Skip to content

What Writer Wrote This Disc?

March 12, 2015
tags: , ,

A common question that comes up in many different ways is the idea that it is possible to tell what computer or disc writer created a specific disc.  There are some common misconceptions about this that can be cleared up and some interesting information for both users and forensic professionals.

Almost 20 years ago there was some discussion about “RID” or Recorder IDentification.  This mostly came from the introduction of stand-alone music recorder devices which could, in theory, be used to make copies of music discs and to record onto CD-R discs music from the radio and other sources.  This was the same level of concern that was introduced with DAT recorders.  The outgrowth of this concern led to a new category of CD-R discs, the “Music CD-R” and the requirement that all stand-alone recorders label discs with the device that created them.

As we can see today, most of this fuss was for nothing.  Stand-alone music recorders exist, but they are expensive and not all that much fun to use.  Yes, you have to buy special discs for them which hasn’t helped their adoption either.  Just like DAT recorders, they are a niche product and not used for piracy.

Well some manufacturers decided to implement RID-labeling of data discs as well for computer peripheral drives.  In our collection at InfinaDyne I believe we have two such drives out of around 50.  It wasn’t a popular thing to do and it wasn’t done in a consistent manner by manufacturers.

When DVD-R recorders finally made it to the consumer market, there was a standard in place to allow drives to mark the discs they wrote to in the Recording Management Data or RMD.  This was much better than the situation with CD recorders because at least from the beginning there would be only one implementation.  This standard was not mandatory, so different manufacturers were free to implement or not implement the marking of discs with the recorder that wrote them.  Just like with CD recorders, not very many manufacturers chose to mark discs with this identification.

The situation with DVDs is much like that with CDs in that the identification that is put on the disc has a drive serial number, but this is an internal, electronic serial number not the one that is printed on the outside of the writer itself.  There may or may not be a simple translation between the external serial number and the electronic serial number.  About the only way to make sure that a given writer identifies itself by a given number is to ask the writer what its serial number is and compare that to what is found on the disc.

What this means to the average consumer is that if they write a CD or DVD it is highly unlikely that there is any identification of the drive that wrote to the disc embedded in the disc itself.  If there is a serial number, it isn’t necessarily one that might be registered with the manufacturer, so even if this information is present on a disc, there may not be any way to track this back to the original owner of the writer – assuming the serial number was registered for warranty purposes.

CD/DVD Inspector today does not search CD-R discs for RID markings.  There are at least three different locations where RID information might be written and some of these cannot be easily retrieved – some drives will read these locations but others will not.  With DVD discs, the situation is quite different.  If the recorder identification is present in RMD field 1, it is displayed by CD/DVD Inspector’s Analysis tool.  If you aren’t using CD/DVD Inspector you may be able to find other tools which read and display RMD field 1 so you can determine if the writer is identified.

For forensic purposes, RID is extremely valuable when it is present on a DVD.  Unfortunately, most drives do not label the discs they wrote, so this helpful bit of information is not available.

Update: running through a sample of 103 DVDs 18 of these had Recorder Identification in RMD field 1.  The writers that were shown were Lite-On, Pioneer, Plextor, and Sony.  This is by no means an exhaustive test but it does tend to indicate that DVD RID marking is more prevalent than CD-R marking was.  There is some evidence that this is under software control as well as the writer, so some writing software may not follow the correct DVD writing process resulting in no RID marking.

Advertisement

CD and DVD Forensics

February 6, 2015

Back in 2006 I worked out a deal with a technical book publisher known as Syngress to get the book “CD and DVD Forensics” published.  It was an educational experience and a little exposure into the publishing world.

After eight years there is finally a second edition of this book coming soon.  No, it isn’t going to be published by Elsivier – they acquired Syngress late in 2006.  Their book selection process seems to be a little different than it was in 2006 and all I know is that we aren’t going to be working together.  The new book is likely to be available through Amazon unless big things change in the next month or so.

This new edition of the book is a complete rewrite of the original with lots of new material and somewhat of a new focus.  The original book had some requirements placed upon it by the publisher and while these made sense at the time, these requirements no longer exist.  A lot of the space in the first edition was dedicated to reference material for the CD/DVD Inspector product.  This has been changed to be more task-oriented than simply reference material and there is a lot less of it.  This does mean the new book is going to be about 1/3rd the pages of the first edition, but it doesn’t mean there is any less useful content.

