BBC 'vague' reporting again!

Peter Sommer ukcrypto at chiark.greenend.org.uk
Mon, 01 Dec 2008 11:46:24 +0000 

Check out the following URL to see what is available:

http://www.guidancesoftware.com/products/fim_index.aspx

Encase is a very widely used product to preserve and examine computer 
media.    Normal investigation depends on seizing hard disks etc,  
preserving them correctly and then using the Encase software to recover 
and analyse the contents.   A few years ago Encase introduced a new 
product for deployment across corporate networks and which allowed all 
the facilities of the "local" product but remotely.  To make this work 
each computer that was to be subjected to remote inspection needed to 
have a "servelet" program installed.  Fuctionally there is no difference 
between a covert remote control trojan and a servelet.  In a corporate 
environment,  legalities are taken care of because the employee consents 
or consent is implied or the enquiry falls within the terms of the 
Telecommunications (Lawful Business Practice) (Interception of 
Communications) Regulations 2000 or something similar.

In a law enforcement situation in most countries police etc would 
require a warrant or other authorisation to seek to place a servelet on 
a suspect's machine.   But the same technology as is used in the 
corporate world works.  

Encase apparently only sell is Field Intelligence Model to law enforcement.

There is of course a big problem with this class of evidence.  The 
police have had access to the suspsect's computer and in a relatively 
uncontrolled and non-audited manner.   Some defendants are highly likely 
to suggest that any evidence in this way has been so contaminated as to 
be unusable.



Paul Vigay wrote:
> Just spotted this item on the BBC news -
> http://news.bbc.co.uk/1/hi/technology/7758127.stm where they claim "Remote
> searches of suspect computers will form part of an EU plan to tackle
> hi-tech crime."
>
> They don't state how these 'remote searches' will work, but either they're
> assuming Windows has some backdoor in it, people are too stupid to
> configure an effective firewall, the BBC don't understand the technology
> involved or I've misread something in the story. :-)
>   
>