Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Disk wiping -- An alternate approach?
From: T Biehn <tbiehn () gmail com>
Date: Tue, 26 Jan 2010 14:22:09 -0500

Unknown malware? Infections recently deleted by A/V?

The realm of data ownership is ridiculous. If I run an wifi AP with
WEP or no auth, my router keeps no logs, and my computer is a host to
malware then I would imagine that I cannot be convicted of a computer
crime without verification by physical surveillance.

If given the choice by a lawyer between pleading guilty and receiving
a lenient punishment and pleading not-guilty to certain loss for
severe punishment in the face of 'irrefutable' evidence most people
will choose to plead guilty. Prosecutors, Lawyers, and defendants are
largely either ignorant or apathetic to the issues around proving
culpability in computer-crime.

And case law would back me up.

-Travis

On Tue, Jan 26, 2010 at 3:11 AM, Charles Skoglund
<charles.skoglund () bitsec se> wrote:
This discussion is getting weirder and weirder. If an examiner finds
evidence on YOUR computer / cell phone / usb disks / whatever, please do
tell me how it's not necessarily yours? By claiming your computer has been
hacked? You do know an examiner usually knows how to double-check your story
for malicious code right? Or what are you guys talking about?

My experience is that when I find the evidence, the person/s being
investigated confesses quite rapidly.

Cheers!



On 1/26/10 4:31 AM, "Bipin Gautam" <bipin.gautam () gmail com> wrote:

So to the point, the techniques of forensic examiners were flawed from
day one given that any text/evidence found on your computer is NOT
NECESSARILY yours! Does that break digital forensics........?
oops.................

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault