FBI Seizes Datacenter

Print Friendly

The FBI raided a Dallas carrier hotel Thursday and seized equipment from data center space operated by Core IP Networks. Agents armed with a search warrant appear to have confiscated all the servers in the facility, which houses gear for about 50 businesses.
Datacenterknowledge.com

This is a great example of what the future holds for digital forensics in the live vs dead concepts. For those who do not know, dead forensics involves taking a system down and performing an analysis in a controlled environment. Typically such systems are imaged, and work is performed on copies of the disk images ensuring no damage can come to the data. The problem comes in when it isn’t Alice’s house getting raided, but instead Bob’s data center where Alice stores her gear along with Carl, David, and Eve who are unrelated. If you take everything in sight you are using the military equivalent of a cluster bomb instead of a laser guided one. Sure you hit your target (well in this case they didn’t, Alice already left, so it was all civilian casualties) but you hit the school, the hospital, and _literally_ the e911 location service.

This is not even a bring in the analysts situation for acquisition. What they should have done, aside from remaining a little calmer and a little less lethal weapon, is go straight to the business operating the data center. They keep records for everything in their shop, they know who pays the bill. If they provide the network link they can trace the IPs, if they don’t they will at least have a record of what ISPs have installations where. If, after taking the extreemly difficult and technical precaution of asking, you still want to call in the analysts then go ahead; after identifying the what and where the data center can help you tap into the what at the where so the live analysis could proceed.

If they did want live analysis this tactic threw that away as soon as they powered down the systems – there is no feasible way they triaged all those systems before making off with them like the Grinch who stole Christmas. Had they plugged in they could have gotten a lot more information especially if it was a distribution server for movie downloads – such as who was currently downloading said movies. Knee jerk overreactions by law enforcement such as this harm, rather than help, investigations.

Posted in Digital Forensics, Law Tagged with: , ,
2 comments on “FBI Seizes Datacenter
  1. joe says:

    Wow.

    Wow.

    That’s just.. Wow..

    Who are they sending the bills for company downtimes? That must be in the hundreds of millions!

  2. Brian says:

    I can only imagine the sysadmins getting page bombed when everyone’s blackberry is silenced.