lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B5DE664.9070505@csuohio.edu>
Date: Mon, 25 Jan 2010 13:43:48 -0500
From: Michael Holstein <michael.holstein@...ohio.edu>
To: Bipin Gautam <bipin.gautam@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?


> You are telling me "Modern forensic" examiners DRAW CONCLUSIONS
> without look it ALL possible evidence and by shifting just a few bytes
> of possible "related keywords" and draw insufficient conclusions?

No, they find the keyword in a file (or fragment thereof) and examine
the resulting file or reconstruct the fragments to see if it's relevant
to their investigation. Putting YOUR bomb plot amidst thousands of news
articles about OTHER bomb plots won't fool them, and it'll make you look
sufficiently guilty that you'll sit in jail while they waste their time.


> it like, when an forensic incident happens you take fingerprint from
> the whole house skipping a few rooms thinking there are sooooo many
> rooms to look for.....?
>
>   

Depends on what they're trying to prove. In a burglary case, they might
see prints on the stereo cabinet and lift those. No need to fingerprint
the entire house when they've got a clear print, although they usually
grab a few others just to be sure.

Apparently you've never sat through a trial .. find an interesting case
and go attend, it's highly educational. Basically a jury is 12 people of
the general population (in actuality, an in-depth knowledge of the
subject matter at hand is likely to get you dismissed as a juror by one
or both sides). The jury, having watched CSI and such will listen with
utter fascination at the State's expert in computer forensics talk about
how he extracted the data and it will paint a VERY convincing picture
for 12 people that know nothing about computers.


> On top of that, the keywords they fish-out that way is by no guarantee
> belonging to the OWNER OF THE COMPUTER instead as leftover chunks from
> the internet written by someone and lands on your computer's in
> disk-fragments as free-space as browser cache is flushed ?
>   

Possession is 9/10ths of the law. You can try and float your "wikipedia
did it" theory at trial, but ultimately it's a matter of which theory
sounds more plausible to the jury :

1. defendant had illegal stuff on his computer.
2. defendant says illegal stuff on his computer was an effort to hide
any potential illegal stuff by putting articles about related illegal
stuff he didn't do on there.

Quit trying to re-invent the wheel and get your crypto on and lawyer up
when asked about it.

Cheers,

Michael Holstein
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