As far as the content is concerned, there is more information about file systems than there was in the original book and I think the section about evidence handling is more useful.  There is also a new chapter about understanding hidden data on optical media.

Moving into the world of self-publishing means that there are a number of services that I get to work out for myself, such as a cover design, copy editing and reviewing.  If you would like to review the book, please contact me directly.  If you would like to be a “technical editor” for this second edition, please let me know as well.

I will be reaching out to some existing customers about bulk purchase of the new book but if you would be interested in finding out more about this, please contact me directly.  The likely publishing method for this will be print-on-demand as well as making the book available in various electronic forms, so if I can put together a large print run it will save all of those participating quite a bit over the standard pricing.

Email Sillies – Dumb Things I Get Sent To Me

January 20, 2015

I could write a long book on the State of the Art of Spam with plenty of examples.  Sadly, it is something that many people could probably benefit from reading.  Today I am going to address one small aspect of this subject because it annoys me more than anything else has in a long while.

Spam works because people get the idea that they are being offered something that is a good deal.  So, a few people out of millions that receive some ad jump on it and buy something.  It only works because the costs of sending millions of emails is nearly zero – assuming you aren’t paying someone thousands of dollars to do it for you.

But there are other types of emails that fall in the same category as spam but aren’t advertisements at all.  I’m ignoring the “click this link” malware distribution and that sort of thing.  Today I want to address the bogus offer emails that I see pretty frequently.  It starts out simply enough with an offer to buy something from my company:

‌‌Hello

Good day and how are you? I am writing from Ausparts Group in Australia to make a few inquiries.

  1. Do you ship overseas? I already know of a freight forwarder that will pick up my packages from your store. Their service is cheaper than that of any other courier, and they are effective in shipping my goods to me here in Queensland, Australia. Shipping time is estimated to be 3-4 days.
  1. I have used their services in the past, and it was splendid. Do you accept credit cards for payment? I have U.S. Visa and Mastercard. Send me a response with your contact details: email, website, and land and mobile phone numbers. Kindly let me know your answers to these questions before I send details about the items I am interested in purchasing from you.

Best Regards,

Barry Egan.

You will notice that at no time does Mr. Egan ever say what he wants to buy.  I am not sure if Ausparts Group exists in Australia, but I am pretty sure that there isn’t anyone named Barry Egan that works there.  This came from a Gmail address.

Think about this for a moment and you might get a little concerned.  What if you work for a company where lots of products are sold and the sales staff gets emails all the time from customers wanting to buy stuff?  Could one of these emails get taken seriously?

So what is the problem with this?  Well, from experience and many years of intensive spam training, the problem is going to be with the credit card.  What they want to happen is some bunch of stuff gets charged to a credit card and handed off to the courier service.  The credit card turns out to be fraudulent and the stuff gets sold off on EBay or Craigslist.  I am sure it never makes its way to Australia.  Of course, the seller gets stuck with the bill for this plus a chargeback fee for the bogus credit card.

Just for laughs I responded to one of these and said in an email that we had a product that would fit their needs just fine: recycled condoms.  Talk about yuk factor… Anyway, the reply said that a box of 50,000 recycled condoms was $1000 per box, so how many did they want?  I got a reply back that they would like to order five boxes of recycled condoms for a total of $5,000.  See, it is true that you can sell anything on the Internet.

We have dealt with logistics companies in our dealings with various customers before.  In all cases we ship to the logistics company’s location and they then deliver the package to the customer.  We have never had anyone come to pick up a package like what the email was proposing and I have never heard of anyone doing business like that.  So that should be the first thing right off that is a huge warning.

The lack of any real contact information is another red flag.  No “signature” with phone numbers or company information.  The email supposedly came from Gmail rather than a company email address.  All of these things say FRAUD pretty loudly.

The reason I get at least one of these a week is because people are falling for this scam – it works.  I have done searching on the web for other people posting information about this scam and I haven’t seen anything, so I thought I would post this.  It is a bit off topic, but I think it serves a useful function for people.  Please don’t fall for a scam like this.

If you run across this posting and find it interesting, please leave a comment or send me an email.  I might write some more about the email I get in the future if there is enough interest.

CD and DVD Forensics, the Book

January 12, 2015

Today at the office we got an inquiry about obtaining an “electronic” copy of the book CD and DVD Forensics.  I know that at one point Syngress was offering a PDF version of the book but I was unclear if Elsevier had continued sale of the book in that form or where it might be able to be obtained from.

