theForum is run by the charity Unlock. We do not actively moderate, monitor or edit contributions but we may intervene and take any action as we think necessary. Further details can be found in our terms of use. If you have any concerns over the contents on our site, please either register those concerns using the report-a-post button or email us at forum@unlock.org.uk.


SHPO - devices that can connect to the internet


SHPO - devices that can connect to the internet

Author
Message
Mark15788
Mark15788
Supreme Being
Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)

Group: Forum Members
Posts: 172, Visits: 2.2K
What I did in the past was screenshot the texts with the officers number visible and then email those images to myself but I take your point on board and will do it straight through email from now on it might be better.
J J
J J
Supreme Being
Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)

Group: Forum Members
Posts: 141, Visits: 539
Mark15788 - 20 Aug 20 2:40 PM
I’m not new to it no, my community order is now complete, I’m nearly 3 years In so fast approaching 2 years left on SOR and SHPO. Was just interested in the TV situation. Why would you need to take every new device to the police station? I’ve always just went the same day as delivery with the information I need and got a written confirmation from them. Hardly going to take a new TV in there to be fair.

Oh i was given a 5 year SHPO and a 2 year community order too
J J
J J
Supreme Being
Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)

Group: Forum Members
Posts: 141, Visits: 539
Mark15788 - 24 Aug 20 1:07 PM
What experiences have people got with a phone upgrade? Last time my officer came out and checked the phone history and then said it was fine to clear and recycle and then just report the acquisition of the new one within three days. Im hoping to use some of my savings to get a early upgrade soon and wondered if this is what I should do again? Just get them to inspect and let me recycle again.

My phone syncs with my online account. i'd make sure that you get a request in writing first.
Mark15788
Mark15788
Supreme Being
Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)

Group: Forum Members
Posts: 172, Visits: 2.2K
In terms of my purchase of a new TV I’m going to clearly go register it anyway and then I’m covered.

Before I do my upgrade I’ll email the neighbourhood officer and see if he will do what he did last time and come check my history and allow me to recycle after that but get it in writing.
J J
J J
Supreme Being
Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)

Group: Forum Members
Posts: 141, Visits: 539
Was - 24 Aug 20 3:02 PM
Mark15788 - 24 Aug 20 2:34 PM
Yeah I usually correspond by text but I could email him and ask him to come and do a check like he did last time. Then get him to confirm in email that he’s happy for me to do a full reset and then recycle. The weird thing is, I have an iPhone so can’t comment on other phones, but I’m sure when you look at the history it only goes so many weeks back anyway, so they never get a full account of your browsing history if you only get visited once a year anyway.

Text has a nasty habit of disappearing on phone resets or changes of SIM. Whilst a device may have a local copy, emails are normally stored elsewhere (gmail, hotmail etc.) which is useful if a device has a brain fart.

After having Android for so many years, I now have an iPhone 6S. However, what I have done is install Microsoft Edge. This allows you to share links and history over multiple devices. It came in useful when I got the third degree for searching for "child of light" and was able to pin point it down to the exact day, hour, minute and second and the site I was looking for!

Get a google, or windows account. Both back up text messages....
J J
J J
Supreme Being
Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)

Group: Forum Members
Posts: 141, Visits: 539
Hi
I've just had a visit from my public protection office, I have file auditing turned on filled my c drive event log store in under an hour!!  I've had a look through and their tool appears to be proprietory and access a number of areas. I'm still going through the log but it appears to do the following
Scan for all executables on your hard drive on all partitions
Scan for all images
Checks for any proxy usage
Scans for all images - to what end i'm not sure. I mean does it copy them or just write the names into a text file?
The program is called: osTriage2.0.0.3.exe and the event log entry is below
There is also a helperapp that runs.


My concern is that if the app does the following
1 - Copies personally identifiable informaiton to an unencrypted drive
2 - is designed to allow someone with little or no experience to run and potentially arrest someone for just ticking a box.

==========================================================
An attempt was made to access an object.

Subject:
Security ID:J***********\*****
Account Name:james
Account Domain:***************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object NameBigGrin:\onedrive\OneDrive - **********\private\salvage\recovered\DSC02402.jpg
Handle ID:0x840
Resource Attributes:S:AI

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Accesses:ReadData (or ListDirectory)

Access Mask:0x1
================================================

It also accesses the recycle bin too

A handle to an object was requested.

