Let's say I just used internet explorer and I cleared history/cache/cookies every night. I don't save passwords/username for forums. I also had the normal Windows XP password lock on my computer.

Let's say I get raided and the police steal my computer.

1)Can they break into my computer through the password?
I assume the NSA or the FBI can break through a password, but can cops or a judge for a small non-white collar crime demand this?

2)Can they learn all the websites/forum I visit?
I also assume the NSA and the FBI can do this. But again, can cops or judges do this?

3)If they can learn the websites/forums I visit, can they learn the username I post under?
I'm not sure if a NSA/FBI can do this..? Can they? I highly doubt a cop could, right?

4)If they can learn the usernames from my forums, can they learn my password?
I pretty much don't think the NSA/FBI can do this. I REALLY dont think a cop could.

If a normal probation officer/judge can somehow find the websites you go to, even if you delete history/cookies/cache, are there free programs that can stop this?

If a normal probation officer/judge can somehow find the forum usernames you go to, even if you delete history/cookies/cache, are there free programs that can stop this?

If a normal probation officer/judge can somehow find the passwords to usernames you go to, even if you delete history/cookies/cache, are there free programs that can stop this?



Lets say I had these programs that could stop this...

Could the FBI super computers defeat this?

Let's say I just used internet explorer and I cleared history/cache/cookies every night. I don't save passwords/username for forums. I also had the normal Windows XP password lock on my computer.

Let's say I get raided and the police steal my computer.

1)Can they break into my computer through the password?
I assume the NSA or the FBI can break through a password, but can cops or a judge for a small non-white collar crime demand this?

2)Can they learn all the websites/forum I visit?
I also assume the NSA and the FBI can do this. But again, can cops or judges do this?

3)If they can learn the websites/forums I visit, can they learn the username I post under?
I'm not sure if a NSA/FBI can do this..? Can they? I highly doubt a cop could, right?

4)If they can learn the usernames from my forums, can they learn my password?
I pretty much don't think the NSA/FBI can do this. I REALLY dont think a cop could.

If a normal probation officer/judge can somehow find the websites you go to, even if you delete history/cookies/cache, are there free programs that can stop this?

If a normal probation officer/judge can somehow find the forum usernames you go to, even if you delete history/cookies/cache, are there free programs that can stop this?

If a normal probation officer/judge can somehow find the passwords to usernames you go to, even if you delete history/cookies/cache, are there free programs that can stop this?



Lets say I had these programs that could stop this...

Could the FBI super computers defeat this?

Yes they can find your history, even if you delete it, retrive which web sites you have gone to, then contact the owner.

Use a livecd and a flash drive, you can easily destroy/hide the flash drive. There's a lot of free live cds, use google. If your worried that somebody might steel the flash drive, you can also encrypt it using truecrypt.

EDIT: Destroy the hardrive, an old microwave will do, I'm not kidding.

They've shown that they can still get this stuff out of RAM too. I doubt they would go to those lengths because it's very expensive. But the method is, that even if the computer is off for a couple of minutes, there is still data stored it RAM. By freezing the stick... literally freezing. They are able to pull data from them. What kind of data, I don't know. How much, I don't know that either. But... that's just something to think about.

They've shown that they can still get this stuff out of RAM too. I doubt they would go to those lengths because it's very expensive. But the method is, that even if the computer is off for a couple of minutes, there is still data stored it RAM. By freezing the stick... literally freezing. They are able to pull data from them. What kind of data, I don't know. How much, I don't know that either. But... that's just something to think about.

What you're referring to is the fact that memory chips hold data a couple minutes when powered off, and can be frozen using canned air or liquid nitrogen to be stored and processed longer. This allows retrieving the entire data contents of the chip with a 0.17% error rate.

New York Times:
http://www.nytimes.com/2008/02/22/technology/22chip.html?_r=2&ei=5087&em=&en=13d01f43eefefaeb&ex=1203915600&pagewanted=print&oref=slogin&oref=slogin

Heise Online:
http://www.heise.de/english/newsticker/news/103998

Then just throw the RAM sticks in the microwave too.

Then just throw the RAM sticks in the microwave too.

Excellent idea, your a fucking genius...

What you're referring to is the fact that memory chips hold data a couple minutes when powered off, and can be frozen using canned air or liquid nitrogen to be stored and processed longer. This allows retrieving the entire data contents of the chip with a 0.17% error rate.

New York Times:
http://www.nytimes.com/2008/02/22/technology/22chip.html?_r=2&ei=5087&em=&en=13d01f43eefefaeb&ex=1203915600&pagewanted=print&oref=slogin&oref=slogin

Heise Online:
http://www.heise.de/english/newsticker/news/103998

The whole frozen memory chip thing is called a "Cold Boot Attack" and can be done in the home.

So, can they find out my passwords??

So, can they find out my passwords??

It's possible, but they're more likely to interrogate you until you give in and hand them the passwords.

Not sure if your in the united states, sounds like it, But aren't all ISP required to log what you visit/connect to?

If you're stupid and use internet explorer then they can farm the hidden registry keys, view your complete internet history, and read your emails.

