Best Buy's GeekSquad Employees paid by FBI as Informants

[mynameisjuan]

11 minutes ago, AngryBeaver said:

Actually when it comes to the PC side of thing... it is possible to see it was planted. Chances are I can tell you EXACTLY when the data was added. If it was added while the machine was in the shops custody then that is pretty easy to say... oh wow this was planted.

 

You should do some research on what is possible via Computer Forensics and E-discovery. 

Unless auditing is enable, no you cant tell when a file is actually created. Both linux and windows have commands to alter creation dates and without the auditing service up, you will never know the actual creation date. 

[Ryujin2003]

Geek Squad didn't have a partnership with the FBI. The FBI doors pay a reward to people who provide tips and stuff, but Geek Squad agents shouldn't take any reward money.

I have come across stuff of this nature in my time as well. Open a file to make sure the same number of contents are in the copied material, and the content in question is right there. Or it's been a screensaver of all things, it even a wallpaper.

 

The issues in aware of haven't been from people digging through folders, but instead from being easily accessible by anyone. Pure laziness keeps that kind of content as a wallpaper, screensaver, or web homepage.

 

I'm sorry, but someone who consumes that kind of material and gets caught cannot blame anyone else. If privacy was important, you wouldn't trust anyone else with your data.

 

Geek Squad doesn't work with FBI, DHS, IRS, or any other federal organization. Anyone, geek squad or otherwise, had a moral obligation to report child abuse, especially if it's sexual in nature.

 

1 hour ago, Zodiark1593 said:

I wonder if said "criminal content" includes copyright infringement stuff too? I wouldn't put it past the MPAA to pay Best Buy to disclose the identy of anyone with infringing material on their PCs.

No, no one cares. Child pornography is pretty much the only thing feared when working on someone else's computer.

 

Copyright infringement means that they won't help you set up torrent software or install software that isn't either opensource or licensed. As in, they won't install that pirated copy of Assassin's Creed Origins, but will install GIMP, Steam, and MS Office.

 

And again, there isn't a contact between Best Buy or Geek Squad. U think they should have a corporate rule preventing their employees from accepting payment from the government for that type of activity. You report it because it's fucking wrong to exploit children, not because you want to make a buck.

 

And no, there isn't evidence planting either. Someone mentioned it earlier.. just... No..

 

[AngryBeaver]

1 minute ago, mynameisjuan said:

Unless auditing is enable, no you cant tell when a file is actually created. Both linux and windows have commands to alter creation dates and without the auditing service up, you will never know the actual creation date. 

Also wrong. If you are using actual forensic software like say Encase... then you can recover this information. If you made the change while on the actual machine... then I can find the change by digging in to the ntuser file. If you tried to modify the file and copy it to the machine.... then I can see when it was copied.

 

So no, if you make a change to a file there is going to be a record to it. With how windows works and how information is stored in unallocated spaces... unless you go through some really involved steps it will be easily seen. Even the steps I am suggesting have ways to be detected... it just means you can't detect the actual files tamper date, but you would see overall signs of tampering which would still flag the evidence 

[Drak3]

16 minutes ago, AngryBeaver said:

Chances are I can tell you EXACTLY when the data was added. If it was added while the machine was in the shops custody then that is pretty easy to say... oh wow this was planted.

Assuming that the computer is set to the correct date and not connected to the internet. If neither of those things are true, and a Geek Squad employee will definitely know to do that, it's basically impossible to prove that its a plant.

 

19 minutes ago, AngryBeaver said:

You should do some research on what is possible via Computer Forensics and E-discovery. 

Not as much against a half competent technician as one would think.

[AnonymousGuy]

*if* i had child porn I'd have that shit encrypted and locked down so fucking hard.  What kind of rookie sends it to a minimum wage geek squad guy?

[AngryBeaver]

4 minutes ago, Drak3 said:

Assuming that the computer is set to the correct date and not connected to the internet. If neither of those things are true, and a Geek Squad employee will definitely know to do that, it's basically impossible to prove that its a plant.

 

Not as much against a half competent technician as one would think.

Even if you changed the date/time and had no connection it is STILL possible to easily discover that.

