lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000401c59d53$23bfb5a0$1701a8c0@fl.steelcloud.com>
Date: Wed Aug 10 03:28:17 2005
From: cday at asgardgroup.com (Christopher Day)
Subject: Help put a stop to incompetent computer
	forensics

Jason,

After a trivial Google search, the following was found:

"Marcus Lawson, the president of the Spokane private forensic firm
Global Compusearch"
http://www.courttv.com/trials/westerfield/070302_ctv.html

The firm's URL is www.globalcompusearch.com

Also, some might be interested in a two-part article in the Digital
Investigation journal
(http://www.compseconline.com/digitalinvestigation/) on this very
subject, the so-called Trojan Defense.

Cheers,

Chris



> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Jason Coombs
> Sent: Tuesday, August 09, 2005 8:01 PM
> To: Full-Disclosure; bugtraq@...urityfocus.com
> Subject: [Full-disclosure] Help put a stop to incompetent 
> computer forensics
> 
> 
> "An experienced computer forensics person could tell you 
> whether it was 
> because of [a Trojan virus] or not." -- Marcus Lawson.
> 
> This quote and article citation below concerning "computer 
> forensics" is 
> typical of the opinion of "computer forensics" professionals. We know 
> it's a big fat lie told by self-important people who don't 
> know anything 
> about information security and have never written software in their 
> lives, but I'm asking anyone who reads this, who has ideas 
> about how to 
> put a stop to this "computer forensics" absurdity where 
> people who don't 
> know how software is written and don't understand infosec are 
> allowed to 
> be the voice of "computer forensics" expertise in court, to please 
> contact me.
> 
> In addition, anyone who has any information about computer forensics 
> professional Marcus Lawson please contact me immediately.
> 
> The fact that malware authors aren't cooperating with the computer 
> forensics industry by making sure that it's easy to 
> distinguish between 
> the actions of malware and the actions of a human computer user, 
> combined with uninformed expert opinions like those shown below, is 
> resulting in innocent people being put behind bars, and people like 
> Marcus Lawson who think they know what they're doing but 
> clearly do not 
> are helping to get innocent people convicted by spewing nonsense.
> 
> This undermines the ability of the criminal court system to convict 
> those who are truly guilty, and keep them convicted on appeal.
> 
> Somehow we need to fix this broken system and insist that all 
> computer 
> forensics be performed with the help of a competent 
> information security 
> professional, at the very least.
> 
> Any other suggestions?
> 
> Sincerely,
> 
> Jason Coombs
> jasonc@...ence.org
> 
> 
http://edition.cnn.com/2003/LAW/08/12/ctv.trojan/

Though it raises new and important issues, say industry sources, the 
Trojan Horse problem won't likely mint a new defense strategy: It's just

a riff on the standard "not me" defense.

"There are a lot of child porn defendants who say, well, somebody else 
might have done it," said the EFF's Tien.  "But it doesn't fare very 
well, for obvious reasons."

In the end, experienced computer forensics investigators should be able 
to tell whether the computer's owner, or a Trojan Horse, spawned the 
material in question.

"You wouldn't want to just throw that out there as your defense," said 
Marcus Lawson, a computer forensic analyst who testified in the trial of

convicted child rapist and murderer David Westerfield. "An experienced 
computer forensics person could tell you whether it was because of [a 
Trojan virus] or not." _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