* Jason Coombs:
> Over the last few years I have seen numerous cases in which the computer
> forensic evidence proves that a third party intruder was in control of
> the suspect's computer.
Let's face it: Most end-user computers are compromised in one way or
the other. This doesn't mean that the legitimate owner of the machine
isn't using it for any crimes.
> I ask you this question: why doesn't law enforcement bother to conduct
> an analysis of the computer evidence looking for indications of
> third-party intrusion and malware?
It's standard practice in some countries, especially when mere
possession of data is not automatically a crime.
> Every person convicted of an electronic crime against a child based only
> on evidence recovered from a hard drive that happened to be in their
> possession should be immediately released from whatever prison they are
> now being held.
If you do this, anybody who is interested in child pornography just
infects his machine with some malware and escapes conviction. This
isn't quite feasible, either.
> Law enforcement must be required to obtain Internet wiretaps, use
> keyloggers and screen capture techniques, and conduct other
> investigations of crimes-in-progress
As long as the possession itself is a crime, this is just a waste of
resources. I tend to agree that the current situation in most
countries is difficult because of the elusive nature of purely
electronic evidence.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Oct 01 2005
Intro