 

On top of that we are talking about taking steps that NO employee is going to have the time or ability to do in such a public setting on the job. So now we are getting outside the realm of what is realistically possible in that scenario. So yes, they could technically attempt to tamper with data to plant data, but it would be detectable that these type of activities took place and it would not be something they could realistically pull off while at work in a public setting.

 

Also if they messed with anything while the users machine is on there will be a record of it in the ntuser file. If they hook the drive up to another machine to tamper with it... then there will be markers from the machine used for the tampering.  These are only a few easy ways to discover the tampering and there ARE others.

[GilmourD]

I once was a witness in a case where a guy brought a computer to the CompUSA where I worked at it was FUCKING LOADED TO THE GILLS with kiddie porn. Dude had so much on there that Windows couldn't even create a swap file. I hope he's still getting wrecked in prison 17 years later. Seeing what was on there just destroyed my idea of humans being innately good.

[Brooksie359]

5 hours ago, Windows7ge said:

I remember reading a story about a year ago. A older man's computer stopped working so he brought it to a repair shop. Upon getting the system working again the tech discovered that he had child pornography on it. The repair shop reported him and he was arrested.

 

I'm not sure what makes me feel worse. His repulsive habit or his idiocy.

Honestly if they are getting paid for finding this stuff then what is going to stop them from planting evidence. Not saying that's what they did but saying it is completely impossible. In any event I guess I won't be going to geeeksquad for computer repair if they are just going to have a clause in their agreement saying they can do whatever they want with my data. I mean I don't think the agreement says anything about the data having to be illegal to not be confidential.

[Zodiark1593]

2 hours ago, GilmourD said:

I once was a witness in a case where a guy brought a computer to the CompUSA where I worked at it was FUCKING LOADED TO THE GILLS with kiddie porn. Dude had so much on there that Windows couldn't even create a swap file. I hope he's still getting wrecked in prison 17 years later. Seeing what was on there just destroyed my idea of humans being innately good.

Unfortunately, you've probably seen the not-so-intelligent kind of crook.

 

Given the availability of public wifi, cheap PCs for Linux, encryption, and large, easily destroyed media (MicroSD), the more crafty of these sick folk are probably never going to be caught.

[Tsuki]

am i the only one whos known about this for the better part of a decade..?

i honestly thought this was common knowledge, and only one of the many reasons you shouldnt ever take your computer there

[GilmourD]

10 minutes ago, Tsuki said:

am i the only one whos known about this for the better part of a decade..?

i honestly thought this was common knowledge, and only one of the many reasons you shouldnt ever take your computer there

As a computer technician myself my reason for never suggesting anybody bringing their computers to the Geek Squad is that they usually can't even find the power button let alone fix stuff.

If you're worried that they're going to narc you to the FBI... Maybe you're doing some shady shit.

[Ryujin2003]

3 hours ago, Brooksie359 said:

Honestly if they are getting paid for finding this stuff then what is going to stop them from planting evidence. Not saying that's what they did but saying it is completely impossible. In any event I guess I won't be going to geeeksquad for computer repair if they are just going to have a clause in their agreement saying they can do whatever they want with my data. I mean I don't think the agreement says anything about the data having to be illegal to not be confidential.

Apparently BB has a policy against accepting the money from FBI. They the legal and moral responsibility to report it. But also are not supposed to accept the money. BB will likely investigate, and force the employee to return it or fine them (and then return it again). The information is confident, unless there is certain illegal aspects. Geek Squad Repair Agents are not lawyers nor religious figures. They have an obligation to report certain things. The only thing I've ever known them to report is child exploitation... The majority of which was obviously found without the need to dig through files and other personal information.

And the clause doesn't state they can do whatever they want with your data. The only time your data is touched and any legal issues occur is when you actually sign the data transfer agreement. This comes into play for transfer across devices, hard drives, etc...  Otherwise, basic anti-virus removal and stuff doesn't require them to touch any data. Again, the only caveat is having child exploitation photos and stuff as a background or screen saver (which has been seen).

