Minister promises that Part III is coming

[Caspar Bowden]

>admin@chiark.greenend.org.uk] On Behalf Of Richard Clayton
...

>>But what traces are left by a buffer overflow attack over the
>>network, which never touches the disk.=20

>none at all once the system is power-cycled...

>>There's no "story" that has to be
>>consistent.

>... but you were envisaging that illegal images would be left on the
>disk (for the police to find them). So you need to write that material
>in a way that is consistent with other metadata on the system.

Why? I don't think the police are going to let someone off just because
there's no metadata.

>If the illusion you are generating is use of a browser to download the
>files, then it would be wise to ensure that caches and logs are
consistent >with that...  the flip side to using that metadata to
demonstrate >wickedness.

More simply, the author of the malware could just release a
pornography-viewer application which read data bizarrely stegoed into
the interstices of your hard drive, by a worm which never itself touches
the disk. Neither the worm nor the viewer leave any metadata, by design.

>...
>If it is really to be "in the circumstances" then it should be part of
>the initial sentence, where the court has considered all the relevant
>facts.=20

I agree.

>Mandatory arrangements are a poor way of dealing with the
>complexities of real crimes -- however attractive tabloid editors may
>feel they may be to deal with short term excitements.

Also agree

--
Caspar Bowden