* Jason Coombs: > Over the last few years I have seen numerous cases in which the computer > forensic evidence proves that a third party intruder was in control of > the suspect's computer.
Let's face it: Most end-user computers are compromised in one way or the other. This doesn't mean that the legitimate owner of the machine isn't using it for any crimes. > I ask you this question: why doesn't law enforcement bother to conduct > an analysis of the computer evidence looking for indications of > third-party intrusion and malware? It's standard practice in some countries, especially when mere possession of data is not automatically a crime. > Every person convicted of an electronic crime against a child based only > on evidence recovered from a hard drive that happened to be in their > possession should be immediately released from whatever prison they are > now being held. If you do this, anybody who is interested in child pornography just infects his machine with some malware and escapes conviction. This isn't quite feasible, either. > Law enforcement must be required to obtain Internet wiretaps, use > keyloggers and screen capture techniques, and conduct other > investigations of crimes-in-progress As long as the possession itself is a crime, this is just a waste of resources. I tend to agree that the current situation in most countries is difficult because of the elusive nature of purely electronic evidence. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
