Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 01 Oct 2005 20:43:59 +0200

* Jason Coombs:

Over the last few years I have seen numerous cases in which the computer 
forensic evidence proves that a third party intruder was in control of 
the suspect's computer.

Let's face it: Most end-user computers are compromised in one way or
the other.  This doesn't mean that the legitimate owner of the machine
isn't using it for any crimes.

I ask you this question: why doesn't law enforcement bother to conduct 
an analysis of the computer evidence looking for indications of 
third-party intrusion and malware?

It's standard practice in some countries, especially when mere
possession of data is not automatically a crime.

Every person convicted of an electronic crime against a child based only 
on evidence recovered from a hard drive that happened to be in their 
possession should be immediately released from whatever prison they are 
now being held.

If you do this, anybody who is interested in child pornography just
infects his machine with some malware and escapes conviction.  This
isn't quite feasible, either.

Law enforcement must be required to obtain Internet wiretaps, use 
keyloggers and screen capture techniques, and conduct other 
investigations of crimes-in-progress

As long as the possession itself is a crime, this is just a waste of
resources.  I tend to agree that the current situation in most
countries is difficult because of the elusive nature of purely
electronic evidence.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]