Subject:
Security ID:J*******
Account Name:********
Account ******************************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object NameBigGrin:\$RECYCLE.BIN\S-1-5-21-81388288-117615736-41980065-1001\$R5TN288.JPG
Handle ID:0x2b4
Resource Attributes:-

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Transaction ID:{00000000-0000-0000-0000-000000000000}
Accesses:SYNCHRONIZE
ReadData (or ListDirectory)
ReadAttributes

Access Reasons:SYNCHRONIZE:Granted byDSadA;ID;FA;;;BA)
ReadData (or ListDirectory):Granted byDSadA;ID;FA;;;BA)
ReadAttributes:Granted byDSadA;ID;FA;;;BA)

Access Mask:0x100081
Privileges Used for Access Check:-
Restricted SID Count:0

==========================================

This is the process starting
A new process has been created.

Creator Subject:
Security ID:***************
Account ***************
Account Domain:***************
Logon ID:0x2A7F0696

Target Subject:
Security ID:NULL SID
Account Name:-
Account Domain:-
Logon ID:0x0

Process Information:
New Process ID:0x29a0
New Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\Plugins\__tmp\c5865ccc-74af-498f-bba3-6157e3a3b34b\osTriageHelperApp.exe
Token Elevation Type:%%1937
Mandatory Label:Mandatory Label\High Mandatory Level
Creator Process ID:0x40e0
Creator Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe
Process Command Line:

J J
J J
Supreme Being
Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)

Group: Forum Members
Posts: 141, Visits: 539
jcdmcr - 28 Aug 20 3:16 PM
Hi
I've just had a visit from my public protection office, I have file auditing turned on filled my c drive event log store in under an hour!!  I've had a look through and their tool appears to be proprietory and access a number of areas. I'm still going through the log but it appears to do the following
Scan for all executables on your hard drive on all partitions
Scan for all images
Checks for any proxy usage
Scans for all images - to what end i'm not sure. I mean does it copy them or just write the names into a text file?
The program is called: osTriage2.0.0.3.exe and the event log entry is below
There is also a helperapp that runs.


My concern is that if the app does the following
1 - Copies personally identifiable informaiton to an unencrypted drive
2 - is designed to allow someone with little or no experience to run and potentially arrest someone for just ticking a box.

==========================================================
An attempt was made to access an object.

Subject:
Security ID:J***********\*****
Account Name:james
Account Domain:***************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object NameBigGrin:\onedrive\OneDrive - **********\private\salvage\recovered\DSC02402.jpg
Handle ID:0x840
Resource Attributes:S:AI

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Accesses:ReadData (or ListDirectory)

Access Mask:0x1
================================================

It also accesses the recycle bin too

A handle to an object was requested.

Subject:
Security ID:J*******
Account Name:********
Account ******************************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object NameBigGrin:\$RECYCLE.BIN\S-1-5-21-81388288-117615736-41980065-1001\$R5TN288.JPG
Handle ID:0x2b4
Resource Attributes:-

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Transaction ID:{00000000-0000-0000-0000-000000000000}
Accesses:SYNCHRONIZE
ReadData (or ListDirectory)
ReadAttributes

Access Reasons:SYNCHRONIZE:Granted byDSadA;ID;FA;;;BA)
ReadData (or ListDirectory):Granted byDSadA;ID;FA;;;BA)
ReadAttributes:Granted byDSadA;ID;FA;;;BA)

Access Mask:0x100081
Privileges Used for Access Check:-
Restricted SID Count:0

==========================================

This is the process starting
A new process has been created.

Creator Subject:
Security ID:***************
Account ***************
Account Domain:***************
Logon ID:0x2A7F0696

Target Subject:
Security ID:NULL SID
Account Name:-
Account Domain:-
Logon ID:0x0

Process Information:
New Process ID:0x29a0
New Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\Plugins\__tmp\c5865ccc-74af-498f-bba3-6157e3a3b34b\osTriageHelperApp.exe
Token Elevation Type:%%1937
Mandatory Label:Mandatory Label\High Mandatory Level
Creator Process ID:0x40e0
Creator Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe
Process Command Line:

oh as a side note - it appeared to monitor my arp cache and dns servers!!
lotsofquer
lotsofquer
Supreme Being
Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)Supreme Being (2.4K reputation)

