending on the
scale of the damage, it is likely that forensic experts will be able to
recover at least some of Lanza’s data. It is a complex, timely, and
costly process that can involve piecing together crucial broken parts of
the drive like a jigsaw. However, as the Post notes:
Extraordinary recoveries have occurred. When the space shuttle Columbia disintegrated on reentry, investigators were able to recover hard drives that had fallen to Earth. “The data was almost 100 percent recoverable,” [Rob] Lee, the lead for digital forensic and incident response at the Sans Institute, a leading cybersecurity and training organization.
The authorities will also be able to glean information about Lanza
from other electronic sources. Given that the 20-year-old killer was
reportedly a member of a technology club and likely spent a great deal
of time at his computer, he surely had at least one email account.
Assuming they can identify that account, investigating officers will be
able to obtain a warrant to retrieve a record of Lanza’s email activity,
which may offer a useful glimpse into his life and mindset. And if
Lanza tried to cover that base by deleting his Gmail or Hotmail account,
he probably didn’t realize that deleted emails usually remain backed up
on centralized servers, at least for a few weeks.
The officers will probably also try to make contact with Lanza’s
Internet provider to attempt to get access to any data showing Lanza’s
online behavior. Although ISPs in the United States do not retain data
as part of a mandatory retention regime as is the case in Europe, many
of the major providers do retain some data
about their customers’ usage (often for billing purposes). This doesn’t
necessarily mean the cops will be able to obtain a list of websites he
was visiting, but they should be able to get hold of his IP address,
which could in turn be used to link him to posts or comments made on
forums or websites—so long as he didn’t use an anonymizing service like Tor.
If Lanza had a cell phone, some useful data might come from records stored by his telco. Most of the major cell providers retain data
showing who you have called and when, and they also retain location
data—sometimes for as long as two years—which could be used to try to
trace Lanza’s movements in the weeks and months before the shooting. His
bank transactions may yield useful intelligence, too.
But Lanza’s hard drive will remain the most crucial piece of the
puzzle—which is likely why he tried to destroy it. The hard drive will
contain vital information, such as website logs, documents accessed,
notes written, images saved. Such data, if it can be salvaged, will help
police understand whatever led to the massacre—offering a unique
glimpse into Lanza’s troubled psyche by unlocking the secrets he
intended to take to his grave.
No comments:
Post a Comment