Interesting People mailing list archives
Re: 'Embarrassed' Man Sues Microsoft After FBI Finds Sex Videos On His PC
From: David Farber <dave () farber net>
Date: Wed, 7 Mar 2007 13:09:49 -0500
Begin forwarded message: From: "David P. Reed" <dpreed () reed com> Date: March 7, 2007 12:41:08 PM EST To: dave () farber net Cc: ip () v2 listbox comSubject: Re: [IP] Re: 'Embarrassed' Man Sues Microsoft After FBI Finds Sex Videos On His PC
Frank Muto is correct that the standard forensic methods seem to be to copy the drive at a low level after extracting it from your computer. I (and the rest of the grand jury I served on a year ago) were carefully walked through this process in the context of a child abuse investigation that involved recordings on a computer.
It does seem to be the most practical way to preserve the forensic chain-of-evidence under the circumstances.
However, there are serious risks/problems that arise due to opening up data that is well beyond the purview of a reasonable scope of search - data that belongs not to you, but to your family or employer, for example, who are not the objects of a search, yet whose privacy is put at risk. Another serious problem relates to holding such data for use in other purposes unrelated to the search at future times - leaving open the potential for long-term fishing expeditions in a shared server full of warrant-free copies from presumptive "bad guys" - why would a disk copy have been made if the person wasn't at least a little bad?
Finally, the authenticity of the copy made can be challenged - it is quite easy to modify a stream of bits that doesn't even have a signature attached to it. If you don't keep the original disk in escrow to verify the copy against, the danger of "framing" the owner is high.
It's easy to think of ways to put stuff on somebody's disk without their knowledge and then report them to the police causing a search. It's also quite likely that if the police want to investigate a company, one ends-justify-means approach is finding cause to search an employee of that company who may have email on his personal computer that is logically corporate and not his own (just accuse his kid of drug dealing). Ends-justify-means is becoming all too popular as a justification of worse things - torture on "24" entrapment of adults fantasizing about sex with young girls on "reality shows" dedicated to entrapment, etc.
My experience with the state of Mass. computer forensics was positive - the folks we questioned in the grand jury were careful and aware of the concerns. But the same state agencies completely blew their mandate on DNA testing in a recent multi-year scandal about falsified and unreliable results, sharing of data inappropriately etc.
------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com
Current thread:
- 'Embarrassed' Man Sues Microsoft After FBI Finds Sex Videos On His PC David Farber (Mar 06)
- <Possible follow-ups>
- Re: 'Embarrassed' Man Sues Microsoft After FBI Finds Sex Videos On His PC David Farber (Mar 06)
- Re: 'Embarrassed' Man Sues Microsoft After FBI Finds Sex Videos On His PC David Farber (Mar 07)
- Re: 'Embarrassed' Man Sues Microsoft After FBI Finds Sex Videos On His PC David Farber (Mar 07)