Wow, was I ever surprised.  Doing a search for “CD and DVD Forensics” pdf netted 3450 results and nearly all of them are front-ends for a couple of different shady sites.  Very, very shady I might say.  They want you to register and provide a credit card to supposedly verify your address.  Since they don’t appear to be asking for an address to do AVS with, I don’t know how they are verifying anything because you do not “get” the address of the cardholder back from processing a charge – all you can do is confirm the address you have is OK.

No, I am not going to provide any credit card information in the interest of finding out if you do actually end up with a copy of the book or not.  I did find other less shady sites, some with dead links that I am sure Elsevier has stamped out.  Also a BitTorrent site link so I suspect Pirate Bay has the book for download.  But it is the “free book if you register” site that I find most interesting.

Understand that this is an eight year old book that sold around 2500 copies.  Pretty good for an obscure technical book on a fairly technical subject.  But it seems hardly worth pirating.  It just isn’t that interesting for the masses.  This would tend to indicate that every single more popular book is almost certainly available somehow.

It also would tend to indicate that the “free book if you register” (with a credit card!!!) stuff is probably bogus.  They probably have a listing of every single book on Amazon that they scraped off the Amazon site and when you finally navigate your way through the registration you find the book really isn’t available after all.  But they have your information, which is what the point of this is.

Oh, you can also purchase a PDF of the book directly from Elsevier for only a little more than Amazon charges for the hardcopy.  The Kindle version is $29.99.  And no, I have nothing to do with these prices.

2nd Edition

Many people have asked about this and I have decided that 2015 is the year for its release.  It will be a complete rewrite so not really a second edition of the first book.  This is because of copyright requirements.  I believe it will be sold on Amazon through their self-publishing service – it will not be offered through Elsevier.  The final details of the publishing will not be final until the book is released.

Conclusions

  1. Book piracy is probably rampant and there are enough people desiring free stuff to make it worth setting up bogus download pages to snag useful and profitable information.
  2. It seems like my book might be a bit more popular than the folks at Elsevier think.  I wonder how many people gave up their credit card number to maybe get a free copy?
  3. If you are committed to getting the book for free, or any book for that matter, please stay away from any site that wants you to register.  While I am not going to openly condone piracy here, I am going to say that there are straight-up piracy sites where the material is offered for free and there are those sites that are fronted by a criminal organization.  Let’s not help the criminals out, OK?

 

So you want a NAS?

December 12, 2014

The following is from some experiences I have had recently that I thought people would find interesting and useful.  This concerns a stand-alone box with disks in it as a purpose-built device that is supposed to be a “turnkey” NAS system.  I am not going to get into all the wonderful things you can do with Linux building your own NAS or NAS+other stuff machine.

The primary advantage of buying a box that someone else put together as a NAS is that you put disk drives in it (or even have it come with disks), plug it in and start moving files around.  It doesn’t take a lot of valuable time setting things up and it will integrate pretty nicely into most environments.  Also, based on my experience, unless you really want to do something extremely custom, you aren’t going to be locked in or limited in capabilities on your NAS device by buying a commercially produced one.

Another couple of advantages for a commercial NAS is size and power.  Yes, you can build up your own NAS in a variety of enclosures but you are unlikely to find any that are as small as the commercial NAS devices, most of which are simply a box for drives.  As far as power is concerned, the processor for these NAS devices is usually as small as they can get away with – with some exceptions – and have the provision to power down the drives when they are not in use, or not expected to be in use.  This probably is a small part of an office budget but can be an important difference at home.  Also, when the device is powered down it will be even quieter.

Early on, I purchased a small external drive case with a network connection.  This isn’t the sort of NAS device I am focusing on.  While this might meet your needs, it is a single drive with no redundancy – not very safe.  It was cheap (under $100) and it is still in use today, but not the point of this article.

My experience so far has been with two very good devices, one from Thecus and one from Synology.  These are both purpose-built NAS devices and are intended to be very flexible.  Both have Linux-based software with web applications for interfacing with the device and controlling it.  The Thecus has five drive bays, the new Synology has only four but things have changed over the years.  I also have a Synology box at home as well and this helped a lot with the decision to acquire another.

The specific devices I am talking about here are a Thecus N5200BR PRO and a Synology DS415+.  At home I have a Synology DS213j with two 3TB drives in a RAID 1 configuration.  The Thecus is being replaced by the DS415+ specifically because of some software issues.

