by Simon Biles
Forensics is all about evidence, but the trick is knowing where to find it!
Locard’s exchange principle effectively states that whenever a criminal comes into contact with his environment, a cross-transfer of evidence occurs (Edmund Locard, 1877–1966, was the founder and director of the Institute of Criminalistics at the University of Lyons in France). This is generally true in computing there is evidence on both sides of any network connection client and server side, certainly in any action taking place with regard to the creation of documents or viewing of images (I’ve just had the fun of spending a week at Cranfield doing the Network Forensics course – so I know this to be true!) However, what if it was possible for a crime to take place on a network with evidence only being present on one side of the equation?
Please use this thread for discussion of Simon's latest column.
An article in the NYTimes about data leakage by observing the LED activity on modems.
http//