mailing list archives
Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 01 Oct 2005 20:43:59 +0200
* Jason Coombs:
Over the last few years I have seen numerous cases in which the computer
forensic evidence proves that a third party intruder was in control of
the suspect's computer.
Let's face it: Most end-user computers are compromised in one way or
the other. This doesn't mean that the legitimate owner of the machine
isn't using it for any crimes.
I ask you this question: why doesn't law enforcement bother to conduct
an analysis of the computer evidence looking for indications of
third-party intrusion and malware?
It's standard practice in some countries, especially when mere
possession of data is not automatically a crime.
Every person convicted of an electronic crime against a child based only
on evidence recovered from a hard drive that happened to be in their
possession should be immediately released from whatever prison they are
now being held.
If you do this, anybody who is interested in child pornography just
infects his machine with some malware and escapes conviction. This
isn't quite feasible, either.
Law enforcement must be required to obtain Internet wiretaps, use
keyloggers and screen capture techniques, and conduct other
investigations of crimes-in-progress
As long as the possession itself is a crime, this is just a waste of
resources. I tend to agree that the current situation in most
countries is difficult because of the elusive nature of purely
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/