Monday, January 22, 2007
Advice for police officers
The DOJ has put together an advisory document for local law enforcement about dealing with computer crimes and evidence on a computer.
How good is it?
It's got errors. It says that the message id in email is useful for investigators. Actually it's one of the first things that gets forged. Their list of instant messaging services mixes up providers, protocols, and client programs.
It's got omissions. There's a real easy way to trace anonymous Hotmail accounts that they don't mention. They leave out the most effective method someone could use to conceal their identity (which means they don't explain the investigative countermeasure). They mention WEP as something to look for in wireless networks, but not WPA.
Speaking as a citizen, it bugs the hell out of me that their list of criminal activities includes "Sharing hate-motivated writings". If you're a police officer, please remember the difference between incitement or conspiracy on the one hand and being a loud-mouthed racist jerk on the other.
Almost all the information is solid, though. They did a great job at the tough job of translating from geekspeak to what an officer would need to know while keeping it reasonably accurate. They give useful, detailed examples. They mention investigative techniques that are not widely known at all. Each chapter has a summary that's a great start for people in a hurry.
They even explain how to read email and Usenet headers. Better yet, there are phone numbers and procedures for coordinating an investigation across national boundaries!
They're really up front about situations where an investigator would need specialized technical assistance and explain what information to collect for the specialized technical assistant.
Read it. It's good.
|
How good is it?
It's got errors. It says that the message id in email is useful for investigators. Actually it's one of the first things that gets forged. Their list of instant messaging services mixes up providers, protocols, and client programs.
It's got omissions. There's a real easy way to trace anonymous Hotmail accounts that they don't mention. They leave out the most effective method someone could use to conceal their identity (which means they don't explain the investigative countermeasure). They mention WEP as something to look for in wireless networks, but not WPA.
Speaking as a citizen, it bugs the hell out of me that their list of criminal activities includes "Sharing hate-motivated writings". If you're a police officer, please remember the difference between incitement or conspiracy on the one hand and being a loud-mouthed racist jerk on the other.
Almost all the information is solid, though. They did a great job at the tough job of translating from geekspeak to what an officer would need to know while keeping it reasonably accurate. They give useful, detailed examples. They mention investigative techniques that are not widely known at all. Each chapter has a summary that's a great start for people in a hurry.
They even explain how to read email and Usenet headers. Better yet, there are phone numbers and procedures for coordinating an investigation across national boundaries!
They're really up front about situations where an investigator would need specialized technical assistance and explain what information to collect for the specialized technical assistant.
Read it. It's good.
# posted by Frederick @ 5:07 PM Email to a friend:
Haloscan: they provide trackback