lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <42CA7744.6050701@science.org>
Date: Tue Jul  5 13:03:45 2005
From: jasonc at science.org (Jason Coombs)
Subject: Re: Tools accepted by the courts

Evidence Technology wrote:
> That era is quickly fading. Going forward, I think we'll see more
> and more digital evidence rendered inadmissible via failure to
> adhere to established evidentiary standards.

Jerry,

No way. What 'evidentiary standards' are you talking about here?

I'm sorry but that's just absurd. How will there ever be 'evidentiary 
standards' on the contents of my filing cabinet and my personal 
pornography collection?

The police find the data where they find it. That's called 
'circumstantial evidence' and digital evidence will always be treated 
exactly as such no matter who we successfully convince of the flaws 
inherent in the filing cabinet or printed document/glossy photograph 
analogy.

What I demand to hear spoken by law enforcement, and what I insist 
prosecutors compel law enforcement to speak if they don't volunteer 
these words out of their own common sense, is the following:

"Yes, that's what we found on the hard drive but there's little or no 
reason for us to believe that the defendant is responsible for placing 
it there just because the hard drive was in the defendant's possession. 
We often see cases where hard drives are installed second-hand and data 
from previous owners remains on the drive, we can't tell when the data 
in question was written so it's important to be aware that hundreds of 
other people could have placed it there. We also see cases where 
software such as spyware or Web pages full of javascript force a 
suspect's Web browser to take actions that result in the appearance that 
the owner of the computer caused Internet content to be retrieved when 
in fact the owner of the computer may not have known what was happening, 
malicious Web site programmers know how to use techniques such as 
pop-unders and frames to hide scripted behavior of Web pages. 
Furthermore, once the Web browser is closed and its temporary files are 
deleted, every bit of data that was saved 'temporarily' to a file by the 
browser becomes a semi-permanent part of the hard drive's unallocated 
space and we have no way to tell the difference between data that was 
once part of a temporary file created automatically by a Web page being 
viewed or scripted inside a Web browser and the same data placed 
intentionally on the hard drive by its owner without the use of the 
Internet. Also ..."

Disrespectfully Yours,

  (with extreme prejudice born of intense frustration due to the fact 
that nobody cares about getting this stuff right when it's so much 
easier just to collect a forensic paycheck and move on to the next 
victim -- I would like to think you are part of the solution rather than 
being part of the problem but you're talking nonsense and so is nearly 
everyone else in the computer forensics field, most especially the 
computer forensics vendors who need people to love them in order to make 
their businesses grow. They do not deserve respect and they most 
certainly fail the 'lovable' test, but television shows like CSI and 
visions of fat bank accounts have deceived everyone temporarily...)

Please get a clue before you hurt somebody.

Jason Coombs
jasonc@...ence.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