Hi all,
Has anyone come across cases that the defendant use malware as an excuse to counter proof he/she had not committed the crime even though the evidence clearly indicated the suspect's owned machine involved the crime?
In you opinion, as a digital forensics professional, when carrying out our investigation should we pay attention on finding evidence regarding the possible infection of backdoors or Trojan Horse?
Other than using traditional virus scanner in what way we can locate possible infected malware? In a live system, we can check some locations in the registry, how about a cloned image? I know we can find out some hints in the USER.DAT and SYSTEM.DAT registry files, does I missed anything?
Has anyone come across cases that the defendant use malware as an excuse to counter proof he/she had not committed the crime even though the evidence clearly indicated the suspect's owned machine involved the crime?
I'm sure what you mean is "the suspect's own actions", rather than "the suspect's owned machine"…and there several well-publicized cases involving this issue, on of which I mentioned in my book.
In you opinion, as a digital forensics professional, when carrying out our investigation should we pay attention on finding evidence regarding the possible infection of backdoors or Trojan Horse?
In many cases, yes.
Other than using traditional virus scanner in what way we can locate possible infected malware? In a live system, we can check some locations in the registry, how about a cloned image? I know we can find out some hints in the USER.DAT and SYSTEM.DAT registry files, does I missed anything?
If you check the Registry one a live system for "hints", why can't you also do so within an acquired image?
Has anyone come across cases that the defendant use malware as an excuse to counter proof he/she had not committed the crime even though the evidence clearly indicated the suspect's owned machine involved the crime?
Pretty much every case p
I'm sure what you mean is "the suspect's own actions", rather than "the suspect's owned machine"…and there several well-publicized cases involving this issue, on of which I mentioned in my book.
Which book, "Windows Forensic Analysis"?