lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY104-DAV481F5C91403C21B82AC8AD0E60@phx.gbl> Date: Tue Jul 5 23:00:35 2005 From: pingywon at hotmail.com (pingywon) Subject: RE: Tools accepted by the courts I have heard on more then one ocassion that Microsoft Event files (.evt) are admissible. can anyone comment yes or not through experience ? ~pingywon ----- Original Message ----- From: "Craig, Tobin (OIG)" <tobin.craig@...gov> To: <jasonc@...ence.org>; "Evidence Technology" <le@...dencetechnology.net> Cc: <full-disclosure@...ts.grok.org.uk>; <forensics@...urityfocus.com> Sent: Tuesday, July 05, 2005 8:36 AM Subject: [Full-disclosure] RE: Tools accepted by the courts Jerry, I have to disagree with Jason on this, I think you're on the right track; Computer forensics needs to be regarded in the same light as other forensics fields and held to the same standards to maintain any credibility in the future. Jason: I apologize on behalf of the rest of the community who are trying to find a way forward in this. Obviously by the tone of your previous contributions, you have the whole field sewn up. Perhaps when you publish your definitive work, we'll all be able to enjoy the view from your vantage point. But until then, I for one don't appreciate the belligerence and the patronizing. Perhaps in my 20 years of international forensic science in 8 different disciplines I've missed something fundamental concerning forensic investigation or evidence handling. If so, then please be sure to include a chapter, I'd love to see where I've been going wrong over the last two decades. If you are waiting for witnesses to paint a worst case scenario every time they hit the stand, then don't hold your breath. Our job is to make this stuff understandable in an impartial way. It doesn't matter how much you know or how much you understand if you cannot impart that information in a meaningful way to your audience, be it a judge, jury, or your granny. This is just my opinion folks. Respectfully yours, (unprejudiced, because that's how we are supposed to be professionally, trying to find the correct answer in place of the easy answer, knowing that yes there are those who would exploit this field like any other, but also knowing the way to see the standards increased is by doing my best to ensure that I've done my job to the best of my ability, -- I would like to hope you are more interested in finding the right way forward over promoting your own agenda, although sadly I'm seeing much of the good you have to say get lost in overly aggressive verbage.....) Please think twice about your delivery, you're only hurting yourself, Tobin Craig ___________________________ Tobin Craig, MRSC, CISSP, SCERS, EnCE IT Forensic Director, Computer Crimes and Forensics Department of Veterans Affairs Office of Inspector General 801 I Street NW Washington DC 20001 Tel: 202 565 7702 Fax: 202 565 7630 ___________________________ -----Original Message----- From: Jason Coombs [mailto:jasonc@...ence.org] Sent: Tuesday, July 05, 2005 8:04 AM To: Evidence Technology Cc: Craig, Tobin (OIG); forensics@...urityfocus.com; full-disclosure@...ts.grok.org.uk Subject: Re: Tools accepted by the courts Evidence Technology wrote: > That era is quickly fading. Going forward, I think we'll see more > and more digital evidence rendered inadmissible via failure to > adhere to established evidentiary standards. Jerry, No way. What 'evidentiary standards' are you talking about here? I'm sorry but that's just absurd. How will there ever be 'evidentiary standards' on the contents of my filing cabinet and my personal pornography collection? The police find the data where they find it. That's called 'circumstantial evidence' and digital evidence will always be treated exactly as such no matter who we successfully convince of the flaws inherent in the filing cabinet or printed document/glossy photograph analogy. What I demand to hear spoken by law enforcement, and what I insist prosecutors compel law enforcement to speak if they don't volunteer these words out of their own common sense, is the following: "Yes, that's what we found on the hard drive but there's little or no reason for us to believe that the defendant is responsible for placing it there just because the hard drive was in the defendant's possession. We often see cases where hard drives are installed second-hand and data from previous owners remains on the drive, we can't tell when the data in question was written so it's important to be aware that hundreds of other people could have placed it there. We also see cases where software such as spyware or Web pages full of javascript force a suspect's Web browser to take actions that result in the appearance that the owner of the computer caused Internet content to be retrieved when in fact the owner of the computer may not have known what was happening, malicious Web site programmers know how to use techniques such as pop-unders and frames to hide scripted behavior of Web pages. Furthermore, once the Web browser is closed and its temporary files are deleted, every bit of data that was saved 'temporarily' to a file by the browser becomes a semi-permanent part of the hard drive's unallocated space and we have no way to tell the difference between data that was once part of a temporary file created automatically by a Web page being viewed or scripted inside a Web browser and the same data placed intentionally on the hard drive by its owner without the use of the Internet. Also ..." Disrespectfully Yours, (with extreme prejudice born of intense frustration due to the fact that nobody cares about getting this stuff right when it's so much easier just to collect a forensic paycheck and move on to the next victim -- I would like to think you are part of the solution rather than being part of the problem but you're talking nonsense and so is nearly everyone else in the computer forensics field, most especially the computer forensics vendors who need people to love them in order to make their businesses grow. They do not deserve respect and they most certainly fail the 'lovable' test, but television shows like CSI and visions of fat bank accounts have deceived everyone temporarily...) Please get a clue before you hurt somebody. Jason Coombs jasonc@...ence.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists