Loading ...
Sorry, an error occurred while loading the content.

Re: [linux_forensics] Re: Sec 2711

Expand Messages
  • Enda Cronnolly
    Quoting: Ernie Baca ... So basically, the digital forensics examiners in US LE, don t have any faith in digital forensic procedures, and do not view them as
    Message 1 of 47 , Oct 1, 2003
      Quoting: "Ernie Baca"

      > Unfortunately, the private sector examiner would have to stop and hand
      > it over to LE. I know this is not what the private sector wants to
      > hear, but even if you have an image it is considered possesing CP if the
      > CP is on the image. <snip philisophical invitation...>

      So basically, the digital forensics examiners in US LE, don't have any faith
      in digital forensic procedures, and do not view them as transparent and
      proper and/or providing a legal audit trail, and could not trust contraband
      in such a process.

      How do you guys ever go to court on anything in digital forensics?

      > At the expense of sounding stupid what does HMFIC mean (even though I
      > think I have a good idea)? I think Barry nailed on the head. There is
      > a big difference with posseing CP and filling out the wrong IRS form.

      ACtually no, if I discover CP on a drive, I have found evidence of law
      breaking. If I find an e-filed IRS form that contains inaccurate
      information, then I've found evidence of law breaking. LE being paid by me
      (taxpayer), have a legal duty to treat both equally seriously.

      The arguement regarding incorrect tax returns happening "in error" also
      applies to contraband, which is why we have the innocent until proven guilty
      approach. Contraband could have been planted, or silently downloaded into an
      internet cache through a malicious html email message.

      Evidence of law breaking must be treated equally irregardless of an LE's
      disgust at the nature of the crime. The term is Law Enforcement, not Heinous
      Law Enforcement with personal moral approach to other law enforcements.

      > We treat CP in the same catagory with narcotics when it comes to Agency
      > priorties. CP and crimes against children are actually our main
      > priorities right now as far as headquarters directives. As a matter of
      > fact some of our Agency policies are more strict in the handling of CP
      > than narcotics believe it or not.

      Priorities are one thing, but I'd hope you'd take an equally SERIOUS
      approach to something like Murder, and other INTENTFUL crimes rather than
      hassling some private sector worker under letter of the law technicalities
      with no regard for the spirit of the law.

      > As far as who's rule of thumb? The United States Attorneys Office
      > here. I Guess they are the HMFICs like I stressed in my other posts

      Do you know if the United States Attorneys Office has any guidelines for
      private sector investigators working in digital forensics, and if such
      guidelines cover the uncovering of evidence of a crime (not limited to CP)?

    • IanC
      ... I ve been on the defense side too many times to fall for that crap so you can shove your badge up your butt till the sun don t shine... (LoL... just
      Message 47 of 47 , Oct 2, 2003
        > > -----Original Message-----
        > > From: The Dog's Bollix [mailto:isxpro@...]
        > >
        > <snip>
        > > Basically, here, anyone with a badge automatically
        > > snubs there nose at someone without one, regardless of
        > > credentials or ability.
        > >
        > Please don't turn this into a cops vs. everyone else religious debate. Up
        > until this point it's been (IMNSHO) a fairly worthwhile discussion, if not
        > specifically relevant to Linux forensics.
        > Cory Altheide

        I've been on the defense side too many times to fall for that crap so you
        can shove your badge up your butt till the sun don't shine... (LoL... just

        US Prosecution invariably though,, always,, try to stab you in the back if
        your against them - and the LE experts follow suit because (and only
        because) they have too.

        The good thing is,, that is to be expected....

        I can be socializing with you (if your LE) one evening,, knowing the next
        day we will be against each other in court.. That's fine.. As we know where
        we both stand,, & highly respect each other because in this forensic
        business there are not too many of us. (There really aint that many of us if
        you think about it).

        I think what Tony was referring to is the General response you get from LE
        in regards to the initial contact with them. Solely because that general,,
        initial contact,, is a plod on the street.

        I've seen it.
        Been there & told them myself... Please do not press that button to turn the
        computer off... Just unplug it or await your forensic guy..

        What happens...
        He tells me to shut up because he wants to preserve the 'crime scene' LoL...
        And I see him close down all the open applications whilst making notes on
        what he saw,, one by one.. Real diligently..

        LoL... (I did tell him not too)!

        But know when it gets up higher to the forensic guys I can easily talk
        one-to-one with them without divulging anything confidential.. Shite,, On
        cases I've been in their offices, & they have asked me about how to resolve
        a problem they have.. And that's fine as I will assist (in the sideline) if
        it's nothing to do with the reason I'm examining stuff in their offices.

        I've so too called FBI forensic guys off the record,, at home even,, and
        they have advised me in confidence with problems I've had.

        I personally though believe comp forensic guys should be more open with each
        other (with confidence of course). Irrespective it being prosecution or
        defense.. As we all have a lot to learn - and even if we know it all today -
        tomorrow something new crops up.

        It should matter not who's side your on.. What OS system you use.. Or, for
        example,, that I can now crack 'AOL 5's' login passwords & I'm not telling
        you the secret type shit,, because I'm better than you.. Bla Bla Bla - We
        should share that type of stuff between us.. (And No,, I can't crack the AOL
        5 pass just yet,,, LoL).

        My bottom line view...
        I have 6 kids and I'm doing my best to raise them properly - support them,,,
        and do this silly job at the same time,, legally.

        I do have help though. From family, friends, and work colleagues - most of
        which are in this business. (& I don't give a shite if some of my mates are
        LE or not,,) because they are my friends.

        I honestly don't believe Tony was trying to be derogatory towards LE.

        Sorry guys..... I have just rambled on and on...

        Best Regards - Ian
        - - - - - - - - - - - - - - - - - -
        Data Recovery/Computer Forensics
        Specialist WWW & Email Investigations
        Surveillance/Close Protection/CQB Training
        - - - - - - - - - - - - - - - - - -
        Director & Team Member of MissingKIN
        "Dedicated to finding missing and abducted children"
        - - - - - - - - - - - - - - - - - -
        "The strongest oak tree of the forest is not the one that is protected from
        the storm and hidden from the sun. It's the one that stands in the open
        where it is compelled to struggle for its existence against the winds and
        rains and the scorching sun."
      Your message has been successfully submitted and would be delivered to recipients shortly.