When the Thecus was purchased it seemed like a pretty good choice at the time.  It had quite a bit of flexibility and would interface with a Windows AD environment for authorization.  It was configured with five 1.5TB drives in RAID 5 and has remained that way ever since.  The problem with Thecus is one of development philosophy.  They continue to offer new devices with (probably) enhanced capabilities but the Linux software on the box I purchased has been left as an orphan – no updates since 2009.  I certainly understand that not every company can build devices and continue to update the software – but the comparison with Synology is a valuable one.

The Synology box I purchased for home has had a steady stream of updated software since its’ acquisition in 2013 and from the list of devices that the software updates apply to it seems reasonable to expect continuing software support for years to come.  Clearly, Synology isn’t in the business of orphaning their hardware as Thecus is.  This is extremely important if you are planning on a turnkey NAS device with a great deal of flexibility.  Alternatively, if all you need is storage space on the network with no other capabilities, then almost any NAS device may do the job for you.

Obviously, I am a lot more impressed with the software support from Synology.  While I can understand the point of both companies is to produce and sell new hardware, these devices are expensive enough that you aren’t going to be replacing them quickly or simply to pick up a new nice-to-have software feature.

Now to balance this out I have to say that Synology isn’t perfect.  While I am very impressed with their continuing support for older hardware and am confident that their hardware will continue to be supported for a long time, their software technical support leaves something to be desired.  If you are having a problem a number of people have noted (and I agree with) that the function of the software technical support seems to be to explain to the customer how they did something wrong or have the wrong expectations.  There does not appear to be any other sort of support going on – if they find a bug and fix it, great.  If a customer finds a bug, well, you are doing something wrong and they will try to explain it to you.  This isn’t a perfect support experience by a long shot.

Finally, in conclusion, I want to say that the new box is configured as RAID 10 with four 6TB drives.  Why not RAID 5 or 6?  The problem is with a 6TB drive the recovery time is so long that even with a hot spare there are too many chances of losing the entire array should a failure occur.  With RAID 10 we get (perhaps) a bit better performance and the ability to survive any single drive failure and some two drive failures.

Open Source Video: ffmpeg

August 11, 2014

The Vindex product at InfinaDyne is a tool for video analysis and in order to do this, it has to gain access to video frames.  It started out in 2010 with a fairly simple wrapper around DirectShow and MediaFoundation but today has been extended with additional frame readers – one of them utilizing ffmpeg.

ffmpeg is an open-source project that began in 2000.  It is utilized by a number of different products, both open and closed-source.  It is a fairly robust tool for playing and encoding video with the right price – free.  There are some issues with ffmpeg having to do with licensing and patents.  When you build ffmpeg you get to decide what license the resulting library and tools should adhere to, basically GPL version 2 or LGPL version 2.  For distribution with a closed-source product the LGPL licensed version is the only one that should be used.

As far as patents are concerned, there are video encoding schemes which are patented in the United States and other countries which allow software patents.  Some of these are reimplemented in ffmpeg and in theory should not be present in an open source product.  In many cases the patent holders have decided not to pursue the small amounts of revenue that could be gathered by attempting to enforce their patent on users of ffmpeg, most of which are home users.

For Vindex we are using ffmpeg for video encoding and decoding.  A new HTML reporting feature was added in 2013 which extracts video clips and saves them as MPEG-1 video and this required video encoding.  This year we are releasing an ffmpeg-based frame reader which will read all the different types of video that ffmpeg can decode.  We are using an LGPL version of the library and loading it dynamically so that our product is as compliant as possible with the open-source licensing provisions of this project.

We believe the introduction of ffmpeg being included with Vindex will make a significant improvement in the capabilities of our product.

Encryption, iOS and Windows

July 16, 2014

A problem that many mobile device developers seem to have escaped from is the difficulties in having symmetric encryption between a mobile platform and a server.  Nobody seems to have paid much attention to this and it is a non-trivial problem.

One way people have gotten around this is through the use of SSL.  If you are interacting with a web server, nearly all of your problems are solved simply by using SSL – i.e., HTTPS.

It is important to understand a distinction here.  There are two broad categories of encryption in the world: symmetric and asymmetric.  Asymmetric encryption involves the use of a public/private key pair and a different key is used to decrypt a message than the key used to encrypt it.  It is also pretty slow, which is why asymmetric encryption is often used as a means of exchanging symmetric encryption keys in a secure manner and then switching over to symmetric encryption for the bulk of data transfer operations.  Symmetric encryption is where both the encryption and decryption keys are the same and is generally a lot faster than asymmetric encryption.

