Re: [Full-disclosure] Disk wiping -- An alternate approach?

["Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>]

It depends on what you define "plausible deniability" as.  Sometimes it just 
doesn't matter.  At an industry event here in Seattle, a guy working for the 
state prosecutors office was speaking on this very subject - that of forensic 
collection of data on a system and the "presumption" of guilt.  

I posed the question of "how do you know that the data actually originated from 
actions of the user as opposed to someone who could have been using the system 
for their own means, or someone trying to plant false data?  How do you prevent 
one from impugning your findings?"

He said, "Well, we're not stupid."  I'm serious. I was extremely disappointed 
in that answer, and it basically said, "it doesn't really matter what we find 
on the system- we're not stupid, and if the data is there, it means you did 
it."  I was appalled. 

All you have is "deniability."  This method doesn't make it "plausible" to 
anyone but you, which doesn't matter.  If you want any level of meaningful 
"plausible deniability" then leave your wireless open and have your system 
riddled with bots. 

t

> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-
> disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Bipin Gautam
> Sent: Monday, January 25, 2010 7:42 PM
> To: E. Prom
> Cc: full-disclosure
> Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach?
> 
> ok, this all adds nothing but another layer of plausible deniability
> to ANY data found in your computer....
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/