Yes :(

They were insured. That wasn't the point. The point was the access to the office without damage to get in. The point was finding out who could do this with such ease. The point was tracking this person down not only to further prevent such thefts but also to leverage this info to get better security around labs and high profile offices. All of this is now successful because of what we did.

Also, thankfully as a well-pair scientist and lawyer I know the difference between petty theft and grand theft unlike you. The person now implicated in the theft stands to serve a minimum of 7 years because this isn't his first felony. The others get 18-24 months for possession of stolen goods at a minimum, one other looks like they will get 5+ because of a criminal record that is quite lengthy. People may not like lawyers but they sure as hell love what they can do to get folks out of a pickle.

Petty theft is under $5000 in Ontario. This is grand theft and the problem was more serious as the theft involved absolutely no damage to the premises. Someone had access to a master or sub-master key. Secondly, there is some back-story to the break-in wherein we had a suspect in mind but couldn't prove it (past break-ins, vendetta etc).

Encrypting the hdd was a non-starter because of performance with a VM we must use. That's an internal IT decision not ours. This was a work system and therefore needed to be on the intranet. The filesystem encryption was dramatically slowing down the VM we would use on a daily basis. Truecrypt was used for the sensitive data. We weren't paranoid about data loss. We had plenty of backups as I mentioned (mirrored systems, back-up to the university servers which are themselves backed up regularly).

The key was tracking down the perp and getting some answers. Which we did and this has forced the hand of the university to install cameras outside the major labs (something they resisted), increased security around the master keys. Decreased the number of people who have access to those keys regularly etc. etc.

In the end, it worked out and with not too much effort. The upside is that a whole lot of other people got their computers back, along with some other pricey items stolen from offices, labs and other places off campus.

I actually just went through this exact situation a week ago. Here's my story and how I was able to get the computer back with the cops' help. My country (Canada) works very similar to most US states so hopefully this will help you.

Our outfit is into tech in a big way. We are all scientists of some sort and up and up on O/S, security and the latest tech gizmos. When my boss wanted to upgrade his systems to dual Macbook Pros, we immediately setup s mirroring system where he could be perpetually synchronized between his office and home with automated backups to the university servers. We had a script I had written to do much of this along with posting an IP address every hour in 24 blocks. We also were using Log Me In so that he could remote control his systems. The server ran on startup and wasn't viewable in the taskbar as my boss hates clutter.

Anyhow, we had two separate systems that were capable of posting IP addresses when online.

Three days after the theft we started getting IP writes in the logs.

The first and major things we both had to do was 1) restrain ourselves from doing absolutely anything to jeopardize the comp from going offline 2) contact the police immediately with the IP information.

Before we contacted the police again, I had determined where the IP was coming from (a home account from a major ISP). We waited another three days, consistently getting the same IP posting. We then went back to the police. Like the OP, they view a computer theft as insignificant given their work load. They saw a wealthy scientist ($500k/year) who had lost out on a $5000 laptop (Macbook Pro 17" with all the fixins) containing $30k of specialized software (and we had the discs of course to reload) a digital project worth $1.5k and a few other smaller items. Even though this was over $5000 (which is like a felony in Canada), they simply weren't able to provide us with much help. They knew what a computer was and even an IP but after that they were deers in headlights. I requested to speak with someone in their cyber-crimes division and I was told that because of the G8 and G20, I was out of luck there.

Not unlike research institutes and universities world-wide, this police department fought for funds internally and also internally, departments would "pay" other departments for work. In this case, because it would be a "special favour," during an immensely chaotic time for our police forces because of the heads of states well, they simply said no to all those requests.

Here is where things got both fun and tricky but I think could work for the OP.

A consistent IP can easily be traced to the ISP. If the IP is consistent over a select period of time, a motion can be filed before a judge and a warrant issued to get the personal information of the person owning said account. I happen to be a trained lawyer, so the detectives were really open to what I was suggesting, and since I also happen to be a computer scientist who does research into security as well as other things, they viewed me as an expert in the field. The first warrant was sought and granted within two days of us suggesting this avenue. This is your first MAJOR task and one that will be the most fruitful.

Legally, I was able to log into the stolen computer without comprising any investigation because I was about to be "contracted" by the police department to do what their cyber-crime division wouldn't do but could: gain network access and collect as much data as possible.

I did this and eventually worked around the router (a joke given the default settings that existed) and then the grey area began where we required another warrant: checking out the other comps on the network. While the search warrant was being issued for this, a SECOND warrant (and really the only other one we needed) was being issued to search the premises the cops received via the ISP. The IP had been consistently posting with the same address over 10 days and staying online for 6-10 hours at a time. I could have taken video of the thief/thieves or recorded their audio, taking pics, whatever the cops wanted, but ultimately the KEY was the personal info from the ISP.

In the end, I was able to gain access to 6 other computers on the network, only one belonged officially to the group of guys and the others were all stolen. The day after they had authorized me to do all that, the same detectives had gone out and busted the punks. A nice little arrest of a medium sized theft/drug ring. The cops were completely unaware about these guys, so they got a nice little kudos to their case cracking quota for the year. Regardless, despite all the fancy leveraging I did to get access to the computers the ONLY really important info was the ISP user account info which again was all the ocnfirmation the cops needed to get a search warrant. The tiny print indicated that the comp had to have been online within 12 hours from the time of issuing to the time of the search. Not a problem if the cops are motivated enough to go through with this. With a warrant in hand, they certainly were.

The guys who were busted in my case weren't necessarily the guys who broke into the office. I'm now doing some forensics on the stolen computer and providing info to the cops which again, I couldn't do without authorization from the department. So our case in ongoing, the guys are now out on bail but the best part is that we have the hardware back and the very trivial method of retrieving the IP and finding the ISP lead to the search and ultimately the arrest. With the extra info I've now gathered, they won't simply be charged with possession but will now be charged with grand theft.

So a quick recap:

1) log the IP addresses over days
2) supply this information to the cops in the nicest way possible
3) request a warrant to confirm via the ISP
4) keep logging the IP!
5) get a search warrant
6) get your kit back

It seems like a convenient method of limiting brown-outs. The privacy implications may be enormous for some but for others it will appear to be a good idea particularly since folks can override the system.

Right....

The last time the US and Canada fought, how did that end again? Ah yes, your White House was lit on fire.

It would take a little more than your National Guard to take some Canadians down. Shooting some of the ICBMs you have pointed at them would work however.

A breath of fresh air in the murky air of pollution spewed by the RIAA/MPAA et. al.

Try Open Office for Mac which is very fast. Recently released with real Mac integration and NeoOffice will soon be dust in the wind.