Symmetric encryption is, at first glance, pretty simple to set up.  You simply pass a block of data to the “encrypt” function and you get back encrypted data.  Similarly, on the receiving end you simply run the “decrypt” function and get the unencrypted data out.  The problems start with getting everything to be interoperable across different platforms and then there it the small matter of the key.

Well, in the development of the DB Freedom app, it turned out that I had to solve this for sending data between a server (C++) and an iOS app (Objective C).  There are some data items that really need to be secure and DB Freedom is certainly the sort of app that is going to need to be secure.  What I found in looking at the options for things other people had done was pretty surprising.

The first part of the problem is deciding on what sort of encryption could be supported on both ends.  My first impression was AES 256 was the right way to go.  Well, unfortunately iOS and the CommonCryptor framework do not support AES 256, just AES 128.  There were not a huge number of other options available.

The next issue is the key to be used.  There are several shortcuts to building a key but none of them appear to be cross-platform in any respect.  So it is necessary to understand how to build a key, salt and initialization vectors.  There are plenty of people on the Internet that know way, way more about the current state of symmetric encryption than I do, so I am going to let you find other sources because the issues aren’t all that different for different platforms.  Let’s just say that any shortcuts you might find probably aren’t going to work across different platforms.  You are going to have to do it the hard way.

With this knowledge, I was finally able to use the Windows Cryptographic services and CommonCryptor on iOS to utilize encryption without building a separate implementation.  This is pretty much a requirement because if you build your own encryption into an iOS app there are more hoops to go through and potential export limitations.  Similarly on Windows, if you build encryption into the application you will have to contend with distribution issues in countries outside the US.  Some countries disallow the use of encryption altogether and some require further disclosure and/or licensing in order to import such applications.  Using a Windows or iOS service removes these considerations.

What did I learn from this?  First off, there are relatively few mobile apps out there that communicate with a server apart from a web server like IIS or Apache.  Secondly, because of this there aren’t a lot of examples of how to insure you are doing something that is interoperable across different platforms.

I also understand a bit more about the problems in sharing a secure key for symmetric encryption across a network link.  Yes, I can see the value in using a public/private key pair to enable sharing a truly randomly generated key – but this level of complexity wasn’t something that I was prepared to commit to.   One of things important in building any sort of application is when to say “No”.

New Robotic Loader Systems

May 15, 2014

We have been working with a number of manufacturers to get support finalized for several new robotic loader systems.  What these do is automate the process of collecting evidence from optical media: CDs, DVDs and Blu-Ray discs.  We now have a wide range of different systems to meet any budget.

More information and photographs of machines are on our web site.

Nimbie

Probably the most exciting new support is the Nimbie.  This is a single-drive machine that is designed to sit next to your computer.  It can manage 25, 50 or even 100 discs at a time and can be used with or without a camera to document the discs being processed.  At $2099 for the basic package of hardware and software the Nimbie is suitable for giving to each examiner so when they have a few discs to process this can be done unattended in a hands-free manner.  A camera is an additional $350 for this machine and will take clear, glare-free photographs of each disc as it is processed.

The design of the Nimbie is very clever in that it feeds discs off the bottom of a stack with a screw-type “dispenser” to drop discs onto the drive tray.  This way discs are stacked up in the output hopper in the same order they were placed in the input.  The Nimbie connects to your computer via USB 3,0 (or 2.0 if that is all you have) and can support either a CD/DVD writer or a Blu-Ray writer.  The Nimbie also comes with publishing/duplication software for burning multiple discs at a time.  The Nimbie does not include any sort of printing device for labeling discs.

This machine is now available from InfinaDyne as a complete software/hardware package.

All Pro Solutions Zeus

This machine is made in the USA and has four drives for processing discs.  It comes with a camera for documenting each disc as it is processed.  Considering there are four drives, this machine has a smaller footprint than some others that we support but gets the job done with a built-in PC.  It is made out of metal with high-quality construction and is suitable for continuous use and can process hundreds of discs every day – actual throughput is highly dependent on the content of the discs and the readability of them.  Up to 600 discs can be processed at one time.