Not sure if your in the united states, sounds like it, But aren't all ISP required to log what you visit/connect to?

This. I'm pretty sure your ISP will keep a track of what sites you visit and what you download for ~2 years or so. I can't remember where I heard this though, so I may be mistaken.

So, can they find out my passwords??

Yes, easily, read my previous post.

Let's say I just used internet explorer and I cleared history/cache/cookies every night. I don't save passwords/username for forums. I also had the normal Windows XP password lock on my computer.


Clearing cookies/history/cache doesn't really make any difference. That stops basic users from finding information, and generally, no one else.


Can they break into my computer through the password?


There's nothing to break into. Your files aren't encrypted (not that you mentioned, and not by default).

They could boot from a live CD and change the password (thereby accessing the files).
They could put your hard drive in a different computer (as a slave) and access the files.
They could (possibly) use one of the many existing tools to actually 'crack' (as in reveal the plain text version of) your password.
They could (if they really wanted it) bruteforce your password.

And on and on.


I assume the NSA or the FBI can break through a password, but can cops or a judge for a small non-white collar crime demand this?


Are they capable? Yes, definitely.


2)Can they learn all the websites/forum I visit?
I also assume the NSA and the FBI can do this. But again, can cops or judges do this?


Are you asking on a legal level, or a technical one?

Regardless, the answer to both is yes. But it's dependent on certain factors. With a court order, they can do anything they want to do. And more times than none, they'll do it even without one. On a technical level - yes (although only to an extent) - it depends on certain factors.

On my 'nix box, I have a script set to F12 that:
uses lsof to find every file mozilla is accessing (excluding libraries, etc) - and then shreds said files (with 100 iterations). It then shreds bash_history (again with 100 iterations). Finally, it shreds every file (in every folder) of .mozilla (and then restores .mozilla from a clean backup). While it's not 100%, it's much better than simply clicking "delete cache" (at least in my opinion).


3)If they can learn the websites/forums I visit, can they learn the username I post under?
I'm not sure if a NSA/FBI can do this..? Can they? I highly doubt a cop could, right?


You could answer most of these questions yourself. Use something like textpad to search the contents of every file on your hard drive for your username. Even if by some chance you'd get no results - it doesn't mean it's not possible, but the point is - it'd be extremely rare if you didn't get any results for it. Try the same thing with the registry.

My answer, yes (again, depending).


4)If they can learn the usernames from my forums, can they learn my password?
I pretty much don't think the NSA/FBI can do this. I REALLY dont think a cop could.


Over something serious enough - they could force the sites to give them the passwords. You'd be surprised how many people don't encrypt the passwords in their database. You'd be even more surprised how many of them don't salt the ones they do encrypt. It doesn't matter though, whatever hashing function they're using - with enough info, lots of people could crack (especially people with thousand dollar equipment).

Even if it's not true - who is gonna stop the FBI if they exploit randomsite.org to get your password?

If a normal probation officer/judge can somehow find the websites you go to, even if you delete history/cookies/cache, are there free programs that can stop this?


Yes, it's called education. Read up on computer forensics, your operating system, the browsers you're using, etc. For more security, I'd recommend disabling cache altogether. IE might pretend to allow it, but not actually do it. Firefox, I know actually does. That way, nothing is ever saved to disk. Or make your temp/cache/whatever dir located on a flash drive (then the possibilities as to what you do with it when the time comes are a lot more than that of a screwed-in hard drive inside of a case).


Could the FBI super computers defeat this?


It really all depends, there is no generic answer.

One thing I used to do (when I got interested in computer forensics/data recovery) was: shred any sensitive files (using like, tuneup utilities built-in shredder, government standard I think is 30 iterations, so I always did double or triple). Then defrag. Then run another shredder (dunno if tuneup will do this, I think i used something else) to overwrite all free space. It's the same as wiping a file, but it applies to all unused disk space. Do this (100 iterations). Defrag. Do it again, defrag again.

Seems pointless/repetitive, right?

Do that, then download some data recovery tools. In all my tests I did (testing dozens of data recovery tools) - after taking these steps, I couldn't recovery any part of any delete file. Use that as a base, then add your own procedures as you go.

Eventually you might end up with something that can only be defeated with hardware recovery methods.

On a different note, don't underestimate your local law enforcement. I remember seeing some really impressive tools that my local authorities used years ago (software I'm sure costs tens or hundreds of thousands of dollars).

To add to all of it, chain a couple proxies together (to connect to web-based proxies). Then you won't be doing DNS lookups locally (so there's less chance of hostnames being logged locally, or at your ISP). To go the extra step, buy a vpn with a throwaway CC (witopia's like $30 a year, 5 different IP addresses, good speed, awesome uptime).

Haven't read the entire thread, didn't proof read post. Too lazy to do either.

I'm fairly sure microsoft has even released a few tools that exploit (or at least work really really close to) windows to get all personal info out of it.

Bottom line: If you want security, don't use windows. Use GNU/Linux or BSD. Those are both free software operating systems, and you can count on them not to be backdoored.