Please, help to res...
 
Notifications
Clear all

Please, help to resolve this.  

Page 3 / 6
  RSS
RolfGutmann
(@rolfgutmann)
Community Legend

It was foreseeable, with money you always find some one…

ReplyQuote
Posted : 27/07/2017 3:44 pm
MickArneke
(@mickarneke)
Member

Strange things… in this post, jaclaz wrote

https://www.forensicfocus.com/Forums/viewtopic/t=12994/postdays=0/postorder=asc/start=7/

"…and both parts have access to verified disk images.".

But here, jaclaz endlessly try to play down this subject. Hm, may be the hot Italian temperament? )

Anyway- the topic above was very helpful- another person from Greece talks openly about the rampant incompetence there. The subjects, he cover, are identical. The man above even post on Microsoft page his question

https://answers.microsoft.com/en-us/windows/forum/windows_vista-files/forensic-report-createdmodifieddeleted-date-of/708aef1d-65b4-425f-8633-5e714a78b5d2

ReplyQuote
Posted : 08/08/2017 1:30 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Lessons learned? Could you please summarize what your conclusion is out of this experience e.g. Indicators of Corruption IoC? I want to learn from you

ReplyQuote
Posted : 08/08/2017 3:31 pm
jaclaz
(@jaclaz)
Community Legend

Strange things… in this post, jaclaz wrote

https://www.forensicfocus.com/Forums/viewtopic/t=12994/postdays=0/postorder=asc/start=7/

"…and both parts have access to verified disk images.".

But here, jaclaz endlessly try to play down this subject. Hm, may be the hot Italian temperament? )

Sure, but not only that.

There are a lot more stereotypes that you can try using, you have no idea how tiring might be living among moustached dark skinned people, smoking, singing and gesticulating at all times, and eating pasta and pizza on a red/white checkered table clothes everyday.
And don't forget the attention we must pay to all the bad guys speeding on their Lambretta's and Vespa's when taking a walk!

jaclaz

ReplyQuote
Posted : 08/08/2017 5:22 pm
MickArneke
(@mickarneke)
Member

Last info.

The other laboratory will sue them in court, here. The personal info of all persons, involved in this shame are now fully identified.

Soon, the EU organs will be informed in full also.

The judicial organs of the man's native country are already informed in full- we learn, that their outrage was enormous, and they will sue all peoples involved too in their own court.

I speak with some very polite peoples from the man's (defendant's) native country- they are astonished that the man was not contacted them early. They speak with the defendant- but the man was very agitated and unable to speak coherently because of deep depression- they wish to take him out of Greece, for recuperation, if this is possible.

That's all for the moment.
Thank all of you, which read this and are able to help with advice or just human understanding.

ReplyQuote
Posted : 01/10/2017 5:07 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Your personal clonclusions for the next similar case?

ReplyQuote
Posted : 01/10/2017 5:24 pm
MickArneke
(@mickarneke)
Member

Your personal conclusions for the next similar case?[/quote

Apply white and black list.
Thank you Rolf! )

ReplyQuote
Posted : 01/10/2017 5:28 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Everybody can come in a situation like yours. The question is where and how to do it differently the next time. Not better. Differently.

Please tele-transplant your experience to me -)

ReplyQuote
Posted : 01/10/2017 6:33 pm
MickArneke
(@mickarneke)
Member

Everybody can come in a situation like yours. The question is where and how to do it differently the next time. Not better. Differently.

Please tele-transplant your experience to me -)

Will be useful to you? You already saw so much.

Major scandal erupted in two EU bodies, after the home country of the defendant make the needed judicial steps. There are much more details about how unfairly the man was treated… on all levels.

Is the institutions of this country there are really EU institutions ??

We already apply black list…"by experience", and by the "exchange" of black list data between us.
We blacklisted and some private forensic experts from THERE- they played double games, secretly divulging defendant's data to the prosecutors, and more curiously- to the same cyber-crime unit in question, they were "very curious" about some details, obviously.

The second lab give us much more details, and some copies.
More details soon. We are very busy here… .

p.s. I see, the number of the readers of this topic are skyrocketing…

ReplyQuote
Posted : 29/10/2017 6:47 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Thank you for coming back and let us participate your 'story'.

Focussing on the highest risk danger its always worth thinking again and again, which IOD Indicators Of Danger (including low-risk and even irrelevant aspects at-the-time-of-occurence) where hard to forsee or should have been worthy by 'putting on radar'? Retreat is not-fancy but can save to survive, sometimes. To act based on super-worstcase is very, very resource-draining. But a losing-process has non-visible unique advantages.

