RE: RE: Computer forensics to uncover illegal internet use

["dave kleiman" <dave () isecureu com>]

Steve,

Inline..

> Hate to play alwyer here but doesn't all of this get shot
> down by 3rd Circuit Federal Court of Appeals decisions
> regarding the FBI's  Innocent Images project?  It basicly
> shot down the concept of  "you clicked on a chold porn link
> therefore you're guilty."

Well that applies to when it is determined that it was innocent.  This could
be via pop-up, trojan, or maleware of some kind.



> This is all enshired in Federal
> Cases. No one must admit that a good prosecutor can indioct a
> ham sandwich and all that. But overall that doesn't happen.
> Now Federal Prosecutors and Investigations staffs are very
> good at sort of getting warrants and raiding someone's house
> or business and going thru everything. But if the person
> doesn't scare and cop to something they never did, then
> federal prosecutors generally have to back off in cases where
> it is just things accumulating on disks etc.

Well they do not usually prosecute ham sandwiches, BLT's maybe.

I love how everyone is quick to say things just magically accumulated on
their H/D.  However, they tend not back of when a file structure is found
with hundreds of images, often burned to CD's.

> Futhermore in
> states with a high privacy expectation like California there
> is a good reason to say "We don't go through our customers
> data looking for things out of the ordinary". One might argue
> it to be different it were one's employees. However if you
> are offering a primo privacy service then you can
> legitimately scrub disks as a part of the biz plan.

Well that may be, of course you missed the beginning of these threads, where
Mr. Combs suggested after discovering contraband on and employees H/D, to
make a copy of it take the copy to the companies attorney. Wipe the original
and "best course of action is to purposefully falsify the record of the
company's response to the incident"

The full threads can be read here:

http://seclists.org/lists/security-basics/2005/Sep/subject.html
http://seclists.org/lists/security-basics/2005/Aug/subject.html


> Much of Law Enforcement and theiir Public Providers of
> services depends on scaring people and businesses into good
> behavior when it is neither necessary or ethical. My
> suspicion is that one can ignore this tactic if one wishes as
> one is reasonably careful.. I am sure that people will be
> offereing  "Computer Forensics Services" to find the scary
> things on your compnys disks for $500 a pop but no good
> reason one has to engage in such silliness.


Yes that crazy scaring people into good behavior....... Oh wait that is
right only reasonably prudent people follow the law, criminals tend to not
care if there is law against something, they are not scared into not
committing crimes, that is why they are criminals.

Kind of like the lawlessness that is occurring in the situation you
mentioned below.  Some people would say that the devastation has turned
these people into criminals. Although, the reality is the people committing
the crimes are the same ones that were committing them before the
devastation.

> Excuse my flipness. I just got through friends caught up in
> this call people stranded and alone by the hurricane in the
> SOuthland and all these other things do ring silly right now.

Regards,

Dave


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/