[blearghhh]

Good point, but modern Windows OS's don't update NTFS file access times any more (for performance reasons). However, other things can happen when a drive is mounted (e.g. Recycle Bin might be created for the current user.) Personally, I would use "dd" under Linux to make a byte-for-byte copy of the drive, without mounting any partitions. I wouldn't risk connecting the original drive to a Windows PC, because of auto-mounting and the possibility of writing to the drive and overwriting data (as you said).

According to a computer security guy I spoke to at length once, it is absolutely essential under the commonly accepted rules for evidence that no changes whatsoever be made to the original disk. Doing so means that it's basically inadmissable for evidence.

Labs have specialized hardware that you hook your drive up to and it automatically makes a bit for bit copy of everything on a new drive, while preventing writes to the drive at the lowest level, so you can document that you've never made any changes to any information on there.

Then you use your forensics software to examine the information on the drive image and do whatever to it.

 

[dforthandbview]

Why is Ford saying he can't comment because it's before the courts? He hasn't been charged with anything.

 

[CN Tower]

CN Tower:

You mean Rob? I agree - he is a farce.

AoD

Both he and the lynch mob.

McGuinty is far worse. Should be jailed.

 

[guitarchitect]

Come on Mihevc, you can do better than an email blast. This calls for a Robo Call campaign!!!

 

[Peepers]

Just got this email blast from Mihevc:

Friends,

This is a sad day for the City of Toronto. As a Torontonian, and as a City Councillor for more than 20 years, it pains me to see the City of Toronto in the situation we currently face, and to see Council and the City of Toronto cast in this light on national television.

It is very unfortunate that the City and its residents have once again been thrown into such a state of uncertainty.

The Mayor of Toronto has a profound credibility problem. He is going to have to face Torontonians, and Council.

Our City deserves better.

Sincerely,

Councillor Joe Mihevc

This is b.s. As a lefty Mihevc must be absolutely ecstatic today and he expects us to believe that this "pains him".

 

[voxpopulicosmicum]

Stephen LeDrew is so, so stupid. So stupid.

You do know he has Down's Syndrome, right?

Dontcha feel like an asshole? That brave little guy has overcome quite a bit in his life.

 

[guitarchitect]

Both he and the lynch mob.

McGuinty is far worse. Should be jailed.

What the fuck does this have to do with McGuinty?? Like where does that even come up or fit into this?

 

[PinkLucy]

Why is Ford saying he can't comment because it's before the courts? He hasn't been charged with anything.

It's a convenient excuse and he probably thinks it's a legitimate "legal" statement to make. Or his hotmail lawyer told him to say it.

 

[AlvinofDiaspar]

This is interesting:

nEVILle park ‏@neville_park 5m

Anyway, I thought that was interesting. The police add that he's clearly trying to use his influence to get confidential info. #RFpoli

nEVILle park ‏@neville_park 7m

The plate # he took down was 1 letter off (surely a mistake) from the one following him, Lisi & Mandalero a few days before. #RFpoli

nEVILle park ‏@neville_park 7m

…but the police can't give it out because it's confidential. Ford gets mad, makes no further attempt to follow up w/cops. #RFpoli

nEVILle park ‏@neville_park 9m

The Mayor's staff and the police play phone tag a lot. The Mayor wants the registration info for the plate number he took down… #RFpoli

AoD

 

[Lansdude]

Both he and the lynch mob.

McGuinty is far worse. Should be jailed.

This thread isn't about McGuinty, brah. U mad?

 

[detroitbootybass]

Interesting that its mainly the right wingers on council who have been calling for his resignation. I take it that the left wants to say so but it could come off as opportunistic.

It's a common, unwritten rule of politics that you don't interfere when your opponent is digging his/her own grave.

 

[khris]

He said the contents of the video are what was reported by the media. He didn't say Ford was smoking crack on it, but he strongly implied it.

Not to mention how he said this is a sad day for Toronto and that he's disappointed.

 

[detroitbootybass]

What the fuck does this have to do with McGuinty?? Like where does that even come up or fit into this?

Classic case of 'deflection'.

 

[guitarchitect]

This is b.s. As a lefty Mihevc must be absolutely ecstatic today and he expects us to believe that this "pains him".

I don't know if you noticed, but he's been a city councillor for 20 years. Do you really think he held the job for so long because he dislikes the City of Toronto? You really think he's happy for the City that this shit is happening?

 

[anonymoose]

According to a computer security guy I spoke to at length once, it is absolutely essential under the commonly accepted rules for evidence that no changes whatsoever be made to the original disk. Doing so means that it's basically inadmissable for evidence.

Labs have specialized hardware that you hook your drive up to and it automatically makes a bit for bit copy of everything on a new drive, while preventing writes to the drive at the lowest level, so you can document that you've never made any changes to any information on there.

Then you use your forensics software to examine the information on the drive image and do whatever to it.

Yeah, makes sense that the law would require a much higher standard for preventing changes the original evidence. What I described would be okay for recovering someone's funny cat pics (on the cheap), but not for recovering evidence to be used in a criminal trial.