Don’t like what you see, tempted to jump to an ‘obvious’ conclusion-then don’t. Mr Urbain Morelli, an enthusiast of adult and child pornography, was at home when the computer technician came a calling. The technician noticed a webcam plugged into a VCR and pointed toward the man’s three-year-old daughter who was playing with toys nearby in a play pen. There were several links to adult and child pornography sites in the taskbar’s ‘favorites’ list of Mr. Morelli’s computer. When the technician returned the toys had been put away, the webcam was pointed in a different direction, the hard drive reformatted and the offending icons removed. The technician reported his concerns to a social worker, who told the Royal Canadian Mounted Police and a search warrant was issued. Appealing in the Canadian Supreme Court Mr. Morelli maintained his rights were violated when police searched his computer. Finding in his favor the Supreme Court noted that the technician saw suspicious links but had not seen pornographic images of children on the computer. In addition information used to obtain the warrant failed to mention that the child was fully clothed, there had been no signs of physical abuse evident to the technician and that there was only one living area in the home. All in all the court found that a selective presentation of facts portrayed a less objective and more villainous picture than would have been the case had all the material information been presented. The court heard it was plausible to suppose Mr. Morelli was using his VCR and webcam to videotape his daughter at play for posterity’s sake, not for purposes connected with child pornography. The suspiciously labeled links in were insufficient to characterize a person as an habitual child pornography offender. Since the majority of pornographic material observed was adult this suggested that the accused did not have a pronounced interest in child pornography.
2010 saw momentous legal upheaval in Malta. A judgment by a Maltese Magistrates’ Court on 30 September 2010 for the first time there convicted a seller of computer hardware with distributing pirated Microsoft software. The guilty party received a large fine and two years probation. Computer hardware and other related apparatus seized by the Police during their investigations was confiscated. The Business Software Alliance (BSA), global representative of the software industry, welcomed the judgment as ‘a very important step in the fight against software copyright theft’ in Malta. The judgement is ‘proof that Malta is making great efforts to combat the escalating problem of piracy on the island’ according to Georg Herrnleben, BSA Director. In 2010, too, suspects in Malta were granted the marvellous novelty of a lawyer during police questioning. The right, long common to most in the civilised world, had for years languished in the Criminal Code articles 355AT, 355AU, 255AZ and sub-articles 2, 3 and 4 of article 355AX of article 74. What with all that and the emergence of a prosecuted pirate the island’s reputation as a Mecca for digital forensics experts may be about to take wing.
In today’s modern age, digitally stored evidence is of the highest importance when it comes to legal processes. A survey published by Symantec Corp has shown that many legal companies spanning the EMEA (Europe, Middle East and Asia) region are losing cases, due to the fact that they cannot manage the immense amounts of evidence that is stored on digital media.
Over half of the responses to the survey showed that the problem was identifying and recovering the evidence and that this had caused delays and sanctions as well as the previously mentioned ‘lost’ cases.
Whilst highlighting that many cases are being lost, the report does show that the ability to identify, collect and process the digital evidence from within millions of different pieces of electronic information has had an encouraging effect on many cases.
Joel Tobias, MD of global forensic services firm CY4OR, (www.cy4or.co.uk) stated that –
“It comes as no surprise that lawyers are facing penalties and losing cases after falling down at the challenge of processing digital information. This is a serious problem for legal professionals as 98 per cent of those surveyed said that the digital evidence identified during e-disclosure was vital to the success of legal matters.”
Joel went on to say how “Digital information needs to be handled with care and all electronic data should be treated as evidence. We’ve seen examples of firms that have used internal IT personnel to gather data for e-disclosure, when they have no understanding of digital forensics. Both areas of expertise rely on the controlled investigation of electronic data and as such are inextricably linked. The legal profession needs to be aware of this synergy, to avoid fines and lost cases. Professionals who are involved in e-disclosure should have a sound understanding of digital forensics and vice versa, to ensure a just and consistent approach.”
It is clear that there is a need for organisations to ensure that they are “Forensically Ready” and have staff trained to gather data in a way that is forensically sound.
The survey was conducted in August 2010, throughout the EMEA region and involved an estimated 5000 lawyers.
On Thursday, March 18th, 2010 at 8:00 PM GMT the UK’s Tonight with Trevor McDonald investigated “Facing Up to Facebook”. The Tonight program is a news magazine produced by the UK’s Granada Television for the ITV network since 1999 and covers the full range of human interest led current affairs.
In this episode the program investigated the subject of social engineering and the concerns that surround the social networking site Facebook. Following on from the widely covered so-called “Facebook Murder” much in the news in the UK we have this investigative report into the dangers of online social networking and Facebook in particular.
For me this brings a couple of thoughts to my mind. The first is that this is just another electronic extension to the well-known practice of Social Engineering. The rise in social media sites such as Facebook, LinkedIn, Twitter etc. provide a wealth of information to those who want to delve in and find out more about you and has simplified much of the work involved. It was interesting that the representative from Facebook (name escapes me) talked about the 50% who had managed to configure their security settings correctly almost ignoring the other 50% who had not, until he was challenged by the reporter. Have we learned nothing from the past and the history of firewalls where we have a default of “DENY” and the user has to actively engage in what is allowed. Surely if we did this we might have more than 50% of people on Facebook configured better?
If you interested how you can investigate Facebook you can have a look at “Diary of a PDFBook” which was in Issue 1 of DFMag, this looks at a tool to investigate Facebook using a browser. You can also read John Olssen’s article on Forensic Linguistics in Issue 3 of DFMag and how this technique was used in the “Facebook” murder investigation.