Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Mon, 03 Oct 2005 21:07:00 +0200

Jason Coombs wrote:
34 people have killed themselves in the U.K. after being accused of
purchasing child pornography using their credit card numbers on the Web

I know of at least one similar case in Italy.

the presence of child pornography on a hard drive owned by a person who
is accused of purchasing child pornography is the best evidence law
enforcement has to prove guilt of these so-called 'electronic crimes
against children' -- crimes that are proved by the mere existence of

I would add that in some cases even "sharing" these files on
peer-to-peer networks can be an innocent act, for instance if you
bulk-download them from a user, and before inspecting their content
someone downloads them from your shared folder.

In Italy, "trading" this type of material is a distinct charge from
"owning" it.

I ask you this question: why doesn't law enforcement bother to conduct
an analysis of the computer evidence looking for indications of
third-party intrusion and malware?

I have asked the same question to law enforcement personnel, but with no
satisfactory answers for now.

There is simply no way for law enforcement to know the difference
between innocent and guilty persons based on hard drive data
circumstantial evidence. 

I agree, from my own experience as a forensics consultant.

Cordiali saluti,
Ing. Stefano Zanero
Secure Network S.r.l.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]