mailing list archives
Re: Disk wiping -- An alternate approach?
From: Bipin Gautam <bipin.gautam () gmail com>
Date: Tue, 26 Jan 2010 10:24:02 +0545
Could DIGITAL FORENSICS be fundamentally FLAWED ( and they dont explain more?)
Think : http://en.wikipedia.org/wiki/Chain_of_custody
Main Point: The keywords and texts found in a suspects harddisk is by
NO guarantee belonging to the OWNER OF THE COMPUTER instead it could
be leftover chunks from the internet written by someone and lands on
your computer's in disk-fragments as found dormant on your free-space
as browser cache is flushed ?
On top of that FAT32/NTFS fs has high fragmentation rate than EXT*.
The problem is: "Possession is 9/10ths of the law" -- but ANY texts
they find, if questionable can also very likely come from the internet
while you browse online and NOT your own possession and someone typed
it from online,webpage you viewed etc and it lands on your disk while
you browse it and is left as fragments?
How does the law sees such a situation?
(and except the possibility of linguistic analysis to prove guilty)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/