 

58 minutes ago, GilmourD said:

As a computer technician myself my reason for never suggesting anybody bringing their computers to the Geek Squad is that they usually can't even find the power button let alone fix stuff.

If you're worried that they're going to narc you to the FBI... Maybe you're doing some shady shit.

(Not trying to vouch for Geek Squad here,but...) Not every employee at Geek Squad is an ass-hat. I've recommended some people go to Geek Squad. These are the same people that go to Jiffy Lube because they don't know a thing about cars. Geek Squad has warranties on work and hardware. Geek Squad will educate them. I will help out friends, I will not help out everyone else. I don't have time for that, don't get paid enough beer either. I give my recommendations to only 2 friends I have that work there because they know their stuff, and have the unfortunate pleasure of working at Geek Squad because previous companies or employment opportunities went under and they needed a job to support their families. They make well above minimum wage, have healthcare for their families, etc... Yes, every job has their tool-bags, but I don't think Geek Squad is filled with them.

 

The ones you see up front ARE NOT the ones that do the repairs. They do NOT have to have any repair capabilities. They are NOT required to have background knowledge on a large list of tech. They are customer service oriented. The smart ones generally hide in back doing their jobs. Those are the ones you should talk to if you or anyone you know end up going there.

 

Every "real"/"professional" mechanic will tell you to stay away from Midas, Jiffy Lube, Dealership mechanics, etc... because you get charged a lot more than if you did it yourself... But if you don't know how or refuse to learn how, then those places exist for a reason.

 

As for your last statement... Absolutely agree with you 110%. No one is going to report you for downloading movies or games.. Or even running pirated software. And if you have the type of content that makes you stop and wonder if you're doing something wrong.. You're doing something wrong.

[Brooksie359]

38 minutes ago, Ryujin2003 said:

Apparently BB has a policy against accepting the money from FBI. They the legal and moral responsibility to report it. But also are not supposed to accept the money. BB will likely investigate, and force the employee to return it or fine them (and then return it again). The information is confident, unless there is certain illegal aspects. Geek Squad Repair Agents are not lawyers nor religious figures. They have an obligation to report certain things. The only thing I've ever known them to report is child exploitation... The majority of which was obviously found without the need to dig through files and other personal information.

And the clause doesn't state they can do whatever they want with your data. The only time your data is touched and any legal issues occur is when you actually sign the data transfer agreement. This comes into play for transfer across devices, hard drives, etc...  Otherwise, basic anti-virus removal and stuff doesn't require them to touch any data. Again, the only caveat is having child exploitation photos and stuff as a background or screen saver (which has been seen).

 

(Not trying to vouch for Geek Squad here,but...) Not every employee at Geek Squad is an ass-hat. I've recommended some people go to Geek Squad. These are the same people that go to Jiffy Lube because they don't know a thing about cars. Geek Squad has warranties on work and hardware. Geek Squad will educate them. I will help out friends, I will not help out everyone else. I don't have time for that, don't get paid enough beer either. I give my recommendations to only 2 friends I have that work there because they know their stuff, and have the unfortunate pleasure of working at Geek Squad because previous companies or employment opportunities went under and they needed a job to support their families. They make well above minimum wage, have healthcare for their families, etc... Yes, every job has their tool-bags, but I don't think Geek Squad is filled with them.

 

The ones you see up front ARE NOT the ones that do the repairs. They do NOT have to have any repair capabilities. They are NOT required to have background knowledge on a large list of tech. They are customer service oriented. The smart ones generally hide in back doing their jobs. Those are the ones you should talk to if you or anyone you know end up going there.

 

Every "real"/"professional" mechanic will tell you to stay away from Midas, Jiffy Lube, Dealership mechanics, etc... because you get charged a lot more than if you did it yourself... But if you don't know how or refuse to learn how, then those places exist for a reason.

 

As for your last statement... Absolutely agree with you 110%. No one is going to report you for downloading movies or games.. Or even running pirated software. And if you have the type of content that makes you stop and wonder if you're doing something wrong.. You're doing something wrong.

Working on cars usually requires equipment of some sort so it really isn't the same tbh. I mean alot of problems with computers are simple fixes where as with cars there are some simple fixes but alot are either difficult to fix or require equipment that most people don't have.

