Full Disclosure mailing list archives

Re: Re: Tools accepted by the courts

From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 05 Jul 2005 09:44:36 -0500

--On Tuesday, July 05, 2005 02:04:20 -1000 Jason Coombs<jasonc () science org> wrote:


What I demand to hear spoken by law enforcement, and what I insist
prosecutors compel law enforcement to speak if they don't volunteer these
words out of their own common sense, is the following:

"Yes, that's what we found on the hard drive but there's little or no
reason for us to believe that the defendant is responsible for placing it
there just because the hard drive was in the defendant's possession. We
often see cases where hard drives are installed second-hand and data from
previous owners remains on the drive, we can't tell when the data in
question was written so it's important to be aware that hundreds of other
people could have placed it there. We also see cases where software such
as spyware or Web pages full of javascript force a suspect's Web browser
to take actions that result in the appearance that the owner of the
computer caused Internet content to be retrieved when in fact the owner
of the computer may not have known what was happening, malicious Web site
programmers know how to use techniques such as pop-unders and frames to
hide scripted behavior of Web pages. Furthermore, once the Web browser is
closed and its temporary files are deleted, every bit of data that was
saved 'temporarily' to a file by the browser becomes a semi-permanent
part of the hard drive's unallocated space and we have no way to tell the
difference between data that was once part of a temporary file created
automatically by a Web page being viewed or scripted inside a Web browser
and the same data placed intentionally on the hard drive by its owner
without the use of the Internet. Also ..."

Then you obviously don't understand the adversarial nature of our justicesystem. It's the job of the *defense* attorney to discredit the evidencepresented by a witness for the prosecution. It is *not* the job of theprosecution to torpedo its own case.

Even in an ideal world where no prosecutor is ever over zealous, this wouldbe brain-dead stupid.


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Tools accepted by the courts Jason Coombs (Jul 05)
- Re: Re: Tools accepted by the courts Gaurav Kumar (Jul 05)
- Re: Re: Tools accepted by the courts Paul Schmehl (Jul 05)
- Re: Re: Tools accepted by the courts Valdis . Kletnieks (Jul 05)
- <Possible follow-ups>
- RE: Tools accepted by the courts Craig, Tobin (OIG) (Jul 05)
  - RE: Tools accepted by the courts Evidence Technology (Jul 05)
    - Re: RE: Tools accepted by the courts Nick FitzGerald (Jul 05)
  - Re: RE: Tools accepted by the courts pingywon (Jul 05)
    - Re: RE: Tools accepted by the courts Eric Paynter (Jul 05)
- RE: Re: Tools accepted by the courts Lauro, John (Jul 05)
  - Re: Re: Tools accepted by the courts KF (lists) (Jul 05)