This machine is somewhat of a departure for us in that we are using a fifth drive as a photo stage rather than a printer to hold the discs as they are being photographed.  This fifth drive is used only for photographing discs and does not participate in the collection process.  It is a considerable saving over having a printer which often is not used on a dedicated evidence collection machine.  While the pricing has not been finalized yet for this machine, we know it will be priced attractively for users in the US.  This machine is expected to be available beginning in June 2014 and marketing will be a joint effort between All Pro Solutions and InfinaDyne.

LSK Delta

The LSK Delta is a flexible machine that can have up to five drives, including one used for taking pictures.  A camera is included.  It can also be configured to have an inkjet printer for printing on discs and holding discs for photographs.  The specifications of this machine can vary depending on the configuration selected, but it is a robust all-metal construction machine suitable for continuous use.

If no printer is included in the configuration, this machine will use one drive for holding discs while they are photographed.  A machine can therefore be configured for five drives using four of them for processing discs.

Distribution of this machine is expected to be limited to Europe, mostly due to shipping costs.  This machine is expected to be available beginning in June 2014.

ADR AG Hurricane

This machine is similar to others here with up to four processing drives and different options for where discs are photographed.  A printer is optional with several different options depending on your needs.  It comes with a camera for documenting discs.  It can be configured with up to four drives for processing discs.

This machine can be configured for different numbers of discs depending on your requirements.  Like others, it is all-metal and suitable for continuous use.  Distribution will be limited to Europe and certain other countries.  Pricing has not been determined yet.  This machine is expected to be available in June 2014.

MF Digital Scribe

We have been shipping MF Digital Scribe machines for some time now and will be changing over to a no-printer configuration for machines with two processing drives.  This will reduce the cost of this machine and eliminating the need for a printer that often is not used on machines dedicated to evidence collection.  The Scribe can hold up to 300 discs at a time and can be configured with two, three or four processing drives, although a four-drive configuration requires a printer.

The MF Digital machine has a history of being highly reliable and is serving many customers very well.  It includes a camera and basic duplication software with the possibility of configuring the machine for network disc publishing with more extensive software support.

Primera Bravo

We have supported Primera Bravo systems for a long time and continue to do so.  If you have only occasional needs for automated collection but need to print on discs the Bravo systems offer built-in inkjet printing combined with single-drive support by CD/DVD Inspector.  Unlike most of our offerings, we do sell CD/DVD Inspector for Primera robotics as a software-only product for use with existing Bravo machines.

There are a number of different Bravo machines with differing capacities from 25 to 100 discs at a time.  No camera is available for use with any Bravo machine.

Other Machines

We have supported a variety of other hardware over the years with continuing support for CopyPro MiniMax hardware.  At one time we were partnering with Rimage and our software is still in use at some locations with Rimage equipment.  Our policy has been to tailor our software for any hardware which is available to us and to represent and support various manufacturer’s hardware offerings equally.

Interesting Technical Details

I could not resist from passing along some information that some of the more technically-minded folks might find interesting.  Most of these machines that we support are based around a fairly simplistic model of having a “robot controller” which is a microprocessor that operates two stepper motors and a solenoid for grabbing and releasing discs.  The robot controller is interfaced with a PC (either internal or external to the machine) via an RS-232 serial connection which may have a USB-Serial converter connecting it to the PC hardware itself.  The most common connection speed is 9600 baud and most of these robot controllers use simple single-character commands to tell the microprocessor where to position the stepper motors.  Most of them are also synchronous, meaning that a command is issued and a response is returned with the robot being “busy” while the command is being processed.

The other popular configuration is where a DLL is provided which has functions like “Robot_LoadDisc” and “Robot_UnloadDisc” where specific actions are requested and the DLL takes care of getting them done.

CD/DVD Inspector (robotic) is actually built using a plug-in model where the main processing is in a generic, hardware-independent form and a hardware-specific plug-in is used to communicate with the robotic controller.  We don’t get into the robotic controller programming, just interfacing with it to send commands and get responses.  The robotic plug-in is also responsible for taking pictures and delivering them back to CD/DVD Inspector.  This gives us a tremendous amount of flexibility in being able to support different robotic systems, without having to worry about individual copies of CD/DVD Inspector.  It also allows for problems that are found in the Inspector code to be fixed quickly and then downloaded by customers the world over to support their robotic loader systems.

From the time a new robotic machine is delivered to having finished support for it with CD/DVD Inspector generally takes about a week, assuming it is using either the “serial port command” model or the “DLL function” model because we can build on the existing support used with other hardware.

