Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disk wiping -- An alternate approach?

From: Rohit Patnaik <quanticle () gmail com>
Date: Wed, 27 Jan 2010 17:39:23 -0600
I think you're confusing legal theory with legal practice.  Yes, in theory,
you're presumed innocent, and therefore the jury is required to consider
whether your box could have been infected with a virus or worm, leading to
the incriminating evidence planted on your system.  In practice, most such
theories fail Occam's razor.  What's less complex: incriminating words or
phrases are evidence of incriminating activity, or incriminating words and
phrases are planted as a way to cover up activity that wasn't
incriminating.  Even after reading this discussion, I'd have a hard time
believing that the latter was the case.

Its true that the legal system (in the USA) should find you not guilty if
there's any reasonable doubt about your guilt.  In practice, however, people
tend to think not guilty == innocent, and will convict you unless you can
make a case that is equally as strong as the prosecutor's.  Planting large
amounts of other evidence that may be incriminating, in an effort to cover
up the small amount of actually incriminating evidence does not strengthen
your case, and in fact weakens it in many ways.

-- Rohit Patnaik

On Tue, Jan 26, 2010 at 10:08 PM, Bipin Gautam <bipin.gautam () gmail com>wrote:


Enough noise, Lets wrap up:

Someone said: "Forensics requires more than merely finding a phrase or
file on a hard drive - it requires establishing the context. If a
court accepts evidence without that context, then the defendant should
appeal on the basis of having an incompetent lawyer."

So, any evidence/broken-text/suspicious phrases etc found in a
computer "without meta-data" maybe USELESS........... REMEMBER.


Having a normal OS with forensic signature ZERO would be a simple yet
powerful project. Programmers??? it isnt difficult work..... few
months, 1 person project.

Worm defense is smart as well as deadlock at times, the prospective i
presented can be used as a FALLBACK at times.


Maybe something like Alice/chatterbox run through the
free/slack/etc... space of your 1 TB harddisk is a intellectual dDoS!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: