|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Re: Tools accepted by the courts
From: Paul Schmehl (pauls
utdallas.edu)
Date: Tue Jul 05 2005 - 09:44:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On Tuesday, July 05, 2005 02:04:20 -1000 Jason Coombs
<jasoncscience.org> wrote:
>
> What I demand to hear spoken by law enforcement, and what I insist
> prosecutors compel law enforcement to speak if they don't volunteer these
> words out of their own common sense, is the following:
>
> "Yes, that's what we found on the hard drive but there's little or no
> reason for us to believe that the defendant is responsible for placing it
> there just because the hard drive was in the defendant's possession. We
> often see cases where hard drives are installed second-hand and data from
> previous owners remains on the drive, we can't tell when the data in
> question was written so it's important to be aware that hundreds of other
> people could have placed it there. We also see cases where software such
> as spyware or Web pages full of javascript force a suspect's Web browser
> to take actions that result in the appearance that the owner of the
> computer caused Internet content to be retrieved when in fact the owner
> of the computer may not have known what was happening, malicious Web site
> programmers know how to use techniques such as pop-unders and frames to
> hide scripted behavior of Web pages. Furthermore, once the Web browser is
> closed and its temporary files are deleted, every bit of data that was
> saved 'temporarily' to a file by the browser becomes a semi-permanent
> part of the hard drive's unallocated space and we have no way to tell the
> difference between data that was once part of a temporary file created
> automatically by a Web page being viewed or scripted inside a Web browser
> and the same data placed intentionally on the hard drive by its owner
> without the use of the Internet. Also ..."
>
Then you obviously don't understand the adversarial nature of our justice
system. It's the job of the *defense* attorney to discredit the evidence
presented by a witness for the prosecution. It is *not* the job of the
prosecution to torpedo its own case.
Even in an ideal world where no prosecutor is ever over zealous, this would
be brain-dead stupid.
Paul Schmehl (paulsutdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]