Date sent: Tue, 26 Jan 2010 16:15:42 -0500 From: Larry Seltzer <[email protected]>
> If you're experienced enough to recognize them, are you also able to > mimic them, perhaps throwing off an investigation? Yes, of course. "There's never a horse that couldn't be rode: there's never a rider that couldn't be throwed." Thing is, there are all kinds of identifiers, and, at the very least, starting to learn this stuff (seriously, and not just playing around) means you weed out the low level script kiddies, and thus clear the way for proper investigation of those (relative) few who know what they are doing. And even the top level people are not going to know all the different ways they are betraying themselves. I'm not an expert on computer forensics (data recovery). But I do know enough to be able to come into a court case and seriously muddy the waters, faced off against at least 95% of practicing computer forensics experts. But those few who have concentrated on research would be able to make mincemeat out of me, and, were I stupid enough to try something illegal with a computer, would definitely be able to find traces of it. People leave signatures in attacks. People leave signatures in the text they write. People leave signatures in the code they write *and* the executables ultimately produced. Lots and lots of signatures. I wrote a book on it, and didn't even scratch the surface. "Digital DNA" may be a stupid term to describe it, but there are both physiological and behavioral biometrics, and, even when you know them, the behavioral biometrics turn out to be remarkably hard to change. And there are lots of behavioral biometrics you don't know about, believe me. ====================== (quote inserted randomly by Pegasus Mailer) [email protected] [email protected] [email protected] Without censorship, things can get terribly confused in the public mind. - General William Westmoreland, 1960s victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
