IT IS another escalation in the computer security arms race. Software that can uncover all of a person’s online activity could, in the hands of the police, put more sex offenders behind bars – but it may also be exploited to develop new ways of avoiding being caught.

Researchers from Stanford University in California have managed to bypass the encryption on a PC’s hard drive to find out what websites a user has visited and whether they have any data stored in the cloud.

“Commercial forensic software concentrates on extracting files from a disc, but that’s not super-helpful in understanding online activity,” says Elie Bursztein, whose team developed the software. “We’ve built a tool that can reconstruct where the user has been online, and what identity they used.” The open-source software, Offline Windows Analysis and Data Extraction (OWADE), was launched at the Black Hat 2011 security conference and works with PCs running on the Windows operating system.

We’ve built a tool that can reconstruct where the user has been online, and what identity they used


The majority of sensitive data on a hard drive, including browsing history, site logins and passwords, uses an algorithm to generate an encryption key based on the standard Windows login.

Last year, Bursztein and his colleagues discovered how this system works – making them the only team in the world, other than Microsoft, able to decrypt the files. Now the team have made their discovery public, with free access.

The OWADE software combines this new knowledge with existing data-extraction techniques to create a single package that can uncover illegal online activities.

“Say you’re working on a paedophilia case and you might want to know if people had interactions with minors on social networking sites,” says Bursztein. Previously, with only access to a hard drive, the police would not be able to match suspects to online identities, let alone gain access to their accounts. “Now, law enforcement organisations can extract information from websites like Facebook to find out,” he says.

However, those intent on remaining anonymous could exploit the system. “If somebody knows what they’re doing with their data, they will try and hide it and work around [solutions like this] as much as they can,” says John Haggerty from the University of Salford, UK.