[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <43418154.9040703@securenetwork.it>
Date: Tue Oct 4 09:34:20 2005
From: s.zanero at securenetwork.it (Stefano Zanero)
Subject: Re: Careless Law Enforcement Computer Forensics
Lacking InfoSec Expertise Causes Suicides
Jason Coombs wrote:
> 34 people have killed themselves in the U.K. after being accused of
> purchasing child pornography using their credit card numbers on the Web
I know of at least one similar case in Italy.
> the presence of child pornography on a hard drive owned by a person who
> is accused of purchasing child pornography is the best evidence law
> enforcement has to prove guilt of these so-called 'electronic crimes
> against children' -- crimes that are proved by the mere existence of
> data,
I would add that in some cases even "sharing" these files on
peer-to-peer networks can be an innocent act, for instance if you
bulk-download them from a user, and before inspecting their content
someone downloads them from your shared folder.
In Italy, "trading" this type of material is a distinct charge from
"owning" it.
> I ask you this question: why doesn't law enforcement bother to conduct
> an analysis of the computer evidence looking for indications of
> third-party intrusion and malware?
I have asked the same question to law enforcement personnel, but with no
satisfactory answers for now.
> There is simply no way for law enforcement to know the difference
> between innocent and guilty persons based on hard drive data
> circumstantial evidence.
I agree, from my own experience as a forensics consultant.
--
Cordiali saluti,
Ing. Stefano Zanero
---------------------------
Secure Network S.r.l.
www.securenetwork.it
Powered by blists - more mailing lists