Security Basics mailing list archives
RE: Computer forensics to uncover illegal internet use
From: "dave kleiman" <dave () isecureu com>
Date: Wed, 31 Aug 2005 17:18:51 -0400
Jason, Now that sounds more like you, and I could not agree more. I was just a little a little concerned with the passing of the "contraband" and the fudging the logs theory. Yes wipe and go on could be a plausible option, as long as they stop and go no further. However, if they get involved in making copies of it and passing it around to whomever (attorney etc.), they have already begun an investigation and began handling the contraband. My vote is stop and wipe, or stop and call the proper authorities. Yes, of course this is governed by the rules of evidence for the jurisdiction they are in. Best regards, Dave
-----Original Message----- From: Jason Coombs [mailto:jasonc () science org] Sent: Wednesday, August 31, 2005 17:06 To: dave kleiman; security-basics () securityfocus com Cc: 'Edmond Chow'; 'Beauford, Jason'; tobin.craig () va gov Subject: Re: Computer forensics to uncover illegal internet use dave kleiman wrote:You bring a drive to do an image, you have to do your examination there, if you want to leave the imaged info on it, your imaged drive now stays in the evidence room. The defense attorney would have to come there to view the images, or the LEO would bring it to them, but they would not leave I there with them.Dave, Nice response. You are correct, of course, that this is how many jurisdictions prefer that things be done. The prosecutor and law enforcement do try to follow their own rules once they confiscate potential contraband. I am glad to see Tobin Craig cite Title 18, USC 2252, as it now stands, having been modified by COPPA, etc. in recent years. It is very important to understand what Federal law requires of you in order to avoid prosecution for what has already been done. However, as Tobin acknowledges in his e-mail, he is unaware that Corporations are treated completely differently than are natural persons with respect to the child porn statutes. If not for the possibility that the worker whose computer is at-issue may have had their identity stolen or in some other fashion been framed by the actions of a third-party, such that the hard drives in the computer are potentially the only source of evidence to prove reasonable doubt of the person's guilt, it would ALWAYS be the proper course of action for the company to wipe the drive and go on with business as usual, without reporting to law enforcement. Where much of the discussion thus far has also been mistaken is in presuming that all jurisdictions operate according to the same rules and procedures once potential contraband is confiscated. This discussion deserves additional attention, for the very reason that the behavior of various persons on all sides of this struggle, and in many respects the very statutory language itself, are outrageous and are ruining lives of people who are in fact victims -- much the way that the original child abuse that became the contraband child pornography harmed an innocent child. If only persons as well-informed and concerned with the pursuit of truth, such as Mr. Craig, were more often involved in advising law enforcement and participating in decisions to prosecute individual cases. And if only more corporations were aware that their own failures to protect their employees' Windows computers from spyware and other security threats are placing workers at undue risk of criminal prosecution for doing nothing other than their jobs. Sincerely, Jason Coombs jasonc () science org
Current thread:
- RE: Computer forensics to uncover illegal internet use, (continued)
- RE: Computer forensics to uncover illegal internet use Sadler, Connie (Aug 30)
- RE: Computer forensics to uncover illegal internet use dave kleiman (Aug 31)
- RE: Computer forensics to uncover illegal internet use Robinson, Sonja (Aug 30)
- RE: Computer forensics to uncover illegal internet use Robinson, Sonja (Aug 30)
- RE: Computer forensics to uncover illegal internet use Robinson, Sonja (Aug 30)
- Re: Computer forensics to uncover illegal internet use Jason Coombs (Aug 30)
- RE: Computer forensics to uncover illegal internet use dave kleiman (Aug 31)
- Re: Computer forensics to uncover illegal internet use Micheal Cottingham (Aug 31)
- RE: Computer forensics to uncover illegal internet use McKinley, Jackson (Aug 31)
- Re: Computer forensics to uncover illegal internet use Jason Coombs (Aug 31)
- RE: Computer forensics to uncover illegal internet use dave kleiman (Aug 31)
- Re: Computer forensics to uncover illegal internet use Jason Coombs (Aug 31)
- RE: Computer forensics to uncover illegal internet use Craig, Tobin (OIG) (Aug 31)
- Re: Re: Computer forensics to uncover illegal internet use jbreci (Aug 31)
- RE: Computer forensics to uncover illegal internet use dave kleiman (Aug 31)
- RE: Computer forensics to uncover illegal internet use Sadler, Connie (Aug 30)