Full Disclosure mailing list archives
Re: Disk wiping -- An alternate approach?
From: T Biehn <tbiehn () gmail com>
Date: Tue, 26 Jan 2010 14:22:09 -0500
Unknown malware? Infections recently deleted by A/V? The realm of data ownership is ridiculous. If I run an wifi AP with WEP or no auth, my router keeps no logs, and my computer is a host to malware then I would imagine that I cannot be convicted of a computer crime without verification by physical surveillance. If given the choice by a lawyer between pleading guilty and receiving a lenient punishment and pleading not-guilty to certain loss for severe punishment in the face of 'irrefutable' evidence most people will choose to plead guilty. Prosecutors, Lawyers, and defendants are largely either ignorant or apathetic to the issues around proving culpability in computer-crime. And case law would back me up. -Travis On Tue, Jan 26, 2010 at 3:11 AM, Charles Skoglund <charles.skoglund () bitsec se> wrote:
This discussion is getting weirder and weirder. If an examiner finds evidence on YOUR computer / cell phone / usb disks / whatever, please do tell me how it's not necessarily yours? By claiming your computer has been hacked? You do know an examiner usually knows how to double-check your story for malicious code right? Or what are you guys talking about? My experience is that when I find the evidence, the person/s being investigated confesses quite rapidly. Cheers! On 1/26/10 4:31 AM, "Bipin Gautam" <bipin.gautam () gmail com> wrote:So to the point, the techniques of forensic examiners were flawed from day one given that any text/evidence found on your computer is NOT NECESSARILY yours! Does that break digital forensics........? oops................. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Disk wiping -- An alternate approach?, (continued)
- Re: Disk wiping -- An alternate approach? McGhee, Eddie (Jan 27)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 27)
- Message not available
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 27)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 27)
- Re: Disk wiping -- An alternate approach? Christian Sciberras (Jan 27)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 27)
- Re: Disk wiping -- An alternate approach? Michael Holstein (Jan 27)
- Re: Disk wiping -- An alternate approach? Thor (Hammer of God) (Jan 27)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 27)
- Re: Disk wiping -- An alternate approach? Rohit Patnaik (Jan 27)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 26)
- Re: Disk wiping -- An alternate approach? E. Prom (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Thor (Hammer of God) (Jan 25)
- Re: Disk wiping -- An alternate approach? Rohit Patnaik (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Tracy Reed (Jan 25)
- Re: Disk wiping -- An alternate approach? E. Prom (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Michael Holstein (Jan 26)