Group: Forum Members
Posts: 115, Visits: 3.2K
jcdmcr - 28 Aug 20 3:40 PM
jcdmcr - 28 Aug 20 3:16 PM
Hi
I've just had a visit from my public protection office, I have file auditing turned on filled my c drive event log store in under an hour!!  I've had a look through and their tool appears to be proprietory and access a number of areas. I'm still going through the log but it appears to do the following
Scan for all executables on your hard drive on all partitions
Scan for all images
Checks for any proxy usage
Scans for all images - to what end i'm not sure. I mean does it copy them or just write the names into a text file?
The program is called: osTriage2.0.0.3.exe and the event log entry is below
There is also a helperapp that runs.


My concern is that if the app does the following
1 - Copies personally identifiable informaiton to an unencrypted drive
2 - is designed to allow someone with little or no experience to run and potentially arrest someone for just ticking a box.

==========================================================
An attempt was made to access an object.

Subject:
Security ID:J***********\*****
Account Name:james
Account Domain:***************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object NameBigGrin:\onedrive\OneDrive - **********\private\salvage\recovered\DSC02402.jpg
Handle ID:0x840
Resource Attributes:S:AI

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Accesses:ReadData (or ListDirectory)

Access Mask:0x1
================================================

It also accesses the recycle bin too

A handle to an object was requested.

Subject:
Security ID:J*******
Account Name:********
Account ******************************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object NameBigGrin:\$RECYCLE.BIN\S-1-5-21-81388288-117615736-41980065-1001\$R5TN288.JPG
Handle ID:0x2b4
Resource Attributes:-

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Transaction ID:{00000000-0000-0000-0000-000000000000}
Accesses:SYNCHRONIZE
ReadData (or ListDirectory)
ReadAttributes

Access Reasons:SYNCHRONIZE:Granted byDSadA;ID;FA;;;BA)
ReadData (or ListDirectory):Granted byDSadA;ID;FA;;;BA)
ReadAttributes:Granted byDSadA;ID;FA;;;BA)

Access Mask:0x100081
Privileges Used for Access Check:-
Restricted SID Count:0

==========================================

This is the process starting
A new process has been created.

Creator Subject:
Security ID:***************
Account ***************
Account Domain:***************
Logon ID:0x2A7F0696

Target Subject:
Security ID:NULL SID
Account Name:-
Account Domain:-
Logon ID:0x0

Process Information:
New Process ID:0x29a0
New Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\Plugins\__tmp\c5865ccc-74af-498f-bba3-6157e3a3b34b\osTriageHelperApp.exe
Token Elevation Type:%%1937
Mandatory Label:Mandatory Label\High Mandatory Level
Creator Process ID:0x40e0
Creator Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe
Process Command Line:

oh as a side note - it appeared to monitor my arp cache and dns servers!!

Monitored or took a copy?

The software isn't proprietary but seems to have been removed from public view (so I guess making it pseudo proprietary). Looks like you have to have law enforcement training to get a copy now. One thing I've just discovered (although not all that surprised) while looking up the software is that Windows logs everything you access and keeps it forever even if you delete a file. If you want to take a look check out Shellbag Analyzer & Cleaner by Goversoft. Given one of the tools on the developer of ostriage website (not goversoft btw - that was another one I found) pulls this information I'd imagine they're taking a copy of it.

I guess if you have nothing to hide the only issue is the privacy intrusion and potentially some explaining to do if you happen to download something with a name that looks dodgy.

Mark15788
Mark15788
Supreme Being
Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)Supreme Being (1.2K reputation)

Group: Forum Members
Posts: 172, Visits: 2.2K
So it’s just monitoring software they have installed?

Is that part of your order?
J J
J J
Supreme Being
Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)Supreme Being (3.7K reputation)

Group: Forum Members
Posts: 141, Visits: 539
Mark15788 - 28 Aug 20 4:28 PM
So it’s just monitoring software they have installed? Is that part of your order?

No - its some analysis software that they ran
GO


Similar Topics


As a small but national charity, we rely on charitable grants and individual donations to continue running theForum. We do not deliver government services. By being independent, we are able to respond to the needs of the people with convictions. Help us keep theForum going.

Donate Online

Login
Existing Account
Email Address:


Password:


Select a Forum....
























































































































































































theForum


Search