[40589] in bugtraq
Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise
daemon@ATHENA.MIT.EDU (Stefano Zanero)
Tue Oct 4 14:53:32 2005
Message-ID: <43418154.9040703@securenetwork.it>
Date: Mon, 03 Oct 2005 21:07:00 +0200
From: Stefano Zanero <s.zanero@securenetwork.it>
MIME-Version: 1.0
To: jasonc@science.org
Cc: Full-Disclosure <full-disclosure@lists.grok.org.uk>,
bugtraq@securityfocus.com, isn@attrition.org
In-Reply-To: <433ED2BE.3020008@science.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Jason Coombs wrote:
> 34 people have killed themselves in the U.K. after being accused of
> purchasing child pornography using their credit card numbers on the Web
I know of at least one similar case in Italy.
> the presence of child pornography on a hard drive owned by a person who
> is accused of purchasing child pornography is the best evidence law
> enforcement has to prove guilt of these so-called 'electronic crimes
> against children' -- crimes that are proved by the mere existence of
> data,
I would add that in some cases even "sharing" these files on
peer-to-peer networks can be an innocent act, for instance if you
bulk-download them from a user, and before inspecting their content
someone downloads them from your shared folder.
In Italy, "trading" this type of material is a distinct charge from
"owning" it.
> I ask you this question: why doesn't law enforcement bother to conduct
> an analysis of the computer evidence looking for indications of
> third-party intrusion and malware?
I have asked the same question to law enforcement personnel, but with no
satisfactory answers for now.
> There is simply no way for law enforcement to know the difference
> between innocent and guilty persons based on hard drive data
> circumstantial evidence.
I agree, from my own experience as a forensics consultant.
--
Cordiali saluti,
Ing. Stefano Zanero
---------------------------
Secure Network S.r.l.
www.securenetwork.it
