| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42CA902F.4060405@digitalmunition.com> Date: Tue Jul 5 14:44:47 2005 From: kf_lists at digitalmunition.com (KF (lists)) Subject: Re: Tools accepted by the courts Has anyone seen legal arguments made about the use of Sleuthkit vs. eNcase? Any comments that would make one lean toward using either one? -KF Lauro, John wrote: >Problem with prosecution... > >Most X-Rays will not damage most hard drives. Hard drives are >shielded. > >Proof of no mutation is the checksums on each sector of the hard >drive. Unless those fail to pass, the data didn't "mutate". > > > >>-----Original Message----- >>From: full-disclosure-bounces@...ts.grok.org.uk >> >> >[mailto:full-disclosure- > > >>bounces@...ts.grok.org.uk] On Behalf Of Gaurav Kumar >>Sent: Tuesday, July 05, 2005 8:50 AM >>To: full-disclosure@...ts.grok.org.uk >>Subject: Re: [Full-disclosure] Re: Tools accepted by the courts >> >>i wish to share what happened in real life- >> >>the lawyer shows proofs of the hacking done. the judge say "ok" the >>defense guy asked, is this proof passed through the x-ray detector >> >> >of > > >>airport while the proof was shipped. "yes" was the obvious reply. >>defense lawyer continued .."since this proof has passed thru xrays, >>there are chances that it might have been mutated" by the rays. >> >>the defendant wont having benefit of doubt. >> >>regards, >>gaurav >> >> >>On 7/5/05, Jason Coombs <jasonc@...ence.org> wrote: >> >> >>>Evidence Technology wrote: >>> >>> >>>>That era is quickly fading. Going forward, I think we'll see >>>> >>>> >more > > >>>>and more digital evidence rendered inadmissible via failure to >>>>adhere to established evidentiary standards. >>>> >>>> >>>Jerry, >>> >>>No way. What 'evidentiary standards' are you talking about here? >>> >>>I'm sorry but that's just absurd. How will there ever be >>> >>> >'evidentiary > > >>>standards' on the contents of my filing cabinet and my personal >>>pornography collection? >>> >>>The police find the data where they find it. That's called >>>'circumstantial evidence' and digital evidence will always be >>> >>> >treated > > >>>exactly as such no matter who we successfully convince of the >>> >>> >flaws > > >>>inherent in the filing cabinet or printed document/glossy >>> >>> >photograph > > >>>analogy. >>> >>>What I demand to hear spoken by law enforcement, and what I insist >>>prosecutors compel law enforcement to speak if they don't >>> >>> >volunteer > > >>>these words out of their own common sense, is the following: >>> >>>"Yes, that's what we found on the hard drive but there's little or >>> >>> >no > > >>>reason for us to believe that the defendant is responsible for >>> >>> >placing > > >>>it there just because the hard drive was in the defendant's >>> >>> >possession. > > >>>We often see cases where hard drives are installed second-hand and >>> >>> >data > > >>>from previous owners remains on the drive, we can't tell when the >>> >>> >data > > >>>in question was written so it's important to be aware that >>> >>> >hundreds of > > >>>other people could have placed it there. We also see cases where >>>software such as spyware or Web pages full of javascript force a >>>suspect's Web browser to take actions that result in the >>> >>> >appearance that > > >>>the owner of the computer caused Internet content to be retrieved >>> >>> >when > > >>>in fact the owner of the computer may not have known what was >>> >>> >happening, > > >>>malicious Web site programmers know how to use techniques such as >>>pop-unders and frames to hide scripted behavior of Web pages. >>>Furthermore, once the Web browser is closed and its temporary >>> >>> >files are > > >>>deleted, every bit of data that was saved 'temporarily' to a file >>> >>> >by the > > >>>browser becomes a semi-permanent part of the hard drive's >>> >>> >unallocated > > >>>space and we have no way to tell the difference between data that >>> >>> >was > > >>>once part of a temporary file created automatically by a Web page >>> >>> >being > > >>>viewed or scripted inside a Web browser and the same data placed >>>intentionally on the hard drive by its owner without the use of >>> >>> >the > > >>>Internet. Also ..." >>> >>>Disrespectfully Yours, >>> >>> (with extreme prejudice born of intense frustration due to the >>> >>> >fact > > >>>that nobody cares about getting this stuff right when it's so much >>>easier just to collect a forensic paycheck and move on to the next >>>victim -- I would like to think you are part of the solution >>> >>> >rather than > > >>>being part of the problem but you're talking nonsense and so is >>> >>> >nearly > > >>>everyone else in the computer forensics field, most especially the >>>computer forensics vendors who need people to love them in order >>> >>> >to make > > >>>their businesses grow. They do not deserve respect and they most >>>certainly fail the 'lovable' test, but television shows like CSI >>> >>> >and > > >>>visions of fat bank accounts have deceived everyone >>> >>> >temporarily...) > > >>>Please get a clue before you hurt somebody. >>> >>>Jason Coombs >>>jasonc@...ence.org >>>_______________________________________________ >>>Full-Disclosure - We believe in it. >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ >> >> >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > > > >
Powered by blists - more mailing lists