Every manufacturer we deal with requires an NDA to get the command reference information for interfacing with their robotic controller.  Every single one.  This doesn’t bode well for anyone thinking of any sort of open-source application using these machines.  While I can speak in general terms about robotic systems and how we interface with them, the specifics of any one machine are under NDA and considered to be a trade secret.  Owning one of these machines does not get you the documentation on how it operates.

Email, then and now

January 21, 2014

email-logoEmail has long been hosted for people and businesses.  Your cable TV Internet connection comes with some hosted email, hosted by the ISP which can be the cable company or a third party.  You have access to Gmail, Hotmail, Live.com, Yahoo and a forest of other hosted email solutions.  So this saves you from having to host your own email for your business, right?

Well, in a word, no.

Before going any further here I need to state clearly that I am not a lawyer and this is not legal advice.  This article is focused on the security and sanctity of your email communications and nothing more, but I am going to delve into some legal concepts and terminology which could be misconstrued as legal advice.  It is not meant as such and I am not qualified to give such.

The Electronic Communications Privacy Act was signed into law in 1986 and it clearly states that electronic communications that are not removed from a third-party server for 180 days are considered to be abandoned and a search warrant is not required to access these items, just a subpoena.  Back in 1986 most email services were used with POP access and email was downloaded and stored on the user’s computer almost immediately.  Anything that was still on the server after 180 days probably was abandoned.  Today, with web mail services, hosted Exchange services and others email is often left on a third-party server for considerable lengths of time.  180 days is a drop in the bucket for most Gmail users.

If, however, your email is stored “locally” or on a server you control then it is protected for all time.  A search warrant is required to gain access to it.

So?  Well, there are two considerations here.  The first is law enforcement and the second is civil discovery.  For law enforcement a search warrant has a much higher requirement.  To get a search warrant a judge must find that the petitioner has probable cause – without that, no search warrant.  In many cases probable cause isn’t that hard to come by, but it is a standard that prevents fishing expeditions where a law enforcement agency believes you have committed a crime but has no proof of such a crime.  If there is sufficient motivation there, they can fish around for the necessary proof and anything that can be accessed by a subpoena is fair game for such fishing, but no judge is going to authorize a search warrant based on suspicion and guesswork.

The second consideration here is perhaps more important for businesses.  Anyone filing a lawsuit against you or your business is granted a limited subpoena power for discovery.  This would certainly include email more than 180 days old on a third party email service, such as Gmail or Hotmail.  This is not to say that email on your 0wn server is immune from civil discovery – far from it as many litigants have found out.  However, access to such email is going to be governed by more strict rules and the plaintiff is going to have to show proof that such email is needed for their case.  Mere suspicion is not going to be sufficient, and it may be negotiated that the email must be reviewed by a neutral party and only those items which are pertinent to the case will be turned over.

What does all of this mean?  Basically that your email stored on a third-party server is not considered very private and can be easily accessed almost by asking for it, but email stored on your own server is considered private and can only be accessed with the permission of a judge with the petitioner showing good reason why such email should be made available.

If you believe you have nothing to hide from law enforcement, please do not forget the second consideration: civil discovery.  Your third-party hosted email is far more available for civil discovery and in the USA getting sued is unfortunately common.  Are you sure the email you have sent and received is not going to reflect badly if it is disclosed during a lawsuit?

This came up recently when a computer service company was engaged to upgrade a server here at InfinaDyne.  They strongly advised moving to an externally hosted email solution and eliminate the Exchange server.  It would be easier to maintain and we wouldn’t have to tie up huge amounts of disk space for email.  However, it would also open us up to having any email 180 days old or older examined under the circumstances described above.  This would not only affect our internal operations but would also potentially affect our customers and any communications with them.  Clearly, any customer that had communicated with us in prior years could have email that is saved and this could be significant if they were sued or the subject of law enforcement actions.  By having our email hosted internally the 180 day rule is removed and a search warrant or very specific civil discovery subpoena would be required to access anything we are holding.

I elected to go for the greater effort and expense of hosting our own email.  It also made some things easier to do in the future that wasn’t a consideration originally but has turned out to be a nice side benefit.

