[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides
- To: jasonc@xxxxxxxxxxx
- Subject: Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides
- From: Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx>
- Date: Mon, 03 Oct 2005 21:07:00 +0200
Jason Coombs wrote:
> 34 people have killed themselves in the U.K. after being accused of
> purchasing child pornography using their credit card numbers on the Web
I know of at least one similar case in Italy.
> the presence of child pornography on a hard drive owned by a person who
> is accused of purchasing child pornography is the best evidence law
> enforcement has to prove guilt of these so-called 'electronic crimes
> against children' -- crimes that are proved by the mere existence of
> data,
I would add that in some cases even "sharing" these files on
peer-to-peer networks can be an innocent act, for instance if you
bulk-download them from a user, and before inspecting their content
someone downloads them from your shared folder.
In Italy, "trading" this type of material is a distinct charge from
"owning" it.
> I ask you this question: why doesn't law enforcement bother to conduct
> an analysis of the computer evidence looking for indications of
> third-party intrusion and malware?
I have asked the same question to law enforcement personnel, but with no
satisfactory answers for now.
> There is simply no way for law enforcement to know the difference
> between innocent and guilty persons based on hard drive data
> circumstantial evidence.
I agree, from my own experience as a forensics consultant.
--
Cordiali saluti,
Ing. Stefano Zanero
---------------------------
Secure Network S.r.l.
www.securenetwork.it