edge051208
On the homepage
NewsBreak
Out There
CWTC Beat
Reusse/Souhan
He's CSI: Cyberspace
Jason Bergerson leads a successful business ferreting out thieves who skulk in hard drives instead of back alleys.
Print this story
E-mail this story
Save to del.icio.us
Share on Facebook
Share on Digg
Minnesota business by the numbers
See Minnesota's top earning companies, CEOs and non-profits
More from Business
In the movies, a corporate insider secretly transfers millions of dollars to a Swiss bank account via computer, then cleverly covers his tracks.
But Jason Bergerson, of computer search firm Kroll Ontrack in Eden Prairie, is a data detective who finds the tracks that corporate computer thieves leave behind. He knows how people can hide, copy or destroy data that's stored on the hard disk of a desktop PC, laptop or corporate server.
This Tuesday and Wednesday, he'll be sharing those secrets with attendees at the Secure360 regional computer security conference at RiverCentre in St. Paul. Bergerson, a senior computer forensics engineer (one who finds digitally stored legal evidence), says this is what you need to know if you want to be a data detective:
At the simplest level of theft, computer users copy sensitive computer files to their PCs, duplicate that data to a CD or a flash drive they can take home, then erase files from their PCs. But they haven't erased enough, Bergerson said. The computer's registry file will show that external storage devices have been attached to the PC, and traces of the deleted files will be left on the PC's disk drive.
More sophisticated insider thieves may not try to erase illicit information from their PCs, but instead conceal that they have it, Bergerson said. They can do that by changing the names of files, or by password-protecting certain file folders. Sharper thieves may take concealment a step further by partitioning, or subdividing, the hard disk so information can be stored in a hidden corner of the disk.
But changed file names don't alter what the file looks like inside, so searching for specific types of files will reveal their presence, he said. A password-protected file can often be cracked by scanning the rest of the disk for other passwords or the types of personal information people often use as passwords. A partition, once discovered, is easily breached, he said.
Very adept computer thieves may use encryption software to encode incriminating files so that they can't be read by others, or erase the disk with a "file shredder" program that overwrites illicit data with random numbers, Bergerson said. Those techniques are almost show-stoppers for a data detective -- but not quite. The very presence of encrypted files or a disk filled with random numbers points the finger of suspicion at the person using that PC.
"A lot of times the things we find tend to loosen people's tongues," Bergerson said. "If we can say there's an indication you've been doing these things with your PC, a person often begins to think about minimizing their own personal damages."
Steve Alexander • 612-673-4553
Recent Business stories
Urban Outfitters net income rises in 3rd quarter, boosted by sales growth at Anthropologie - May 11, 2008
Urban Outfitters net income rises in 3rd quarter, boosted by sales growth at Anthropologie - Apparel retailer Urban Outfitters Inc. said Thursday profit rose 5 percent, as higher sales at its Anthropologie chain helped offset weaker results at its Urban Outfitters and Free People stores. More
- Witness: Petters gave 'ridiculous' excuses for not paying bills
- Hecker demands that documents be returned
- Fed: banks need customer consent on overdraft fees
- Plymouth company plowing to profit
- Ex-ESPN worker says she never stalked Phillips
- Alliant Techsystems CEO steps down for personal reasons
- Accountant: Petters execs misused investor cash
Blog: Patent Pending
Meanwhile, in Wisconsin....
As you read this blog entry, angel investors and start-ups are flocking to Madison, Wisconsin for the annual Wisconsin Early Stage Symposium and the Mid West Health Care Venture forum.
Comment on this story | Be the first to comment | Hide reader comments