lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 03 Oct 2005 21:07:00 +0200
From: Stefano Zanero <s.zanero@...urenetwork.it>
To: jasonc@...ence.org
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>, isn@...rition.org,
	bugtraq@...urityfocus.com
Subject: Re: Careless Law Enforcement Computer Forensics
 Lacking InfoSec Expertise Causes Suicides


Jason Coombs wrote:
> 34 people have killed themselves in the U.K. after being accused of
> purchasing child pornography using their credit card numbers on the Web

I know of at least one similar case in Italy.

> the presence of child pornography on a hard drive owned by a person who
> is accused of purchasing child pornography is the best evidence law
> enforcement has to prove guilt of these so-called 'electronic crimes
> against children' -- crimes that are proved by the mere existence of
> data,

I would add that in some cases even "sharing" these files on
peer-to-peer networks can be an innocent act, for instance if you
bulk-download them from a user, and before inspecting their content
someone downloads them from your shared folder.

In Italy, "trading" this type of material is a distinct charge from
"owning" it.

> I ask you this question: why doesn't law enforcement bother to conduct
> an analysis of the computer evidence looking for indications of
> third-party intrusion and malware?

I have asked the same question to law enforcement personnel, but with no
satisfactory answers for now.

> There is simply no way for law enforcement to know the difference
> between innocent and guilty persons based on hard drive data
> circumstantial evidence. 

I agree, from my own experience as a forensics consultant.

-- 
Cordiali saluti,
Ing. Stefano Zanero
---------------------------
Secure Network S.r.l.
www.securenetwork.it
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists