Re: [Full-disclosure] Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides

[Florian Weimer <fw@xxxxxxxxxxxxx>]

* Jason Coombs:

> Over the last few years I have seen numerous cases in which the computer 
> forensic evidence proves that a third party intruder was in control of 
> the suspect's computer.

Let's face it: Most end-user computers are compromised in one way or
the other.  This doesn't mean that the legitimate owner of the machine
isn't using it for any crimes.

> I ask you this question: why doesn't law enforcement bother to conduct 
> an analysis of the computer evidence looking for indications of 
> third-party intrusion and malware?

It's standard practice in some countries, especially when mere
possession of data is not automatically a crime.

> Every person convicted of an electronic crime against a child based only 
> on evidence recovered from a hard drive that happened to be in their 
> possession should be immediately released from whatever prison they are 
> now being held.

If you do this, anybody who is interested in child pornography just
infects his machine with some malware and escapes conviction.  This
isn't quite feasible, either.

> Law enforcement must be required to obtain Internet wiretaps, use 
> keyloggers and screen capture techniques, and conduct other 
> investigations of crimes-in-progress

As long as the possession itself is a crime, this is just a waste of
resources.  I tend to agree that the current situation in most
countries is difficult because of the elusive nature of purely
electronic evidence.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/