Feeds

Suspected paedophile cleared by computer forensics

Trojans found on accused man's HDD

  • alert
  • submit to reddit

Website security in corporate America

IT forensics firm Vogon has explained how its work helped clear a man accused of storing child pornography on his computer by proving his PC was contaminated by Trojan horse infection capable of downloading illicit images onto his machine.

Julian Green was arrested in October 2002 after police raided his home and found 172 indecent pictures of children on his hard drive. His solicitor, Chris Bittlestone of South Devon law firm Kitson Hutchings, called in one of Vogon International's forensic investigators, Martin Gibbs, to help.

A clone of Green's hard drive was sent to Vogon International in Bicester, where it was imaged and processed in the forensic laboratory using Vogon's specialist software. The data was then extensively examined and a report prepared, which highlighted that the Trojans were most likely to have come from unsolicited emails that Green opened before he deleted them.

Gibbs identified 11 Trojan horse programs on Green's computer which were set to log onto "inappropriate sites" without Green's permission whenever he loaded up a browser to access the Internet.

These findings were decisive in clearing Green of the 13 charges of making indecent images he faced at Exeter Crown Court this summer. On receiving evidence from Vogon the prosecution decided to drop the case.

"The prospects of my client being able to effectively defend himself without Vogon's help were very remote," said Bittlestone. "The stakes for him were extremely high - if he had been convicted, prison was a strong likelihood.

"The maximum sentence for possession of such images is ten years' imprisonment, and anyone convicted of such a matter would have become subject to registration with the police as a sex offender for a period of five years. Martin Gibbs' report was pivotal in this very important case."

Green's acquittal is one of three recent cases where a Trojan defence has succeeded in a British court. In April this year, Karl Schofield, 39, was cleared of possession of child porn when prosecutors accepted expert testimony that the unnamed Trojan could have been responsible for the presence of 14 child porn images on his PC.

Aaron Caffrey, the teenager hacker accused of crippling the Port of Houston's web-based systems, was found not guilty of computer crime offences this month after a jury accepted his story that attackers used an unspecified Trojan to gain control of his PC and launch the assault.

The prosecution argued that no trace of Trojan infection was found on Caffrey's PC but the defence was able to counter this argument with testimony from Caffrey that it was possible for a Trojan to wipe itself.

Nobody is disputing the validity of these verdicts, however legal and security experts have expressed concerns that the Trojan defence might become subject to misuse.

Vogon's Gibbs believes such concerns have been overplayed.

"I don't believe, as some have suggested, that recent cases with 'open the floodgates' to Trojan defences in cybercrime cases. When we look at how indecent images got onto a PC, for example, there is more to substantiate a claim that a Trojan was responsible than just the viral infection of a PC," Gibbs told The Register.

Gibbs was reluctant to go into details but said that factors like file directory structures and registry entries are among the items it considers when making a forensic examination of evidence. Vogon is asked to carry out computer forensic examinations in a variety of civil and criminal cases, working for both the prosecution and defence.

When a Trojan defence is used in a criminal case it is "down to the prosecution expert to dispute the claim", Gibbs added. ®

Related Stories

Caffrey acquittal a setback for cybercrime prosecutions
Teen hacker is not guilty
Trojan defence clears man on child porn charges

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.