jmtd → log → geek → security → Computer forensics
After work today I attended an open lecture entitled Forensic Computing from a Law Enforcement Perspective, given by Paul Weall of the national High Tech Computer Forensics team. This gave an overview of the types of crime and types of forensics the team would apply to the crimes: recovering deleted files; de-corrupting or partially recovering corrupted files; beating file encryption; etc.
Most of the crimes committed are reasonably "clean", that is, embezzlement, car rings, etc., so the crowd generally had a laugh at the hapless criminal's expense (ohoh, never rely on Microsoft Office passwords! beginner's mistake! etc.)
Weall did give brief details of one child porn incident though, which left a sour taste in my mouth. Apparently one of the defendents admitted what he had done but believed that it was not wrong: i.e., the childlove movement stance.
I asked a question about the government's recent proposals to hold terrorism suspects for great lengths of time without trial; justified partly by the excuse that longer was needed to crack encryption employed by terrorists. My question was: from his experience, was this justified? His answer was appropriately non-committal (despite Sir Ian Blair's behaviour to the contrary, law enforcement people shouldn't weigh in on politics). Basically most computer criminals who employ encryption are too stupid to do it properly: he did not indicate whether the British police had some super RSA-busting tools they were holding back on (I expect not).