lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat Oct  1 19:44:41 2005
From: fw at deneb.enyo.de (Florian Weimer)
Subject: Careless Law Enforcement Computer Forensics
	Lacking InfoSec Expertise Causes Suicides

* Jason Coombs:

> Over the last few years I have seen numerous cases in which the computer 
> forensic evidence proves that a third party intruder was in control of 
> the suspect's computer.

Let's face it: Most end-user computers are compromised in one way or
the other.  This doesn't mean that the legitimate owner of the machine
isn't using it for any crimes.

> I ask you this question: why doesn't law enforcement bother to conduct 
> an analysis of the computer evidence looking for indications of 
> third-party intrusion and malware?

It's standard practice in some countries, especially when mere
possession of data is not automatically a crime.

> Every person convicted of an electronic crime against a child based only 
> on evidence recovered from a hard drive that happened to be in their 
> possession should be immediately released from whatever prison they are 
> now being held.

If you do this, anybody who is interested in child pornography just
infects his machine with some malware and escapes conviction.  This
isn't quite feasible, either.

> Law enforcement must be required to obtain Internet wiretaps, use 
> keyloggers and screen capture techniques, and conduct other 
> investigations of crimes-in-progress

As long as the possession itself is a crime, this is just a waste of
resources.  I tend to agree that the current situation in most
countries is difficult because of the elusive nature of purely
electronic evidence.

Powered by blists - more mailing lists