Full Disclosure mailing list archives
Help put a stop to incompetent computer forensics
From: Jason Coombs <jasonc () science org>
Date: Tue, 09 Aug 2005 14:01:05 -1000
"An experienced computer forensics person could tell you whether it was because of [a Trojan virus] or not." -- Marcus Lawson.
This quote and article citation below concerning "computer forensics" is typical of the opinion of "computer forensics" professionals. We know it's a big fat lie told by self-important people who don't know anything about information security and have never written software in their lives, but I'm asking anyone who reads this, who has ideas about how to put a stop to this "computer forensics" absurdity where people who don't know how software is written and don't understand infosec are allowed to be the voice of "computer forensics" expertise in court, to please contact me.
In addition, anyone who has any information about computer forensics professional Marcus Lawson please contact me immediately.
The fact that malware authors aren't cooperating with the computer forensics industry by making sure that it's easy to distinguish between the actions of malware and the actions of a human computer user, combined with uninformed expert opinions like those shown below, is resulting in innocent people being put behind bars, and people like Marcus Lawson who think they know what they're doing but clearly do not are helping to get innocent people convicted by spewing nonsense.
This undermines the ability of the criminal court system to convict those who are truly guilty, and keep them convicted on appeal.
Somehow we need to fix this broken system and insist that all computer forensics be performed with the help of a competent information security professional, at the very least.
Any other suggestions? Sincerely, Jason Coombs jasonc () science org http://edition.cnn.com/2003/LAW/08/12/ctv.trojan/Though it raises new and important issues, say industry sources, the Trojan Horse problem won't likely mint a new defense strategy: It's just a riff on the standard "not me" defense.
"There are a lot of child porn defendants who say, well, somebody else might have done it," said the EFF's Tien. "But it doesn't fare very well, for obvious reasons."
In the end, experienced computer forensics investigators should be able to tell whether the computer's owner, or a Trojan Horse, spawned the material in question.
"You wouldn't want to just throw that out there as your defense," said Marcus Lawson, a computer forensic analyst who testified in the trial of convicted child rapist and murderer David Westerfield. "An experienced computer forensics person could tell you whether it was because of [a Trojan virus] or not."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Help put a stop to incompetent computer forensics Jason Coombs (Aug 09)
- RE: Help put a stop to incompetent computer forensics Christopher Day (Aug 09)
- Re: Help put a stop to incompetent computer forensics Technica Forensis (Aug 10)
- Re: Help put a stop to incompetent computer forensics James Tucker (Aug 10)
- Re: Help put a stop to incompetent computer forensics trains (Aug 10)
- Re: Help put a stop to incompetent computerforensics Greg (Aug 10)
- RE: Help put a stop to incompetent computer forensics Christopher Day (Aug 09)