Tuesday, May 11, 2010

Printer forensics

Typically, printers not attached to computers with built-in hard drives have proprietary software running, usually of the Linux or Unix flavor. If a user has another Linux or Unix computer on that network, he might be able to see one or more volumes at that IP address, and perhaps copy those files.

Computer forensic examiners who have processed a few of these type printers pulled the hard drives and imaged them the old-fashioned way. Analysis of the hard drives in the scanner/copiers found full copies and fragments of many of the documents that had been scanned.

Some other interesting info I ran across:

"Researchers at Purdue University have developed a method that will enable authorities to trace documents to specific printers, a technique law-enforcement agencies could use to investigate counterfeiting, forgeries and homeland security matters. The technique uses two methods to trace a document: first, by analyzing a document to identify characteristics that are unique for each printer, and second by designing printers to purposely embed individualized characteristics in documents. The technique currently focuses on laser printers but eventually will be expanded to inkjet printers, said Edward J. Delp, a professor of electrical and computer engineering at Purdue."

Full article here:

http://www.scienceblog.com/cms/node/4363

No comments: