I read that. It was interesting. However it's definitely the exception rather than the rule.
Things like Truecrypt are fine and "secure" in isolation, but it's very difficult to clear up all the crap that the operating system leaves behind. Windows is especially bad, but nothing I've seen is immune from it. Typically there's enough evidence left in unencrypted temporary files, or in unallocated space that the content of the encrypted volume doesn't really need to be considered. Of course there are exceptions, but I've never been so troubled by encryption that the job has to be abandoned. Even if an IIoC suspect has fully encrypted a drive (Truecrypt WDE, say) there's usually a few CD/DVDs of images lying around for easy access.
As with most aspects of computer security, people are the weak link.
So you believe all computer forensics done by law enforcement is done in a "perfect" manner and is 100% reliable and interpeted and presented by said law enforcement 100% accurately?
No. That's not what I wrote.
I fully agree that the system surrounding computer forensics needs some fixing. High-Tech Crime units are typically understaffed and overworked. Members of the legal profession generally have no understanding of the technical issues (although mostly, in my experience, due to lack of interest rather than lack of intelligence), and jury members can be even worse. I'm just sick of the knee-jerk comments that always appear on posts like this which assume that all computer forensics work is done by corrupt idiots. More than half of the members of my local HTCU have Masters degrees in computer forensics and the rest have more than enough "real world" experience to match.
Oh great! Another forensics-bashing thread. I predict a well-informed and reasoned discussion of the issues facing law enforcement computer forensics in the UK. No, actually I think a whole load of uninformed rubbish about Truecrypt and forensics folk being completely lost when faced with anything but a Windows box with a directory labelled "CP is here" is far more likely. I wonder how many of Happy as a Monkey's commentard stereotypes will appear.
I've no data on the subject so take with a pinch of salt, but I remember being told a few years ago that responding in any way (even opting out) just confirms that the spam is not only being delivered, but being read, and that this may just lead to more spam being sent to your address.
As I said, I don't know how true it is, but it makes sense to me.
Slashdot Mirror
I read that. It was interesting. However it's definitely the exception rather than the rule.
Things like Truecrypt are fine and "secure" in isolation, but it's very difficult to clear up all the crap that the operating system leaves behind. Windows is especially bad, but nothing I've seen is immune from it. Typically there's enough evidence left in unencrypted temporary files, or in unallocated space that the content of the encrypted volume doesn't really need to be considered. Of course there are exceptions, but I've never been so troubled by encryption that the job has to be abandoned. Even if an IIoC suspect has fully encrypted a drive (Truecrypt WDE, say) there's usually a few CD/DVDs of images lying around for easy access.
As with most aspects of computer security, people are the weak link.
So you believe all computer forensics done by law enforcement is done in a "perfect" manner and is 100% reliable and interpeted and presented by said law enforcement 100% accurately?
No. That's not what I wrote.
I fully agree that the system surrounding computer forensics needs some fixing. High-Tech Crime units are typically understaffed and overworked. Members of the legal profession generally have no understanding of the technical issues (although mostly, in my experience, due to lack of interest rather than lack of intelligence), and jury members can be even worse. I'm just sick of the knee-jerk comments that always appear on posts like this which assume that all computer forensics work is done by corrupt idiots. More than half of the members of my local HTCU have Masters degrees in computer forensics and the rest have more than enough "real world" experience to match.
Oh great! Another forensics-bashing thread. I predict a well-informed and reasoned discussion of the issues facing law enforcement computer forensics in the UK. No, actually I think a whole load of uninformed rubbish about Truecrypt and forensics folk being completely lost when faced with anything but a Windows box with a directory labelled "CP is here" is far more likely. I wonder how many of Happy as a Monkey's commentard stereotypes will appear.
Lots of my fellow students copy sentences and whole paragraphs from Wikipedia verbatim, without citing sources. I hate that.
I've no data on the subject so take with a pinch of salt, but I remember being told a few years ago that responding in any way (even opting out) just confirms that the spam is not only being delivered, but being read, and that this may just lead to more spam being sent to your address. As I said, I don't know how true it is, but it makes sense to me.
No
Damn! I have mod points, but there's no "+1 Awesome" option!