[asterisk-biz] on the topic of fraud
Trixter aka Bret McDanel
trixter at 0xdecafbad.com
Sat May 16 23:31:08 CDT 2009
On Sun, 2009-05-17 at 00:22 -0400, C F wrote:
> I don't know what to tell you, but you can't close down a data center
> for the purpose of collecting evidence. How hard is it to just clone
> all the machines in there instead of taking them?
that is not the issue. The federal rules of criminal procedure require
that the "best available evidence" be used in court. This means that
copies are not allowed if the original is available. In addition, they
might be able to clone something and then discover that it doesnt work
properly based on that cloned image, why the FBI policy on seizure of
systems is to take everything (note they even took power strips per that
article). They do this to ensure that they can accurately review the
systems for evidence.
Now when they do the actual forensic analysis they work off a disk
image, that way it cant be said they modified the systems in any way,
which would invalidate their submission as evidence (potentially judges
call, but the FRCrimP do allow for excluding tampered evidence).
I think that some are missing the bigger point here. There are a lot of
companies that now have no phone service, but are willing to pay for it
(at least some of them are).
--
Trixter http://www.0xdecafbad.com Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
More information about the asterisk-biz
mailing list