Completely! not in charge to instruct you. You know best.

ReplyQuote
Posted : 30/10/2017 9:55 am
MickArneke
(@mickarneke)
Member

Fresh news… from the front.
Two NGO [human rights groups from the defendant's country] phone us asking for details.
Share meeting with them and the people from the second lab will be organized after 26 December. We agree to form common task force.

I'm quite happy with all this. Sure, the truth must prevail- in reality, not only in the fairy tails.

In a mean time, we are totally disgusted by the judicial and parliamentary system in this Mediterranean country there, after they reject any form of cooperation with us, or unofficial hearings, unofficial exchange of information, or even listening to the arguments. Actually, they think that their neighboring country [the defendant's country] is some kind of "untermensch" subhuman race, which deserve always to be punished hard… awful even to write.

Our blacklist is growing everyday.

ReplyQuote
Posted : 22/12/2017 10:11 pm
MickArneke
(@mickarneke)
Member

Have some very interesting updates, and wish to share. Lets all colleagues here know, what kind of "forensics" exist in the aforementioned EU country, by what "proofs" they go to the court innocent peoples- let's everyone here judge by their own criteria.

Recently, we had the opportunity to read in full the official forensic report of the case. The phrase " we are dumbfounded by reading this piece of "forensic" " is at least, too little to be said. We are unable to believe, that this exist in one EU country with common regulations.

The curious facts, relating ONLY to the lab, and to the forensic part, are

* No paper "Chain of custody" exists - whatsoever, in any form, "species" or flavor. Nobody knows, who possess all these digital evidences, when, why, and so on. The endless efforts by the officials there to sell to us unrelated papers for "genuine" proof of "existence', only prove their, I must say directly- stupidity and arrogance.
* There is no any labeling and sealing of any digital evidences. NEVER- not at the scene, not after.
* The lab accept "bunch" of disks, put in one plastic supermarket bag. No check whatsoever.
* There is no an evidence file with matching hashes - the existence of "digital evidence file" is not mentioned anywhere in the official papers!
* After the examination, the lab send back all the evidences ( to whom?? … is not mentioned!!) with bunch of warm "wishes" to be preserved for future "investigations". All this- without any chain of custody, and not knowing, who takes the evidences back, where they goes, and when they will be stored.
* Actually, the lab do not possess ANY original data, or copies, on which they worked in the past. And all this, without existing ANY credible methodology of digital hashing whatsoever. Unheard of !! THIS IS THE NATIONAL forensic lab of one of the 27 EU countries!
* The lab forensics copies are, actually, invalid because of bad methodology, and the official forensic report is full with endless lies an innuendo about digital principles and methodology! Te lab use widely every kind and form of "declarations", without any logical or forensic explanation. They even call the digital evidences "tools". Sure, nobody will be able to take copies from all this, because they are invalid digital evidences, with no forensic soundness and credibility whatsoever.
* Nobody knows, when the lab take the evidences in their possession. There is no "chain of custody", or dates, when the evidences are accepted in the lab… in any form or flavor.
* Who inside the lab actually make the forensic work on this "evidences" is not known- the document is signed using cloudy terms.
* the seizure at the crime scene was make by unappropriated peoples, with no forensic educations or credentials whatsoever. The question is that they do not only confiscate … on the scene, they do FORENSIC work, with illegal tools, on original data, with no right to do this whatsoever. And at the end- no mention of all this "work" exist. Of any form. They simply lie to the investigators and the judges, what they actually do on the scene!

Who will recognize all this as "credible evidences" in one EU, or civilized, court?
We talk to some officials after Christmas, and asked them about ISO standards, ENISA, SWGDE, NIST, and so on, and so on- deaf ears, black India.

How sad I'm…why all of us do this work…

ReplyQuote
Posted : 28/01/2018 11:26 pm
MDCR
 MDCR
(@mdcr)
Active Member

* No paper "Chain of custody" exists

That is mostly an American invention, never heard of it being in use. As long as the case is tracked and you can see who did what, that is sufficient. There is often talk of "Best effort" here, which do allow for some dynamics, but that does not mean that quality should be sacrificed.

* There is no any labeling and sealing of any digital evidences. NEVER- not at the scene, not after.

Bad. Should be able to track what item belongs to what case. Even though i never had "cases" myself we did keep track of digital media.

* The lab accept "bunch" of disks, put in one plastic supermarket bag. No check whatsoever.