[Ryujin2003]

38 minutes ago, Brooksie359 said:

Working on cars usually requires equipment of some sort so it really isn't the same tbh. I mean alot of problems with computers are simple fixes where as with cars there are some simple fixes but alot are either difficult to fix or require equipment that most people don't have.

Well, I think the comparison is still close. It doesn't take alot to do routine stuff like wiper fluid, radiator fluid, and oil change. Yes, I understand what you mean by the drastic stuff, but even on the diagnostics, many people don't know how to handle a BSOD or failing HDD, just as I couldn't diagnose a failing starter or serpentine belt issue.

 

The average person who goes to GS doesn't know the difference between a hard drive and RAM. They don't understand how the parts work, and don't understand how to do "simple" repairs. Yes, you don't need hydraulic tools to work on a PC, but many people still don't have the basic tools and understanding to change batteries in a wireless mouse or keyboard... Have you ever tried to guide an elderly woman over the phone with plugging in a simple USB keyboard? Or trying to get them to understand why they don't have VGA on their modern desktop they just purchased? "I have to buy a new monitor??" You'd be surprised. I'm sure we have a thread for those IT moments.

[Canada EH]

I bet BestBuy Geek Squad installed spyware as well.

Send em to jail!!!!

[leadeater]

10 hours ago, coasterghost said:

I am honestly, not that shocked at all in the actions of the FBI nor Geeksquad, I am however more than surprised by the way that Geek Squad seems to proactively search for this, while covering them selves completely for any thing plausible.

Such waivers and exclusion from liability is fairly standard affair for computer repair, nothing odd about that part. The other section about signing away your legal options is odd but I wouldn't expect that to hold up at all if it were a valid case, signing something like that isn't actually as rock solid as would be believed especially when your choice is either sign and get your device repaired or not sign and not get it repaired (without the cost of going to a 3rd party).

 

10 hours ago, coasterghost said:

But some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material. For example, the image found on Rettenmaier’s hard drive was in an unallocated space, which typically requires forensic software to find. Other evidence showed that Geek Squad employees were financially rewarded for finding child pornography. Such a bounty would likely encourage Geek Squad employees to actively sweep for suspicious content.

Well that depends completely on the fault description given by the customer, data recovery tools aren't special forensic software that's just uneducated crap from a reporter who doesn't know what they are talking about . Forensic data recovery comes in at the point where you've done a multiple full bit erase and/or damaged the disk controller.

 

Running data recovery software for a computer tech is rather common.

 

The financial incentive is the real issue, though I personally have zero objection to any computer repair company running a scan for illegal content such as that before carrying out any work and if found reporting it. Thing is that evidence alone shouldn't be enough to prosecute as it wasn't collected properly i.e. by someone in law enforcement or contracted by. Chain of evidence issue etc etc.

[Brooksie359]

14 minutes ago, Ryujin2003 said:

Well, I think the comparison is still close. It doesn't take alot to do routine stuff like wiper fluid, radiator fluid, and oil change. Yes, I understand what you mean by the drastic stuff, but even on the diagnostics, many people don't know how to handle a BSOD or failing HDD, just as I couldn't diagnose a failing starter or serpentine belt issue.

 

The average person who goes to GS doesn't know the difference between a hard drive and RAM. They don't understand how the parts work, and don't understand how to do "simple" repairs. Yes, you don't need hydraulic tools to work on a PC, but many people still don't have the basic tools and understanding to change batteries in a wireless mouse or keyboard... Have you ever tried to guide an elderly woman over the phone with plugging in a simple USB keyboard? Or trying to get them to understand why they don't have VGA on their modern desktop they just purchased? "I have to buy a new monitor??" You'd be surprised. I'm sure we have a thread for those IT moments.

Yes but the difference is people who do know about cars still go to places like jiffy lube or valvoline. I mean most car enthusiasts wouldn't because they are likely to have to tools to do what they want on their car. But you don't need to be a car enthusiasts to know about cars. I mean do I know how to do an oil change? Yes but not without a ramp or lift so I still go to valvoline for oil changes. 

