full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Disk wiping -- An alte

Re: [Full-disclosure] Disk wiping -- An alternate approach?

From: Bipin Gautam <bipin.gautam_at_nospam>
Date: Tue Jan 26 2010 - 04:39:02 GMT
To: "Thor (Hammer of God)" <Thor@hammerofgod.com>

Could DIGITAL FORENSICS be fundamentally FLAWED ( and they dont explain more?)

Think : http://en.wikipedia.org/wiki/Chain_of_custody

Main Point: The keywords and texts found in a suspects harddisk is by NO guarantee belonging to the OWNER OF THE COMPUTER instead it could be leftover chunks from the internet written by someone and lands on your computer's in disk-fragments as found dormant on your free-space as browser cache is flushed ?

On top of that FAT32/NTFS fs has high fragmentation rate than EXT*.

The problem is: "Possession is 9/10ths of the law" -- but ANY texts they find, if questionable can also very likely come from the internet while you browse online and NOT your own possession and someone typed it from online,webpage you viewed etc and it lands on your disk while you browse it and is left as fragments?

How does the law sees such a situation?

(and except the possibility of linguistic analysis to prove guilty)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/