Feeds

Suspected paedophile cleared by computer forensics

Trojans found on accused man's HDD

  • alert
  • submit to reddit

Build a business case: developing custom apps

IT forensics firm Vogon has explained how its work helped clear a man accused of storing child pornography on his computer by proving his PC was contaminated by Trojan horse infection capable of downloading illicit images onto his machine.

Julian Green was arrested in October 2002 after police raided his home and found 172 indecent pictures of children on his hard drive. His solicitor, Chris Bittlestone of South Devon law firm Kitson Hutchings, called in one of Vogon International's forensic investigators, Martin Gibbs, to help.

A clone of Green's hard drive was sent to Vogon International in Bicester, where it was imaged and processed in the forensic laboratory using Vogon's specialist software. The data was then extensively examined and a report prepared, which highlighted that the Trojans were most likely to have come from unsolicited emails that Green opened before he deleted them.

Gibbs identified 11 Trojan horse programs on Green's computer which were set to log onto "inappropriate sites" without Green's permission whenever he loaded up a browser to access the Internet.

These findings were decisive in clearing Green of the 13 charges of making indecent images he faced at Exeter Crown Court this summer. On receiving evidence from Vogon the prosecution decided to drop the case.

"The prospects of my client being able to effectively defend himself without Vogon's help were very remote," said Bittlestone. "The stakes for him were extremely high - if he had been convicted, prison was a strong likelihood.

"The maximum sentence for possession of such images is ten years' imprisonment, and anyone convicted of such a matter would have become subject to registration with the police as a sex offender for a period of five years. Martin Gibbs' report was pivotal in this very important case."

Green's acquittal is one of three recent cases where a Trojan defence has succeeded in a British court. In April this year, Karl Schofield, 39, was cleared of possession of child porn when prosecutors accepted expert testimony that the unnamed Trojan could have been responsible for the presence of 14 child porn images on his PC.

Aaron Caffrey, the teenager hacker accused of crippling the Port of Houston's web-based systems, was found not guilty of computer crime offences this month after a jury accepted his story that attackers used an unspecified Trojan to gain control of his PC and launch the assault.

The prosecution argued that no trace of Trojan infection was found on Caffrey's PC but the defence was able to counter this argument with testimony from Caffrey that it was possible for a Trojan to wipe itself.

Nobody is disputing the validity of these verdicts, however legal and security experts have expressed concerns that the Trojan defence might become subject to misuse.

Vogon's Gibbs believes such concerns have been overplayed.

"I don't believe, as some have suggested, that recent cases with 'open the floodgates' to Trojan defences in cybercrime cases. When we look at how indecent images got onto a PC, for example, there is more to substantiate a claim that a Trojan was responsible than just the viral infection of a PC," Gibbs told The Register.

Gibbs was reluctant to go into details but said that factors like file directory structures and registry entries are among the items it considers when making a forensic examination of evidence. Vogon is asked to carry out computer forensic examinations in a variety of civil and criminal cases, working for both the prosecution and defence.

When a Trojan defence is used in a criminal case it is "down to the prosecution expert to dispute the claim", Gibbs added. ®

Related Stories

Caffrey acquittal a setback for cybercrime prosecutions
Teen hacker is not guilty
Trojan defence clears man on child porn charges

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?