“(Blogetery) was terminated by request of law enforcement officials, due to material hosted on the server. We are limited as to the details we can provide to you, but note that this was a critical matter and the only available option to us was to immediately deactivate the server.”

There have been rumblings that copyright infringement might have been the motivation, but how would this justify taking 70,000 individual blogs off-line?  Either way the owner has already clearly said…

“(I) got C&D letters from copyright owners to remove pages with links to torrent/rapidshare. I always handle such abuse reports within 24 hours and remove such material.”

 A spokesperson for the company later told CNET that the case had nothing to do with copyright infringement.

Simply put: We cannot give him his data nor can we provide any other details. By stating this, most would recognize that something serious is afoot…This is the last post we will make on this subject.”

SO far the law enforcement agency involved has not been identified nor has the alleged wrongdoing been made public.  70,000 potentially innocent people though have tonight lost their blogs, for how long remains to be seen.

It’s a standalone tool which means it can be run from external devices connected to the computer which is definitely a prerequisite for all forensic tools. It analyses the user level at startup and displays information like the local IP and hostname. A click on Start Collecting processes 14 sequences, some with subsequences, that collect data and write that data into logfiles in the Evidence Collector directory.

The software did write 25 different log files into the log directory including a list of opened files, installed applications and processes. Evidence Collector concentrates on hardware and software only while law enforcement agencies would definitely scan the computer for files as well, probably using a software like Locate to find information in filenames and contents.

A detailed list of what is analysed:

• Shares and policies applied on shares
• Started and stopped services
• Installed software
• Installed Hotfixes
• Enumerated Processes
• Events logs
• TCP / UDP mapping endpoints
• Process handles tracking
• List start-up programs
• Suspected modules
• Users policies
• USB history

Evidence Collector is a free software currently in beta. There is no information on the homepage about compatibility, it runs fine on my Windows XP Service Pack 3 system.