[Selah]

As someone that's worked in the school system with a secondary capacity to protect children from being victims of child pornography I find it laughable that anyone thinks the fbi goes to lengths to impugn innocent people when there's hundreds of predators discovered in a single quarter.

Pedo's

 

edit: OH NO MY PRIVACY. HOW ELSE WILL I HIDE MY ILLEGAL PORN!?!?!?!?

[Canada EH]

Subway spokes person is doing a long term fed bit at the bed and breakfast. Probably house their kind all in the same area.

 

[LAwLz]

As I wrote last year when this was reported, I think this is terrible practice that should stop.

 

1) Why is the FBI training and incentivize people to search through the private files of other people? Like the article says (but not the OP), Geek Squad employees gets paid between 500 and 1000 dollars for each report they submit. I would not be surprised if some employees are willing to planted evidence on hard drives if they get paid 1000 dollars to do so.

 

2) You need a warrant to do this kind of search. You are not allowed to look through the private files of someone in order to find for example evidence for a crime. So the FBI is using Geek Squad as a proxy to get around the legal requirement for a warrant.

 

As for you "allowing GeekSquad" to look through your personal files when you hand them your computer, I can kind of get that argument, but GeekSquad is actually looking at deleted files by hand. It's one thing to start the computer and see something on the desktop or whatever, but it's completely different to be instructed to, and get paid, to look through deleted files in an attempt to find things.

 

 

11 hours ago, AngryBeaver said:

Even if you changed the date/time and had no connection it is STILL possible to easily discover that.

 

On top of that we are talking about taking steps that NO employee is going to have the time or ability to do in such a public setting on the job. So now we are getting outside the realm of what is realistically possible in that scenario. So yes, they could technically attempt to tamper with data to plant data, but it would be detectable that these type of activities took place and it would not be something they could realistically pull off while at work in a public setting.

 

Also if they messed with anything while the users machine is on there will be a record of it in the ntuser file. If they hook the drive up to another machine to tamper with it... then there will be markers from the machine used for the tampering.  These are only a few easy ways to discover the tampering and there ARE others.

Please describe to me how you would go about discovering if I had planted something on a customer's computer.

Here is how I would do it (if I was a scummy human being looking for some quick cash): Boot another OS from a USB drive, write a incriminating file to the disk with a fake timestamp and then delete it.

After that is done, I would start up the FBI provided data analysis tools, run it and then report that it detected the incriminating file.

 

Before you say that it is somehow detectable that another OS was booted, please remember that doing so is very common for data recovery and diagnostics and does not in any way suggest that it had been tampered with. I could also just reset the BIOS (also standard procedure).

[mynameisjuan]

15 hours ago, AngryBeaver said:

Also wrong. If you are using actual forensic software like say Encase... then you can recover this information. If you made the change while on the actual machine... then I can find the change by digging in to the ntuser file. If you tried to modify the file and copy it to the machine.... then I can see when it was copied.

 

So no, if you make a change to a file there is going to be a record to it. With how windows works and how information is stored in unallocated spaces... unless you go through some really involved steps it will be easily seen. Even the steps I am suggesting have ways to be detected... it just means you can't detect the actual files tamper date, but you would see overall signs of tampering which would still flag the evidence 

Dude I used to have to run in-depth audits and have training on it. There are ways to get around the system, not everything is logged. 

[AshleyAshes]

4 hours ago, LAwLz said:

Please describe to me how you would go about discovering if I had planted something on a customer's computer.

Here is how I would do it (if I was a scummy human being looking for some quick cash): Boot another OS from a USB drive, write a incriminating file to the disk with a fake timestamp and then delete it.

After that is done, I would start up the FBI provided data analysis tools, run it and then report that it detected the incriminating file.

 

Before you say that it is somehow detectable that another OS was booted, please remember that doing so is very common for data recovery and diagnostics and does not in any way suggest that it had been tampered with. I could also just reset the BIOS (also standard procedure).

