|
|
|
|
|
|
by detaro
3833 days ago
|
|
|
Interesting that they only took one of the disks. a) a more aggressive forensic approach would avoid the server to be shut down if at all possible (getting data in RAM or on encrypted partitions) and b) it is very restrained in comparison to other seizures. I'd say that if they believed he were actively complicit or would do something to hinder the investigation, they would have been more aggressive, possibly went after machines in his home as well. Of course, if I'm right with this assumption, why didn't they contact him, but went directly for the server via the hoster. (I'm actually not sure how the law works with regards to seizing data vs seizing the (probably provider-owned) media it is on) Also, I guess the "just take one of the RAIDed disks" in this way is only possible if you run a server provided by a known hosting provider, were it isn't the first seizure for both police and provider. The provider knows how the servers are set up, law enforcement trusts that the provider just wants to get everything done as quickly as possible. |
|
|
My thoughts exactly. His reputation of cooperation might have helped him out here. Nice of them to leave enough stuff to keep the service online. Many small-time operators hit by FBI over here aren't so lucky. They'll take down a whole colo worth of clients sometimes.