tag:blogger.com,1999:blog-6447283518071683105.post7067005381841969941..comments2023-04-02T10:17:04.631-04:00Comments on Forensic Incident Response: Where is the science?hogflyhttp://www.blogger.com/profile/00741773109962883616noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-6447283518071683105.post-16853690098207279872007-07-03T13:57:00.000-04:002007-07-03T13:57:00.000-04:00comments reading in new window is a big pain.. can...comments reading in new window is a big pain.. can you please change it??Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-80591383988679675862007-06-29T17:17:00.000-04:002007-06-29T17:17:00.000-04:00In the UK we have a stated case of R V Jayson whic...In the UK we have a stated case of R V Jayson which covers such occurances. "In Jayson [2002] EWCA Crim 683, the defendant was prosecuted on the basis of child abuse images found on his computer in the temporary cache created by his Internet browser application. On appeal, defence counsel argued that the concept of a ‘photograph’ under the Protection of Children Act 1978 required that the image Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-82461790682685233562007-06-28T21:58:00.000-04:002007-06-28T21:58:00.000-04:00Great points Bill. All well received.Great points Bill. All well received.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-17027555407249499382007-06-28T17:54:00.000-04:002007-06-28T17:54:00.000-04:00Hogfly:Bill,This isn't a case of bad forensics?The...Hogfly:<BR/><BR/><I>Bill,<BR/>This isn't a case of bad forensics?<BR/>The agent said the files' existence meant that Barton had viewed the images on the Internet but hadn't taken any additional steps to save them on his computer -- and couldn't retrieve the images again without special software he didn't have.</I><BR/><BR/>I'm just not willing to say that someone did "bad forensics" based on a Billhttps://www.blogger.com/profile/15956125660689343228noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-33179215451414811522007-06-28T14:04:00.000-04:002007-06-28T14:04:00.000-04:00If the files were deleted that proves knowledge of...<I>If the files were deleted that proves knowledge of the files</I><BR/><BR/>I need to edit this statement...<BR/>If the files were deleted and the configuration for temp internet files is different than the default then it proves knowledge of temporary internet files and therefore should constiture knowingly storing CP files.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-80682352784982032202007-06-28T13:59:00.000-04:002007-06-28T13:59:00.000-04:00To hogfly's point about the "deeper understanding"...To hogfly's point about the <I>"deeper understanding" </I> here are two earlier posts on my blog and his respectively:<BR/><BR/><A HREF="http://cfed-ttf.blogspot.com/2007/03/reviews.html" REL="nofollow"> Reviews </A><BR/><BR/><A HREF="http://forensicir.blogspot.com/2007/04/keystone-kops.html" REL="nofollow"> Keystone Kops </A><BR/><BR/>The automated tools are great but if we do not have a Mark McKinnonhttps://www.blogger.com/profile/06597353327384503465noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-35037661890315459752007-06-28T13:05:00.000-04:002007-06-28T13:05:00.000-04:00Not "knowingly" storing these images strikes me as...Not "knowingly" storing these images strikes me as something on par with diminished capacity arguements. Forensics is so mainstream now that this information is a given. <BR/><BR/>Harlan,<BR/><BR/>I agree that the laws are poorly written, but it highlights the lack of scientific proof that's generated in these cases because they have nothing other than an automated toolkit that finds these hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-11058229950499983662007-06-28T10:54:00.000-04:002007-06-28T10:54:00.000-04:00Dave,At one point I was a lurker like you and an a...Dave,<BR/><BR/>At one point I was a lurker like you and an amateur. I then took the bold step forward and here I am. If you have a idea but are not sure about it then send a private email to someone stating you did not want to send it to the group but would you mind taking a look at this. A lot of the people are pretty approachable and good about helping others out and they can hopefully help Mark McKinnonhttps://www.blogger.com/profile/06597353327384503465noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-16408637214613550052007-06-28T10:10:00.000-04:002007-06-28T10:10:00.000-04:00Mark implied that, if default IE settings have bee...Mark implied that, if default IE settings have been changed, a user has more knowledge than a casual browser and I'd agree with that. However, as computer usage and internet access are increasing ever more rapidly, isn't it likely that "Joe Doe" will become more computer literate? The inference that I drew from Mark's comment was that more knowledge about changing IE settings may make the user Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-15281985436426607612007-06-28T09:15:00.000-04:002007-06-28T09:15:00.000-04:00In reading the article, I assumed that this had le...In reading the article, I assumed that this had less to do with bad forensics, and more to do with the state of the law. In the Federal system, there are judicial decisions that state that merely browsing CP images is not knowingly possessing the images. The reasoning is that most people do not know that they retain, or do not intentionally retain, images when they are web surfing so the issue Billhttps://www.blogger.com/profile/15956125660689343228noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-3260226821897597692007-06-28T07:38:00.000-04:002007-06-28T07:38:00.000-04:00A couple of things...First, don't expect to read a...A couple of things...<BR/><BR/>First, don't expect to read about "science" in something like these articles, even from Law.com. <BR/><BR/>Second, given the circumstances, "special software" could mean anything.<BR/><BR/>So, basically, it would appear that these cases were investigated, and the argument is about knowingly storing images when the user claims to have no idea that the browser cachesH. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-12083500350646680832007-06-28T00:47:00.000-04:002007-06-28T00:47:00.000-04:00After reading the reading the write up on Law.com ...After reading the reading the write up on Law.com from the case in Georgia one of the things that perturbed me was the following <BR/><BR/>"...couldn't retrieve the images again without special software"<BR/><BR/>Now going into IE (Yes I will assume that is what he was using) you can easily view any of the files that were downloaded. Al you have to do is go to <B> Tools / Internet Option / Mark McKinnonhttps://www.blogger.com/profile/06597353327384503465noreply@blogger.com