The shit hits the fan and the cops confiscate your computer - what can they find?

OK, so let's say you aren't using tails and you are a personal use buyer. Shit goes down for some reason and the local cops confiscate your computer. We can assume they aren't going to bring in NSA-level forensics for a small-time case. Maybe they just use the local PD computer guy.

What could they really find?

First of all, I don't think they can compel you to give up your password because of the fifth amendment. If you have your disk encrypted through bitlocker or something they won't be able to get to anything. But let's assume that is not the case and they can get in and see all your stuff.

What am I missing here? I'm not trying to say people shouldn't have computer OPSEC - they should, and it is really easy. I'm just trying to understand what evidence could potentially be on someone's computer.


Comments


[41 Points] Al-Fayyad:

a folder with about 20,000 pepe pictures.


[16 Points] quixoticme1:

You're giving cops way too much credit. The ones that arrested me took my hookah insisting it was a bong and struggled to open a lockbox with no lock on it. They looked through my blackberry (okay it was 2008) and couldn't anymore when the battery died. I swear to God I'm serious.


[10 Points] sdfhgdhjbdafcadv:

Why not just use Tails? They they'll get absolutely nothing.


[4 Points] u3565572:

First of all, I don't think they can compel you to give up your password because of the fifth amendment.

No, judges have ordered people to give up their password. Google it.

If you have your disk encrypted through bitlocker or something they won't be able to get to anything. But let's assume that is not the case and they can get in and see all your stuff.

If you are using windows you are screwed. Browser cache will be recovered even if you delete the files with windows -- an SSD drive may negate this.

ToR browser doesn't retain (AFAIK) history, so that is no help Maybe they could look at your electrum history, assuming they knew what that was. In that case, they would have to know market addresses to tie it to anything

Circumstantial evidence that will screw you in court when added to other evidence.

They could look at GPG and see the names of some dealers, assuming they knew they were dealers. But that is just a keyring and not evidence of anything in particular

Evidence of of illicit activity that will bolster their case.

Assuming you aren't creating a diary like ross, so you have no literal transaction record on your computer

They will have location data from your phone and normal internet use that they will tie to your illegal activites.

Assuming you don't talk about drugs over email or Facebook, so they can't get anything from that

No, but if you talk to people and THOSE people talk about drugs in the clear (they do) then you are screwed.

What am I missing here? I'm not trying to say people shouldn't have computer OPSEC - they should, and it is really easy. I'm just trying to understand what evidence could potentially be on someone's computer.

Bonus crime: destruction of evidence. There is a reason USA has 95% conviction rate.


[4 Points] None:

[deleted]


[3 Points] shoelace120:

Bailey Jay...and lots of it


[3 Points] hdheuud:

A tooooooooon of dick picks, some of which I decided to shave bare first, don't ask me why, so I'll probably get charged with some sort of CP shit, but the charges won't stick.


[3 Points] andblowyourhousedown:

Let's see.

My clearnet browser history would reveal that I've visited Localbitcoins several times over the past few months, and they'd probably find my USB with Tails on it as well. Neither thing is illegal, of course, but perhaps it would whet their (LE's) appetite.


[3 Points] uEbrjuZxTDEwVhqS:

On the whole password thing, I am not sure if they can legally force you to give it up or not. But Veracrypt has a feature where you can create a hidden volume on an encrypted volume, or even a whole-hidden OS. You then have 2 passwords, your "secret" password, and your "really secret" password. So if you get caught, and are required to give up a password to the encrypted OS/volume, you can just give them the first one, and not the second. I have tested this on a mounted volume and it works well.


[2 Points] MLP_is_my_OPSEC:

Regular persons browsing history, and an Electrum wallet used for clearnet freelance work.


[2 Points] DannyTanner_Throw:

A huge supply of traumatizing Internet history


[1 Points] DaMenehune:

They can compel you to give up a password. Just like they can compel you to open your safe.


[1 Points] None:

[deleted]


[1 Points] FagDamager:

the police have software which removes all default files off of a computer; so they're left with everything that's been added by a user


[1 Points] sapiophile:

Dude. You are doing it very, very wrong.

You're using Electrum on Windows? Are you even torifying it? You realize that if you don't run Electrum through Tor you're totally fucking doxxing yourself to the world, right? The internet then knows your BTC addresses and where you're sending money to.

Second, fucking BITLOCKER? Are you fucking kidding, yo? The second-rate file encryption tool from the LE-loving fuckers at Microsoft who brought you NSAKEY? Seriously? Use fucking TrueCrypt at the very least, FFS. Yes, TC is still safe to use, stop asking. Way, way fucking safer than fucking BitLocker, jesus.

And you keep your fucking DNM GPG keyring just laying around? Seriously? If you think that that's not immediate evidence, GOOD evidence at that, you're a fool. It's a little thing called "Conspiracy," look it up dumbass.

"What you're missing" is fucking everything. Yeah, sure, maybe you'll get lucky and have some totally incompetent LE, but personally - and hey, this is just me - I wouldn't want my fucking freedom hanging on some fucking good luck. Real motherfuckers make their own luck.

What you need to be doing is using fucking Tails. I mean FFS, what are you even doing? Tails is ridiculously easy to use and doesn't require you to change anything that's installed on the computer. Just fucking use it.

God, posts like this make me downright angry.


[1 Points] chrisname:

In the UK you can be charged for refusing to give an encryption key, so you need a hidden volume if you want to save anything damning.

It's also trivial to recover deleted files that were not securely erased. I don't think SSDs have this issue so long as TRIM is enabled.