I'm sure that the vast majority (if not everyone) here have no interest in having such fine details shared. I'd venture to suggest that would almost be voyeurism. What's important is the fact that images were hidden in some way or accessed via e-mail or the internet and I think the mechanism of exposing that is what should be shared openly, rather than what's actually contained in the images.
I think that's a very good point in favour of LEO-only forums. Grading of images isn't computer forensics, but it's a task that a lot of LEOs find themselves doing when they become CF practitioners and therefore it's only going to be of very limited relevance to CF people who aren't in LE. I realise that this doesn't take into account people who do work for the prosecution and the defence. Also, there are pro-paedophile groups who keep a very close eye on forensic affairs and while most of the tech information is out there on the net, the finer points of the thought processes behind investigations should be kept from them.
I would be against creating a private area. All users can communicate via messages, keeping sensitive info out of the public domain. A private area will eventually become the main area and may deprive those who may be considering a career in CF a full and informed picture of the field.
Such a forum will also reinforce the division between LE and private companies which I for one think needs no more encouragement.
As for those that may have an interest in the field simply to cover their tracks, I think it is better to have some means of being able to identify them as their query could be held against them at a later stage (unlikely I know but once would be enough!)
I'm sure that the vast majority (if not everyone) here have no interest in having such fine details shared. I'd venture to suggest that would almost be voyeurism. What's important is the fact that images were hidden in some way or accessed via e-mail or the internet and I think the mechanism of exposing that is what should be shared openly, rather than what's actually contained in the images.
I think that's a very good point in favour of LEO-only forums. Grading of images isn't computer forensics, but it's a task that a lot of LEOs find themselves doing when they become CF practitioners and therefore it's only going to be of very limited relevance to CF people who aren't in LE. I realise that this doesn't take into account people who do work for the prosecution and the defence. Also, there are pro-paedophile groups who keep a very close eye on forensic affairs and while most of the tech information is out there on the net, the finer points of the thought processes behind investigations should be kept from them.
BenUK - would agree entirely…IIOC is not part of computer forensics per se and therefore best discussed in a closed forum. There is no need therefore for FF to be a closed forum or as keydet89 said
"..reading Jamie's posts, I think he made it pretty clear that this *isn't* going to happen.."
I think a "private" area should be accessable ONLY to registered users
OK, I'll bite. Why?
I for one feel uncomfortable sharing this forum with people who with their first post ask "how do I find the password for such and such", "how do I break in to this", etc. Funnily enough you never see them post again. Should genuine CF knowledge (whether LE or corporate, defence or prosecution) be used to answer these requests?
There's a lot of knowledge here. Should it be shared with those who quite possibly want to use it for illegal or possible 'immoral' purposes?
Most of the time this information will not be given to them. Id bet money that half of the replies point them to google.com.
We receive one of those posts once every 6 months at most, so it is not so much of a burden that the doors need to be closed.
3 out of the last 5 topics posted are asking how to crack passwords of one type or another!
True, but isn't cracking passwords in CF is considered to be normal and a part of legitmate forensic analysis process? Should we really be assuming every such post has an ulterior/malicious motive?
Looking at the last 3 posts - they do appear to be legitimate enough. A user with valid & verified id and business email address could just as easily join a 'closed forum' and ask the same question(s) for malicious intent - where does one draw the line & decide on someone else's intent - closed forum or otherwise?
Perhaps each member can help by probing & questioning the 'newbie' deeper when such questions are posted & try & guage how legitmate the question is, and based on that individual decision he/she can decide whether or not to assist the poster with such questions, or any other questions that could be 'dual purpose'.
Just a thought.
Of course it should be private.
If i am a suspect that have some illegal data and began reading stuff on this forum…… be shure that no one will ever recover anything on my computer.
The information that we discuss here should be private to only members that are working on investigating cases. Otherwise will give all of our hint's to the criminal and it will make our "Evidence in Data recovery" harder or even impossible.
The hard part is on how to control who is a real investigator ?
I am member of a private forum and to register we had to fax out a letter head with my police departement logo and my job title to be able to access it.
Why not do the samething in here.
Well that is my opinion.
If i am a suspect that have some illegal data and began reading stuff on this forum…… be shure that no one will ever recover anything on my computer.
I understand your concerns and belong to closed CF forums too. Good thing we seldom discuss anything of significant detail relating to anti-forensics here - that woudl help one with criminal intent, (- even though as I write this - there is an article posted on the FF main page titled "the rise of anti-forensics"), but such (antiforensics) info is easily & freely available from multiple other sources on the open web
I think the member poll results speak for themselves - with over 80% say No to making this a private forum.
Closed forums do exist & have their pros and cons, but perhaps this forum should not be part of those. Besides, it not just people that pose questions one should be weary of, but perhaps the numerous lurkers that are members of this and other forums too?
Way forward Perhaps an additional closed sub-forum group under Forensicfous.com for validated/credible/ 'bona fide' forensics investigators? Then we have a closed section for 'sensitive items' and the public forum for sharing and learning with the rest.
Just a thought.
Perhaps each member can help by probing & questioning the 'newbie' deeper when such questions are posted & try & guage how legitmate the question is, and based on that individual decision he/she can decide whether or not to assist the poster with such questions, or any other questions that could be 'dual purpose'.
Just a thought.
I think it's a good one too. I do believe most answers are fairly limited when it comes to this gray area. There are many other forums that will provide anyone with nefarious intent plenty to go on. The crumbs they may get here wouldn't be worth the monitoring. IMHO
I think that it comes down to a risk vs. benefit analysis …
If a person is determined to thwart an investigation, the information is available on a number of sites, mailing lists, books, tools and educational courses. Our discussions here are going to be one of many sources that they will look at.
However, I think that these people will be few an far between, the majority of cases will be where the computer is used by someone who has a knowledge of how to turn it on, and maybe how to use specific software tools, and, if they have a guilty conscience, some kind of encryption/wiping tools. They are not going to have the in-depth knowledge to mess around with the registry or MPTs, and thus, will always leave something behind.
The benefits of sharing information and being able to access a combined experience of so many people, in so many specific fields, is priceless. I would suggest though, perhaps, that some judgment should be exercised in disclosing anything that might, at least at the time, be impossible to source from anywhere else … Maybe using PMs to communicate such things, and perhaps not handing out the crown jewels would be sensible …
As they say "Just my $0.02" -P