It would be important to note that -all of this- would require you to have searched out, downloaded, and archived child pornography, which you then have to transport into your workplace so as to even place it on your target computer.  Oh and you're going to either have a large collection of child pornography or be continuously cycling stuff in and out if you want to pull this off more than once, cause the FBI will very quickly notice if everyone you point the finger at has the SAME porn collection EVERY TIME. This ups the risk vs reward significantly.  Honestly, 'putting false evidence on someone's computer' would be the LEAST criminal part of the whole operation.

 

Like, much less significant example using myself, I work in the film industry, I have access to content that some individuals would likely pay to have access too, movie news leak sites, pirates, ect, but the cash reward pales in comparison to the potential reproductions: Getting blacklisted from my ENTIRE industry and possibly getting sued.  If one wants to stuff a PC full of child porn, you instead put yourself at risk for years and years of prison time and the employment challenges you could face afterwards as a convicted felon and registered sex offender.  I'm not saying no one would ever do it, but we're talking about something that is NOT as simple as 'Copy some files, call the cops, get money'.  Especially when the FBI's goal is not just 'Arrest guy with child porn' but 'Find out where the child porn came from and get to the root producers and distributors'.  In this case, you would be part of that chain of people the FBI would be looking for.  There's literally NO way to do it without getting your own hands incredibly dirty in the process.

 

Finally, if you are smart and skilled enough to covertly download child porn and not leave any evidence on those servers or such that you can't be hunted down from that alone, then you regularly and discretely transport that porn into your place of employment, you then convincingly and without any flaw install that data onto a computer so that it looks as if it was placed there days or weeks ago instead of only hours ago; Why the fuck are you working at GeekSquad?

[Energycore]

21 hours ago, AshleyAshes said:

Yes, because the kind of people who take their stuff to Geek Squad for repairs are tuned into ALL the latest tech news and goings ons...

Who cares if they are, you can market this news to them. It's an amazing opportunity for repair shops to snatch customers from the already subpar service of GS

[AngryBeaver]

4 hours ago, LAwLz said:

As I wrote last year when this was reported, I think this is terrible practice that should stop.

 

1) Why is the FBI training and incentivize people to search through the private files of other people? Like the article says (but not the OP), Geek Squad employees gets paid between 500 and 1000 dollars for each report they submit. I would not be surprised if some employees are willing to planted evidence on hard drives if they get paid 1000 dollars to do so.

 

2) You need a warrant to do this kind of search. You are not allowed to look through the private files of someone in order to find for example evidence for a crime. So the FBI is using Geek Squad as a proxy to get around the legal requirement for a warrant.

 

As for you "allowing GeekSquad" to look through your personal files when you hand them your computer, I can kind of get that argument, but GeekSquad is actually looking at deleted files by hand. It's one thing to start the computer and see something on the desktop or whatever, but it's completely different to be instructed to, and get paid, to look through deleted files in an attempt to find things.

 

 

Please describe to me how you would go about discovering if I had planted something on a customer's computer.

Here is how I would do it (if I was a scummy human being looking for some quick cash): Boot another OS from a USB drive, write a incriminating file to the disk with a fake timestamp and then delete it.

After that is done, I would start up the FBI provided data analysis tools, run it and then report that it detected the incriminating file.

 

Before you say that it is somehow detectable that another OS was booted, please remember that doing so is very common for data recovery and diagnostics and does not in any way suggest that it had been tampered with. I could also just reset the BIOS (also standard procedure).

Because I can see the signatures on the file. I can see which OS it was created on. So while booting a USB OS isn't suspicious.. if I look at the file and see it was created from that drive at a time it was in your possession.... well lets just say you will be going to jail for a good long time.

 

You forget that there are issues with these machines being in an area where there will be traffic from other employees... so opportunity isn't great, there is a reward that does give an incentive to consider doing this, but then the consequences of this action far out weight the small financial gain there is to be had. On top of that this IS something that any decent Computer Forensics expert can see.

 

If planting evidence was that easy and untraceable then the information pulled from a PC would not be admissible in court... and even still there are very strict guidelines in place for the forensic's expert to take to ensure the validity of the file. They have to prove it is legitimate and build a story around it, so they would easily discover the attempted tampering and then would easily be able to track down the person responsible.

