Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Disk wiping -- An alternate approach?
From: Bipin Gautam <bipin.gautam () gmail com>
Date: Tue, 26 Jan 2010 10:24:02 +0545

Could DIGITAL FORENSICS be fundamentally FLAWED ( and they dont explain more?)

Think : http://en.wikipedia.org/wiki/Chain_of_custody

Main Point: The keywords and texts found in a suspects harddisk is by
NO guarantee belonging to the OWNER OF THE COMPUTER instead it could
be leftover chunks from the internet written by someone and lands on
your computer's in disk-fragments as found dormant on your free-space
as browser cache is flushed ?

On top of that FAT32/NTFS fs has high fragmentation rate than EXT*.

The problem is: "Possession is 9/10ths of the law" -- but ANY texts
they find, if questionable can also very likely come from the internet
while you browse online and NOT your own possession and someone typed
it from online,webpage you viewed etc and it lands on your disk while
you browse it and is left as fragments?

How does the law sees such a situation?

(and except the possibility of linguistic analysis to prove guilty)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]