As long as they know what case it belongs to. Is the serial number at least entered in some sort of cast tracking system?

* There is no an evidence file with matching hashes - the existence of "digital evidence file" is not mentioned anywhere in the official papers!

Would be a good idea to list it, but at times it can be sufficient to mention that "we found X on users hard drive that indicated that user did Y".

* Actually, the lab do not possess ANY original data, or copies, on which they worked in the past. And all this, without existing ANY credible methodology of digital hashing whatsoever. Unheard of !! THIS IS THE NATIONAL forensic lab of one of the 27 EU countries!

Maybe they simply don't have the capability, storage space or funding. Contrary to beliefs, government agencies does not swim in taxpayers money, especially in Europe.

* The lab forensics copies are, actually, invalid because of bad methodology, and the official forensic report is full with endless lies an innuendo about digital principles and methodology! Te lab use widely every kind and form of "declarations", without any logical or forensic explanation. They even call the digital evidences "tools". Sure, nobody will be able to take copies from all this, because they are invalid digital evidences, with no forensic soundness and credibility whatsoever.

Not really surprised. People without any knowledge working in the wrong place usually create this sort of "culture". What are their qualifications, did they watch an episode of CSI?

* the seizure at the crime scene was make by unappropriated peoples, with no forensic educations or credentials whatsoever. The question is that they do not only confiscate … on the scene, they do FORENSIC work, with illegal tools, on original data, with no right to do this whatsoever. And at the end- no mention of all this "work" exist. Of any form. They simply lie to the investigators and the judges, what they actually do on the scene!

Can be really bad, unless we're talking about necessary live forensics when you cannot take down a shared system. Anything done on a live system should be documented. They can have been instructed just enough to do that little job.

Illegal tools? Like pirated?

How sad I'm…why all of us do this work…

First, the situation is different for everyone. Secondly, butting heads against a corrupt government bureaucracy filled with career asshats in suits and uniform scratching each others backs only caring about paperwork that don't mean anything and their own status while the organisations investigation capabilities suffer and specialists leaving. That is a pointless and ungrateful task, believe me - I've tried. I'm going to the commercial sector, i'm gonna make more money and i've stopped caring as much.

So, consider finding a new job and leave them behind you, it's easier on your health. The more you spend time thinking of this will just make you depressed.

The alternative is to stop caring and sit on your b**t for the rest of your life until you qualify for a good retirement, there is lots of people in the government world doing that.

ReplyQuote
Posted : 29/01/2018 5:48 am
MickArneke
(@mickarneke)
Member

Thank you for your comments.
Actually, legally, the things are not so simple.

This is a national forensic lab of one of EU members country. They are officially certified on various standards- and this is officially written on paper, and signed by them. They must follow all the standards, they signed. Plus- the common, and mandatory, EU legislation. This is not a private lab.

One example- if they are obliged to recognize the investigative principles of the OLAF, they are not able to denied the validity of these principles in domestic cases, because this is a mandatory EU legislation. And it is not possible to accept this on EU level, and denied this on national level, because the EU legislation is mandatory.

Second example - if they want help from OLAF, they must present to the OLAF in existence mandatory evidence file of the case. Thus, they are not able to deny the need of this file presence, and in existence, in various local forensic cases, because it is a matter of common, mandatory legislation, on EU level.

Sure, Chain of custody exist in EU- it is labeled "Chain of evidence" here, and it is a mandatory document. If you have a gap of 3-4 months, unable to prove, where the confiscated was, and who in written was in charge, there is a big problem. Even in the aforementioned country, a special document exist!

ISO 9001 and the ENFSI clearly talk about the legality of the forensic tools ON THE SCENE. It is a mandatory obligation. And this must be written on paper after the finishing of the confiscation procedure.

ReplyQuote
Posted : 30/01/2018 11:38 pm
MickArneke
(@mickarneke)
Member

Recently, we learn, than major International convention after 13 years was ratified by the Greek government.
This make much, much more easy not only to defend the case, but also to prosecute the corrupted officials from the Greek cyber-crime unit and 2 of the official prosecutors, which falsified evidences and turn a blind eye to various invalid forensics practices, and obligatory for a validity of the evidences forensic rules and obligations.

Also, major progress was made on various forensic subjects.
I'm glad also to inform, that various human right organizations are continuously of immense help to us and to our efforts. More, we now have full support from our superiors and lawyers to continue.

ReplyQuote
Posted : 13/03/2018 11:44 am
Page 3 / 6
Share: