lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C49470270F5AD43A0BDEA0F130C850B011CAE18@its-emb1.umflint.edu>
Date: Tue Jul  5 14:36:53 2005
From: jlauro at umflint.edu (Lauro, John)
Subject: Re: Tools accepted by the courts

Problem with prosecution...

Most X-Rays will not damage most hard drives.  Hard drives are
shielded.

Proof of no mutation is the checksums on each sector of the hard
drive.  Unless those fail to pass, the data didn't "mutate".

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-
> bounces@...ts.grok.org.uk] On Behalf Of Gaurav Kumar
> Sent: Tuesday, July 05, 2005 8:50 AM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Re: Tools accepted by the courts
> 
> i wish to share what happened in real life-
> 
> the lawyer shows proofs of the hacking done. the judge say "ok" the
> defense guy asked, is this proof passed through the x-ray detector
of
> airport while the proof was shipped. "yes" was the obvious reply.
> defense lawyer continued .."since this proof has passed thru xrays,
> there are chances that it might have been mutated" by the rays.
> 
> the defendant wont having benefit of doubt.
> 
> regards,
> gaurav
> 
> 
> On 7/5/05, Jason Coombs <jasonc@...ence.org> wrote:
> > Evidence Technology wrote:
> > > That era is quickly fading. Going forward, I think we'll see
more
> > > and more digital evidence rendered inadmissible via failure to
> > > adhere to established evidentiary standards.
> >
> > Jerry,
> >
> > No way. What 'evidentiary standards' are you talking about here?
> >
> > I'm sorry but that's just absurd. How will there ever be
'evidentiary
> > standards' on the contents of my filing cabinet and my personal
> > pornography collection?
> >
> > The police find the data where they find it. That's called
> > 'circumstantial evidence' and digital evidence will always be
treated
> > exactly as such no matter who we successfully convince of the
flaws
> > inherent in the filing cabinet or printed document/glossy
photograph
> > analogy.
> >
> > What I demand to hear spoken by law enforcement, and what I insist
> > prosecutors compel law enforcement to speak if they don't
volunteer
> > these words out of their own common sense, is the following:
> >
> > "Yes, that's what we found on the hard drive but there's little or
no
> > reason for us to believe that the defendant is responsible for
placing
> > it there just because the hard drive was in the defendant's
possession.
> > We often see cases where hard drives are installed second-hand and
data
> > from previous owners remains on the drive, we can't tell when the
data
> > in question was written so it's important to be aware that
hundreds of
> > other people could have placed it there. We also see cases where
> > software such as spyware or Web pages full of javascript force a
> > suspect's Web browser to take actions that result in the
appearance that
> > the owner of the computer caused Internet content to be retrieved
when
> > in fact the owner of the computer may not have known what was
happening,
> > malicious Web site programmers know how to use techniques such as
> > pop-unders and frames to hide scripted behavior of Web pages.
> > Furthermore, once the Web browser is closed and its temporary
files are
> > deleted, every bit of data that was saved 'temporarily' to a file
by the
> > browser becomes a semi-permanent part of the hard drive's
unallocated
> > space and we have no way to tell the difference between data that
was
> > once part of a temporary file created automatically by a Web page
being
> > viewed or scripted inside a Web browser and the same data placed
> > intentionally on the hard drive by its owner without the use of
the
> > Internet. Also ..."
> >
> > Disrespectfully Yours,
> >
> >  (with extreme prejudice born of intense frustration due to the
fact
> > that nobody cares about getting this stuff right when it's so much
> > easier just to collect a forensic paycheck and move on to the next
> > victim -- I would like to think you are part of the solution
rather than
> > being part of the problem but you're talking nonsense and so is
nearly
> > everyone else in the computer forensics field, most especially the
> > computer forensics vendors who need people to love them in order
to make
> > their businesses grow. They do not deserve respect and they most
> > certainly fail the 'lovable' test, but television shows like CSI
and
> > visions of fat bank accounts have deceived everyone
temporarily...)
> >
> > Please get a clue before you hurt somebody.
> >
> > Jason Coombs
> > jasonc@...ence.org
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists