Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: williamlucas
New Today: 0
New Yesterday: 0
Overall: 29661

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Software to search an FTK Lite Mounted drive with keyword
 How much can be found?
 Computer Forensic in responding to Data Breach issues
 A bunch of numbers about digital evidences collection
 Computer forensic issue

Computer Forensics World Forums


Pages Served
We received
59526825
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Recovered website passwords
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Recovered website passwords

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues
View previous topic :: View next topic  
Author Message
Crimson
Newbie
Newbie


Joined: Jun 14, 2007
Posts: 48

PostPosted: Thu Jun 21, 2007 6:38 am    Post subject: Recovered website passwords Reply with quote

A question to this forum that may settle a difference of opinions between 2 professors of mine. One prof states that if you recover passwords and login names of online resources such as email accounts or websites a person visits, you are allowed to use that login and password to investigate. This could be anything from hotmail, yahoo, gmail etc, to a porn website they have access to. The other prof obviously states that this is illegal and unethical. Does anyone know what the official policy on this is? And does it change depending on if you are doing criminal or corporate investigations?

Thank you,
Crimson
Back to top
View user's profile
Complete
Newbie
Newbie


Joined: Aug 20, 2006
Posts: 287

PostPosted: Thu Jun 21, 2007 9:34 am    Post subject: Reply with quote

IMHO, and regardless of whether the investigation is focused on civil or criminal issues, it is absolutely a violation of law to log in to someone's account using their password without their express permission (or legal permission, i.e. search warrant).

Every analyst should be able to show that they have the proper authority to analyze the data in front of them. If I have "consent" to examine a laptop and find passwords, does that same consent mean I can login to the account? The answer is no. The information held in the account is not stored on the laptop and I have no authority to examine the items on some other company's server.

Search your state statutes for computer crimes laws. Most states have a law of "Access without Authorization". This statute would fit this situation. Do a Google search on that phrase and you'll find some good info.

Talk to a LEO and they'll tell you they need a search warrant to log in to someone's account.
Back to top
View user's profile
kern
Newbie
Newbie


Joined: Mar 10, 2007
Posts: 189
Location: Northumberland (UK)

PostPosted: Thu Jun 21, 2007 5:40 pm    Post subject: Reply with quote

Hi Crimson

Must agree with complete on the LE issue.

Corporate; you can be in seriously deep sh*t if you look into folks email accounts and similar.
There's been some recent cases where employees have been tracked. The UK Govt was fined for doing such for an employee they suspected of misdemeanor. also check recent HP case.

Looking at the webcache history tho is not the same as actively logging into someones account using detail farmed from the password list.Also you need to check out a companies AUP. It may have a clause that any info stored on the Co's PC's is auditable. This needs to be carefully addressed as it can be seen as victimisation if an individual has been singled out for attention.

kern
Back to top
View user's profile
DoDForensics
Newbie
Newbie


Joined: May 16, 2007
Posts: 119
Location: Colorado

PostPosted: Fri Jun 22, 2007 1:49 am    Post subject: Reply with quote

Again, completely agree with Complete and Kern. Here in Colorado, we have a statute about unauthorized access. It doesn't matter if your working a criminal or civil case....without a search warrant or consent from the suspect, your in just as much trouble as that person if you log into that website.

On a side note, if this professor is actually teaching forensics classes, he should already be well aware of that.
Back to top
View user's profile
Crimson
Newbie
Newbie


Joined: Jun 14, 2007
Posts: 48

PostPosted: Fri Jun 22, 2007 3:10 am    Post subject: Reply with quote

Thanks to all who answered. On a side note to DoDForensics, the teacher who suggests we can do so, had strong ties to military side of things. I suspect the military rules may be different, and thus influences his teaching. But you all have answered my basic questions, and the answer is a resounding hands off. Again, thank you.

Crimson
Back to top
View user's profile
DoDForensics
Newbie
Newbie


Joined: May 16, 2007
Posts: 119
Location: Colorado

PostPosted: Fri Jun 22, 2007 11:09 pm    Post subject: Reply with quote

Having come from the DoD side of the house doing forensics, its still a huge no no.
Back to top
View user's profile
laidlaw731
Newbie
Newbie


Joined: Sep 17, 2009
Posts: 7

PostPosted: Mon Sep 21, 2009 7:02 am    Post subject: My employer accessed my webcache history w/o my consent Reply with quote

kern wrote:


Looking at the webcache history tho is not the same as actively logging into someones account using detail farmed from the password list....This needs to be carefully addressed as it can be seen as victimisation if an individual has been singled out for attention.

kern


I have no idea how this occurred but it has happened. What steps can I take to obtain evidence of this activity and present it to the proper authorities?
Back to top
View user's profile
ddow
Newbie
Newbie


Joined: Jul 19, 2006
Posts: 460

PostPosted: Tue Sep 22, 2009 1:43 am    Post subject: Re: My employer accessed my webcache history w/o my consent Reply with quote

laidlaw731 wrote:
I have no idea how this occurred but it has happened. What steps can I take to obtain evidence of this activity and present it to the proper authorities?


That depends on how you are aware of it. Are you the victim? How would you know? Can you prove it? While your local PD probably has a cyber-crime unit, it can be difficult for them to react unless you have fairly strong evidence and they know the victim will prosecute. BTY, if little harm came of it, they will be less likely to invest heavy time.

The reality is they just have too much to do not to focus on more solid cases.

Dennis
Back to top
View user's profile
laidlaw731
Newbie
Newbie


Joined: Sep 17, 2009
Posts: 7

PostPosted: Fri Sep 25, 2009 10:47 am    Post subject: Re: My employer accessed my webcache history w/o my consent Reply with quote

ddow wrote:
laidlaw731 wrote:
I have no idea how this occurred but it has happened. What steps can I take to obtain evidence of this activity and present it to the proper authorities?


That depends on how you are aware of it. Are you the victim? How would you know? Can you prove it? While your local PD probably has a cyber-crime unit, it can be difficult for them to react unless you have fairly strong evidence and they know the victim will prosecute. BTY, if little harm came of it, they will be less likely to invest heavy time.

The reality is they just have too much to do not to focus on more solid cases.

Dennis


Dennis; thanks for taking the time to respond to my post. You asked if I was the victim, and I have to tell you yes. Two days ago, I hired a digital investigative service to see if they could find anything was tampered with on my pc at home. Well, to my surprise, he said he couldn't find a thing. Presently, I'm feeling a little crushed because just today I overheard my co-worker say underneath her breath that if we don't followed policy, we get "spied" on. (I swear I'm not making that story up!)
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.