tag:blogger.com,1999:blog-21633793.post1098720983391791334..comments2023-12-12T03:19:42.467-05:00Comments on CYB3RCRIM3: AntiforensicsSusan Brennerhttp://www.blogger.com/profile/17575138839291052258noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-21633793.post-58140178414134283322009-03-26T00:43:00.000-04:002009-03-26T00:43:00.000-04:00The use of anti-forensics software such as file wi...The use of anti-forensics software such as file wiping and disk wiping software can be bad for a defendant. One of the most used is evidence eliminator and it leaves a bad taste in the courts mouth. You should probably use full disk encryption and other methods as well to prevent an examination altogether.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-21633793.post-71581126816335989152009-01-08T16:52:00.000-05:002009-01-08T16:52:00.000-05:00You make a very good point about the use of such t...You make a very good point about the use of such tools to get rid of data a company (or person, I suppose) no longer needs and wants to destroy.<BR/><BR/>The analogy here, I suspect, would be to shredding documents: In deciding whether or not a company's shredding documents constitutes obstruction of justice, courts have looked to the circumstances surrounding the shredding. One thing that's been important in that context is whether the shredding was done as part of a routine process of getting rid of old files; it's always helpful if the company has a policy that says it'll purge unneeded data at a set interval, e.g., every 3 years or so. That gives rise to the inference that the shredding was innocuous.<BR/><BR/>The counterbalancing factor, of course, if is the shredding just happened to start, or occur, about the time the company found it was about to be investigated for criminal activity . . . or, I suppose, for civil litigation.<BR/><BR/>It's been a while since I read this case, but as I recall the antiforensics were used after discovery had begun (I think it had been going on for a quite a while, actually), which gave rise to an inference that their use was part of an effort to destroy evidence, etc. It was also, if I recall correctly, part of a general pattern of uncooperativeness, according to the court.Susan Brennerhttps://www.blogger.com/profile/17575138839291052258noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-2546753427851813252009-01-08T16:44:00.000-05:002009-01-08T16:44:00.000-05:00This would bring up an interesting problem for tho...This would bring up an interesting problem for those companies with serious security concerns who use such tools for legitimate reasons, such as to prevent maliciously minded people from gaining the sensitive information. These tools can have legitimate uses. Would the court automatically award default judgments against companies that wish to secure their deleted data? Simply accusing such a company frivolously will allow you to win because they cannot comply with discovery of legitimately deleted data? We are all entitled to delete our no-longer-needed but sensitive data with confidence that it would not fall into the wrong hands. As a judge (I am a law student and I have not yet read the citation that you gave), I would not have allowed the default without proof first that Global NAPS used the techniques after being served discovery. (Maybe that is what happened, in which case I have no complaint. I will have to read the citation and am commenting prematurely.)<BR/>It is interesting that this is a civil case and not a criminal one. What if there were also a pending criminal investigation of Global NAPS for Theft of Services? Could they then be charged then with Obstruction of Justice for destroying evidence?Anonymousnoreply@blogger.com