Re: Disk wiping -- An alternate approach?

[Rohit Patnaik <quanticle () gmail com>]

Yep, that's precisely what I was trying to get across.  If the data is on
your machine, its presumed to be yours unless you can prove that there's
cause to believe that someone else put it there.  This dovetails nicely with
what I was saying above, i.e. the prosecutor is out to convict you.  He or
she is going to whatever data he or she can find in order to do that.  The
solution do this is not to plant more incriminating data, but to wipe out as
much data as possible, giving the prosecutor no hooks to hang a case on.

--Rohit Patnaik

On Mon, Jan 25, 2010 at 10:27 PM, Thor (Hammer of God) <Thor () hammerofgod com
> wrote:

> It depends on what you define "plausible deniability" as.  Sometimes it
> just doesn't matter.  At an industry event here in Seattle, a guy working
> for the state prosecutors office was speaking on this very subject - that of
> forensic collection of data on a system and the "presumption" of guilt.
>
> I posed the question of "how do you know that the data actually originated
> from actions of the user as opposed to someone who could have been using the
> system for their own means, or someone trying to plant false data?  How do
> you prevent one from impugning your findings?"
>
> He said, "Well, we're not stupid."  I'm serious. I was extremely
> disappointed in that answer, and it basically said, "it doesn't really
> matter what we find on the system- we're not stupid, and if the data is
> there, it means you did it."  I was appalled.
>
> All you have is "deniability."  This method doesn't make it "plausible" to
> anyone but you, which doesn't matter.  If you want any level of meaningful
> "plausible deniability" then leave your wireless open and have your system
> riddled with bots.
>
> t
>
> > -----Original Message-----
> > From: full-disclosure-bounces () lists grok org uk [mailto:full-
> > disclosure-bounces () lists grok org uk] On Behalf Of Bipin Gautam
> > Sent: Monday, January 25, 2010 7:42 PM
> > To: E. Prom
> > Cc: full-disclosure
> > Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach?
> >
> > ok, this all adds nothing but another layer of plausible deniability
> > to ANY data found in your computer....
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/