Full Disclosure mailing list archives
Re: Disk wiping -- An alternate approach?
From: Rohit Patnaik <quanticle () gmail com>
Date: Wed, 27 Jan 2010 17:39:23 -0600
I think you're confusing legal theory with legal practice. Yes, in theory, you're presumed innocent, and therefore the jury is required to consider whether your box could have been infected with a virus or worm, leading to the incriminating evidence planted on your system. In practice, most such theories fail Occam's razor. What's less complex: incriminating words or phrases are evidence of incriminating activity, or incriminating words and phrases are planted as a way to cover up activity that wasn't incriminating. Even after reading this discussion, I'd have a hard time believing that the latter was the case. Its true that the legal system (in the USA) should find you not guilty if there's any reasonable doubt about your guilt. In practice, however, people tend to think not guilty == innocent, and will convict you unless you can make a case that is equally as strong as the prosecutor's. Planting large amounts of other evidence that may be incriminating, in an effort to cover up the small amount of actually incriminating evidence does not strengthen your case, and in fact weakens it in many ways. -- Rohit Patnaik On Tue, Jan 26, 2010 at 10:08 PM, Bipin Gautam <bipin.gautam () gmail com>wrote:
Enough noise, Lets wrap up: Someone said: "Forensics requires more than merely finding a phrase or file on a hard drive - it requires establishing the context. If a court accepts evidence without that context, then the defendant should appeal on the basis of having an incompetent lawyer." So, any evidence/broken-text/suspicious phrases etc found in a computer "without meta-data" maybe USELESS........... REMEMBER. Having a normal OS with forensic signature ZERO would be a simple yet powerful project. Programmers??? it isnt difficult work..... few months, 1 person project. Worm defense is smart as well as deadlock at times, the prospective i presented can be used as a FALLBACK at times. Maybe something like Alice/chatterbox run through the free/slack/etc... space of your 1 TB harddisk is a intellectual dDoS! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Disk wiping -- An alternate approach?, (continued)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 27)
- Re: Disk wiping -- An alternate approach? McGhee, Eddie (Jan 27)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 27)
- Message not available
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 27)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 27)
- Re: Disk wiping -- An alternate approach? Christian Sciberras (Jan 27)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 27)
- Re: Disk wiping -- An alternate approach? Michael Holstein (Jan 27)
- Re: Disk wiping -- An alternate approach? Thor (Hammer of God) (Jan 27)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 27)
- Re: Disk wiping -- An alternate approach? Rohit Patnaik (Jan 27)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 26)
- Re: Disk wiping -- An alternate approach? E. Prom (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Thor (Hammer of God) (Jan 25)
- Re: Disk wiping -- An alternate approach? Rohit Patnaik (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Tracy Reed (Jan 25)
- Re: Disk wiping -- An alternate approach? E. Prom (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)