[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <42CA902F.4060405@digitalmunition.com>
Date: Tue Jul 5 14:44:47 2005
From: kf_lists at digitalmunition.com (KF (lists))
Subject: Re: Tools accepted by the courts
Has anyone seen legal arguments made about the use of Sleuthkit vs.
eNcase? Any comments that would make one lean toward using either one?
-KF
Lauro, John wrote:
>Problem with prosecution...
>
>Most X-Rays will not damage most hard drives. Hard drives are
>shielded.
>
>Proof of no mutation is the checksums on each sector of the hard
>drive. Unless those fail to pass, the data didn't "mutate".
>
>
>
>>-----Original Message-----
>>From: full-disclosure-bounces@...ts.grok.org.uk
>>
>>
>[mailto:full-disclosure-
>
>
>>bounces@...ts.grok.org.uk] On Behalf Of Gaurav Kumar
>>Sent: Tuesday, July 05, 2005 8:50 AM
>>To: full-disclosure@...ts.grok.org.uk
>>Subject: Re: [Full-disclosure] Re: Tools accepted by the courts
>>
>>i wish to share what happened in real life-
>>
>>the lawyer shows proofs of the hacking done. the judge say "ok" the
>>defense guy asked, is this proof passed through the x-ray detector
>>
>>
>of
>
>
>>airport while the proof was shipped. "yes" was the obvious reply.
>>defense lawyer continued .."since this proof has passed thru xrays,
>>there are chances that it might have been mutated" by the rays.
>>
>>the defendant wont having benefit of doubt.
>>
>>regards,
>>gaurav
>>
>>
>>On 7/5/05, Jason Coombs <jasonc@...ence.org> wrote:
>>
>>
>>>Evidence Technology wrote:
>>>
>>>
>>>>That era is quickly fading. Going forward, I think we'll see
>>>>
>>>>
>more
>
>
>>>>and more digital evidence rendered inadmissible via failure to
>>>>adhere to established evidentiary standards.
>>>>
>>>>
>>>Jerry,
>>>
>>>No way. What 'evidentiary standards' are you talking about here?
>>>
>>>I'm sorry but that's just absurd. How will there ever be
>>>
>>>
>'evidentiary
>
>
>>>standards' on the contents of my filing cabinet and my personal
>>>pornography collection?
>>>
>>>The police find the data where they find it. That's called
>>>'circumstantial evidence' and digital evidence will always be
>>>
>>>
>treated
>
>
>>>exactly as such no matter who we successfully convince of the
>>>
>>>
>flaws
>
>
>>>inherent in the filing cabinet or printed document/glossy
>>>
>>>
>photograph
>
>
>>>analogy.
>>>
>>>What I demand to hear spoken by law enforcement, and what I insist
>>>prosecutors compel law enforcement to speak if they don't
>>>
>>>
>volunteer
>
>
>>>these words out of their own common sense, is the following:
>>>
>>>"Yes, that's what we found on the hard drive but there's little or
>>>
>>>
>no
>
>
>>>reason for us to believe that the defendant is responsible for
>>>
>>>
>placing
>
>
>>>it there just because the hard drive was in the defendant's
>>>
>>>
>possession.
>
>
>>>We often see cases where hard drives are installed second-hand and
>>>
>>>
>data
>
>
>>>from previous owners remains on the drive, we can't tell when the
>>>
>>>
>data
>
>
>>>in question was written so it's important to be aware that
>>>
>>>
>hundreds of
>
>
>>>other people could have placed it there. We also see cases where
>>>software such as spyware or Web pages full of javascript force a
>>>suspect's Web browser to take actions that result in the
>>>
>>>
>appearance that
>
>
>>>the owner of the computer caused Internet content to be retrieved
>>>
>>>
>when
>
>
>>>in fact the owner of the computer may not have known what was
>>>
>>>
>happening,
>
>
>>>malicious Web site programmers know how to use techniques such as
>>>pop-unders and frames to hide scripted behavior of Web pages.
>>>Furthermore, once the Web browser is closed and its temporary
>>>
>>>
>files are
>
>
>>>deleted, every bit of data that was saved 'temporarily' to a file
>>>
>>>
>by the
>
>
>>>browser becomes a semi-permanent part of the hard drive's
>>>
>>>
>unallocated
>
>
>>>space and we have no way to tell the difference between data that
>>>
>>>
>was
>
>
>>>once part of a temporary file created automatically by a Web page
>>>
>>>
>being
>
>
>>>viewed or scripted inside a Web browser and the same data placed
>>>intentionally on the hard drive by its owner without the use of
>>>
>>>
>the
>
>
>>>Internet. Also ..."
>>>
>>>Disrespectfully Yours,
>>>
>>> (with extreme prejudice born of intense frustration due to the
>>>
>>>
>fact
>
>
>>>that nobody cares about getting this stuff right when it's so much
>>>easier just to collect a forensic paycheck and move on to the next
>>>victim -- I would like to think you are part of the solution
>>>
>>>
>rather than
>
>
>>>being part of the problem but you're talking nonsense and so is
>>>
>>>
>nearly
>
>
>>>everyone else in the computer forensics field, most especially the
>>>computer forensics vendors who need people to love them in order
>>>
>>>
>to make
>
>
>>>their businesses grow. They do not deserve respect and they most
>>>certainly fail the 'lovable' test, but television shows like CSI
>>>
>>>
>and
>
>
>>>visions of fat bank accounts have deceived everyone
>>>
>>>
>temporarily...)
>
>
>>>Please get a clue before you hurt somebody.
>>>
>>>Jason Coombs
>>>jasonc@...ence.org
>>>_______________________________________________
>>>Full-Disclosure - We believe in it.
>>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
Powered by blists - more mailing lists