At this point you might want to be thinking about a data retention policy and going to send me off a comment about how we should not be keeping customer communications indefinitely but deleting them after some point in time.  After all, we are not subject to requirements for keeping such email forever.  This is true – and we probably should have clear guidelines for all employees about saving such email.  It is also true that people do not always follow such guidelines, even if you make them print them out and sign them saying they read them.  And often the worst offenders of such guidelines are the executives of a company.  If you don’t have a policy about how long to keep email, you might want to be thinking about creating such a policy but also dealing with ways to either enforce it or to handle it not being followed.

Another consideration here for Gmail users is that Gmail has made it somewhat difficult to really eradicate email.  Typically, email on Gmail isn’t deleted but it is archived, so even if you do have a data retention policy Gmail isn’t doing you any favors about sticking with that.  If you are using Gmail or Gmail services for your email you may want to make sure you are indeed going the extra mile to delete the email that should be deleted both the “Inbox” sort and the “Sent Items” sort.

Disc Timestamps

January 21, 2014

One of the things that confuses people a great deal is the number of different timestamps present on discs. There are many and a lot of them have never really been used for anything, much less being able to be displayed by operating systems over the years.

For example, on an ISO 9660 disc without Joliet there are five timestamps in the Primary Volume Descriptor (PVD) alone. None of these are displayable by Windows, Linux, OS X or any other operating system that I know of. Not even DOS with MSCDEX. The five are:

  • Timestamp in the root directory directory entry.
    This is not settable by any software I am familiar with and usually, but not always, comes directly from the system clock at the time the disc is being written.
  • Volume Create time
    This would be the time at which the volume was created. Unfortunately, this is often settable by the user creating the disc meaning they can put anything they want into this time.
  • Volume Modification time
    This was intended to represent the date and time the volume was republished as a CD-ROM. Today, this timestamp has little meaning although I have seen Nero doing some odd things with this with multisession discs.
  • Volume Expiration time
    This would be the time when this disc was no longer valid. Again, this dates back to CD-ROM days. As far as I know, this timestamp was never used for anything and as it isn’t displayable without special software it isn’t something the user can check. This time is often left blank or zero.
  • Volume Effective time
    This was supposed to be a time before which the disc wouldn’t be valid but again nothing I am aware of displayed or used this timestamp in any manner. This time is often left blank or zero.

Understand, that if there is a Joliet Supplementary Volume Descriptor (SVD) there is another set of these five timestamps there as well. What might it mean if they were different? I really don’t know the answer to that one.

UDF has another whole set of timestamps, the most interesting of which is called the Recording Date and Time which lives in the UDF Primary Volume Descriptor.

HFS and HFS+ also have timestamps present for: create, modify, backup and checked. Obviously everything but the create time has no meaning for a file system on write-once media, but they are all there nonetheless.


Above I mentioned some things about Nero and multisession discs – recently working with a customer I encountered something that I found pretty interesting. Normally, the root directory timestamp is set from the system clock when the disc is written. This holds true for a large number of writing applications. A few just set this to zero because it has no real use to the user or anything else – nobody is looking at it. But in general, you can take it as the true time when the file system was written.

Well, I found an exception to that. It is not clear if this is limited to a specific version of Nero or not, but a multisession disc that I was looking at recently was recorded with Nero and the 2nd and 3rd sessions had a root directory timestamp the same as the first session. Now clearly the second session was not written at the same time as the first session, so we can reject out of hand this being an accurate time when the 2nd session was written.

The Volume Create timestamp was also identical in all three sessions, lending further credence to this being a useless timestamp. However, the Volumne Modification timestamp was different and significantly later in time than the root directory timestamp and the Volume Create timestamp. Evidently what they did was to read the first session PVD (and SVD for Joliet) and only set the Volume Modification timestamp for the later sessions. Very interesting, and this will be reflected in an update to CD/DVD Inspector’s Analysis tool shortly.


CD/DVD Inspector tries to make some sense out of all of these for you without your having to resort to a hex editor and the standards document. The Analysis tool and Volume tool will both come in very handy in examining these timestamps. Also, do not forget that every file may have additional timestamp information beyond the date shown in the “details” display – right-click and select Properties to see them all.

If you have a disc that you have questions about, please let us at InfinaDyne know. If you aren’t a customer we can set you up with an evaluation version of CD/DVD Inspector right away so you can at least get a handle on what the disc has on it. If you are a customer, I personally can work with you on examining the disc to dig out all of its little secrets as I have done with a number of customers previously. Which, I might add, has led to their side winning in court. If the other side knows more about a critical disc than you do, you are going to have trouble.