Forensics Losing Relevance? New Tools Let Even Hobbyists Thwart Experts
from the cat-and-mouse dept
Chris Lindquist writes "Scott Berinato has written an article about how the declining complexity and increased effectiveness of antiforensic tools is making life difficult for data experts looking to snag the bad guys. “Five years ago, you could count on one hand the number of people who could do a lot of these things,” says one investigator. “Now it’s hobby level.” The result of all this antiforensic activity, Berinato concludes, is that someday soon the TJX case could be considered ordinary, a quaint precursor to an age of rampant electronic crime, run by well-organized syndicates and driven by easy-to-use, widely available antiforensic tools." It’s an interesting article, but it seems to overplay the woe-is-me factor for investigators. This is always a back and forth game, where the tools used by scammers and criminals gets more advanced — but so should the tools and tricks (note that it need not all be technology) used by those charged with tracking down the criminals.
Comments on “Forensics Losing Relevance? New Tools Let Even Hobbyists Thwart Experts”
Grugg's answer
to why he and others like him develop these tools:
“If I didn’t, someone else would. I am at least pretty clean in that I don’t work for criminals, and I don’t break into computers. So when I create something, it only benefits me to get publicity. I release it, and that should encourage the forensics community to get better. I am thinking, Let’s fix it, because I know that other people will work this out who aren’t as nice as me. Only, it doesn’t work that way. The forensics community is unresponsive for whatever reason. As far as that forensic officer [in London] was concerned, my talk began and ended with the problem.”
Not that he’s wrong – not that I completely disagree – but the question I would have asked in response is, if he is talented enough to understand forensics and the weaknesses thereof and know that these antiforensic tools present a problem, why doesn’t he offer better forensic tools as well?
Re: Grugg's answer
It is the difference between being a hack and being innovative.
Well, the more complicated the plumbing the easier it is to jam up the works…
Years ago many people said the whole idea of computerizing important data, such as financial information, government records, etc. was bad.
Many companies back then said they would NEVER connect certain systems to a world-wide network. But corporate profits got in the way, and they found by just plugging everything into one network, they could save a few bucks.
But anytime you connect computers, you make ‘gateways’, and that’s going to allow someone access at some point, if they are determined to get in.
It’s simple really – if it’s plugged into the Internet, it’s not really secure.