 

 

*edit* forgot to give a scenario. Also I haven't been in Forensics/E-disovery for a few years. My current position requires it rarely depending on what is going on, but it isn't a active part of my life anymore.

 

That being said...

 

I tend to use encase or nuix for most tasks.

 

I would generally pull the drive and hook it up to a write-blocking port. Depending on whether or not the drive is encrypted at least. Then once in the drive I would do a detail scan of the drive looking for certain files/terms/etc for the scope I have been given. When I find the files, I will look at creation time, modified time, etc... after this I will then pull up the meta data and compare that to the file. Does the footprint match the current machine? No, well where did it come from. What information can I find on the meta data to help me pinpoint creation time. I can see the file was moved into unallocated space at a certain time.. thanks to how the hard-drive stores data to retrieve and index the files. So I can now see the file was actually deleted at a time it was not in the user custody.

 

Now I need to build my story and put together the case. I now know that the information was NOT deleted by the owner. I can also see that the meta data for the file does not match his machine and that someone has tried to obscure the time stamps. So going off that information I can see that whoever touched the file on the dates of X at around Xyz is going to be the person we need to bring in for questioning.

 

In the end this could turn really ugly. Chances are we could charge the geek for looking at child pornography. Which would be what he deserved in this circumstance.

[LAwLz]

4 hours ago, AshleyAshes said:

It would be important to note that -all of this- would require you to have searched out, downloaded, and archived child pornography, which you then have to transport into your workplace so as to even place it on your target computer.  Oh and you're going to either have a large collection of child pornography or be continuously cycling stuff in and out if you want to pull this off more than once, cause the FBI will very quickly notice if everyone you point the finger at has the SAME porn collection EVERY TIME. This ups the risk vs reward significantly.  Honestly, 'putting false evidence on someone's computer' would be the LEAST criminal part of the whole operation.

 

 

Finally, if you are smart and skilled enough to covertly download child porn and not leave any evidence on those servers or such that you can't be hunted down from that alone, then you regularly and discretely transport that porn into your place of employment, you then convincingly and without any flaw install that data onto a computer so that it looks as if it was placed there days or weeks ago instead of only hours ago; Why the fuck are you working at GeekSquad?

Oh yeah, absolutely. Getting the files onto the client's computer would be the least criminal part of things.

I was just saying that it isn't hard to plant evidence if you wanted to.

 

Also, I think you're underestimating people, or maybe FBI are overestimating people.

If the customers at GeekSquad have been able to covertly download child porn (if they didn't then the FBI wouldn't have to teach and insentience GeekSquad) then I would assume that the people working at GeekSquad could do so too.

 

 

3 hours ago, AngryBeaver said:

Because I can see the signatures on the file. I can see which OS it was created on. So while booting a USB OS isn't suspicious.. if I look at the file and see it was created from that drive at a time it was in your possession.... well lets just say you will be going to jail for a good long time.

Sure buddy...

 

3 hours ago, AngryBeaver said:

Then once in the drive I would do a detail scan of the drive looking for certain files/terms/etc for the scope I have been given. When I find the files, I will look at creation time, modified time, etc...

You mean the information that is super easy to modify?

 

3 hours ago, AngryBeaver said:

after this I will then pull up the meta data and compare that to the file.

What metadata do you compare to what file exactly?

 

3 hours ago, AngryBeaver said:

Does the footprint match the current machine?

What footprint exactly? Come on, stop being so vague.

 

3 hours ago, AngryBeaver said:

I can see the file was moved into unallocated space at a certain time.. thanks to how the hard-drive stores data to retrieve and index the files. So I can now see the file was actually deleted at a time it was not in the user custody.

You know, all the time stamps created by a computer are not created by magic. They are either created based on the OS clock, or the BIOS clock, both which are easy to just change to the day before. And like I said earlier, you can just wipe the BIOS once you're done.

 

Besides, time stamps for when files were deleted requires directory auditing to be on. NTFS doesn't keep track of that, and if you are booting from a USB drive any kind of logging would be isolated to that drive, which you are obviously not going to hand over (assuming you even had it turned on).