From: DAIL, WILLARD A (ADAILsunocoinc.com)
Date: Tue Jan 27 2009 - 12:27:15 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Doesn't risk management play into this as well though? Yes, true, one could argue the likelihood of any number of possibilities, both probable and remote. However, if a suspect is a known common thief, the laptop is recovered, no malware is found to be installed on the system, then most likely the device was stolen to be sold as a piece of hardware. Perhaps one cannot argue beyond a reasonable doubt as to what happened, but I personally would have no problem stating there is no indication the data had been abused.
 
The law of parsimony does come into play for some of this (in my opinion).

________________________________

From: dataloss-bouncesdatalossdb.org on behalf of Chris Walsh
Sent: Tue 1/27/2009 11:09 AM
To: datalossdatalossdb.org
Subject: Re: [Dataloss] follow-up: Stolen city laptop recovered;workers' personal data not accessed

The general point, which has been made many times on this list, is that it is not possible -- even with the greatest of forensic skills -- to make a technical determination that the information was not accessed. It just cannot be done, period. Ironically, if it were not possible to copy the data in a manner that didn't alter the disk, the police themselves would be unable to gather evidence, since by the very act of doing so they would be changing it!

Now, this may be sloppy reporting, and certainly the laws of physics apply to the police, so this is in no way a criticism of them. It's just the way it is. Had the report said "Based on the circumstances of the case, their knowledge of local crime patterns, and results of forensic examination of the laptop, police are nearly certain the data was not accessed following the theft", I think there would be much less questioning. Such press reports are rare, unfortunately.

On Tue, Jan 27, 2009 at 8:37 AM, Stefan Wahe <smwahewisc.edu> wrote:

        Living in Madison and working in IT Security, I do know that Madison Police Department has a unit that conducts IT forensics on electronic devices. They have the appropriate staff, resources and training to make such determinations. Additionally they have state and university resources at their availability with more than adequate training and experience in IT forensics. I am aware of this because I have had the opportunity to observe and work with them on other IT Security related issues.

This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]