±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34312
New Yesterday: 0 Visitors: 240

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

has DF ever had any high-profile fails?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 1:24 pm

I suppose it depends upon your perspective. On a number of occasions the forensics did not produce the "desired and expected" evidence the powers-that-be wanted.

Personally I don't call that a fail, but some very powerful people disagreed.  

watcher
Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 1:25 pm

- tootypeg
I guess what im curious here is, unlike DNA and finger marks, I dont seem to be able to find any high-profile cases where DF evidence has been crucial and it turned out to be bad.


Your restriction on 'high-profile' seem to limit the moment when 'it turned out to be bad' to very late in the judicial process, and probably at a time when the process had become public.

I suspect that in many cases points of contention are discovered and avoided as early as possible: possibly ambiguous digital evidence is replaced with definite evidence for something else. It simplifies the case, as long as the remaining evidence is strong enough.

It would, thus, be interesting (from a 'meta-forensic' perspective) to understand when that has happened, and with what effect. Particularly if the digital evidence was partially flawed in some respect.

However ...

The Pirate Bay case in Sweden (2008) had a very surprising moment, when something like half of the charges were dropped (those related to copyright infringement?), because the prosecutor could not show that torrent files in evidence actually used the PB tracker. (I may misremember actual details of what was dropped -- but there certainly was major moment of surprise early in the case that caused a lot of discussion.)

It probably doesn't fits the 'crucial' restriction completely, as the case went on.  

athulin
Senior Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Thu Jun 14, 2018 7:00 am

- tootypeg
I guess what im curious here is, unlike DNA and finger marks, I dont seem to be able to find any high-profile cases where DF evidence has been crucial and it turned out to be bad.


This goes right along with some things I've been looking at myself over the past few years.

While not "high profile" cases, I have to wonder, particularly in the private/commercial sector, who determines "quality" in a DFIR report?

Again, not "high profile", but when a consulting organization responds to an incident or performs even a small modicum of DF analysis (one image, or just logs), who determines 'quality'? If logs are sent to an expert for analysis, who determines the quality of the findings or report?

Over my career, I've seen a number of reports where, once I get past issues of spelling and grammar, I can see that everything was done poorly from the beginning...data collection, analysis, documentation of findings, reporting...all of it.

Yes, I know that in the private sector especially, there are instances where the analyst has little say over the data that they're provided; however, I have seen a number of cases where analysts have either run a data collection script, or sent it to the client to run, and that script is where things start going 'bad'.

So...who determines the "quality" of a report?  

keydet89
Senior Member
 
 

Page 2 of 2
Go to page Previous  1, 2