Full Disclosure mailing list archives

Re: Operation Site-Key computer forensic searches ruled illegal

From: "J.A. Terranson" <measl () mfn org>
Date: Tue, 9 Aug 2005 23:45:19 -0500 (CDT)


On Tue, 9 Aug 2005, Jason Coombs wrote:

I worked as an expert witness on behalf of the defense in a case brought
before a military court martial under UCMJ where the defendant's name
and credit card number was found in the site-key database.

A computer forensic examination of the defendant's Windows computer
revealed the presence of a Trojan and a keylogger that would have
enabled a third-party intruder to intercept the defendant's credit card
number and use it to purchase child pornography from a Web site that
processed credit card payments using the site-key service.


As Jason is aware, I work for the #1 forensics house in the midwest, and
we also have some interesting anectdotal information that's likely of
interest here.  Jason pointed out that machines are often full of spyware
and back doors (all too true), but missed what is becoming a more and more
common side effect of this: we are seeing defendants being pulled out of
the fire by these surrepticiously installed keyloggers!  More than once I
have been able to show that significant child pornography cases were in
fact completely the work of outside intruders who had compromised the
system, used it for distribution of materials without the owners knowledge
or consent, and been able to refer to these trojans for the proof: they
logged it all!

Digital Forensics is still an emerging industry, and one with no [direct]
regulation in most jurisdictions.  Any issue which is rooted in this new
engineering/legal practiced will be a long tim awaiting foundational case
law to guide our newly exposed judges.

-- 
Yours,

J.A. Terranson, CISM
Sr. Forensic Investigator
United Forensics Corp.
alif () unitedforensics com
www.unitedforensics.com

I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.

don zweig, M.D.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Operation Site-Key computer forensic searches ruled illegal Jason Coombs (Aug 09)
- Re: Operation Site-Key computer forensic searches ruled illegal J.A. Terranson (Aug 09)
- <Possible follow-ups>
- Re: Operation Site-Key computer forensic searches ruled illegal Jason Coombs (Aug 10)