Feeds

Suspected paedophile cleared by computer forensics

Trojans found on accused man's HDD

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

IT forensics firm Vogon has explained how its work helped clear a man accused of storing child pornography on his computer by proving his PC was contaminated by Trojan horse infection capable of downloading illicit images onto his machine.

Julian Green was arrested in October 2002 after police raided his home and found 172 indecent pictures of children on his hard drive. His solicitor, Chris Bittlestone of South Devon law firm Kitson Hutchings, called in one of Vogon International's forensic investigators, Martin Gibbs, to help.

A clone of Green's hard drive was sent to Vogon International in Bicester, where it was imaged and processed in the forensic laboratory using Vogon's specialist software. The data was then extensively examined and a report prepared, which highlighted that the Trojans were most likely to have come from unsolicited emails that Green opened before he deleted them.

Gibbs identified 11 Trojan horse programs on Green's computer which were set to log onto "inappropriate sites" without Green's permission whenever he loaded up a browser to access the Internet.

These findings were decisive in clearing Green of the 13 charges of making indecent images he faced at Exeter Crown Court this summer. On receiving evidence from Vogon the prosecution decided to drop the case.

"The prospects of my client being able to effectively defend himself without Vogon's help were very remote," said Bittlestone. "The stakes for him were extremely high - if he had been convicted, prison was a strong likelihood.

"The maximum sentence for possession of such images is ten years' imprisonment, and anyone convicted of such a matter would have become subject to registration with the police as a sex offender for a period of five years. Martin Gibbs' report was pivotal in this very important case."

Green's acquittal is one of three recent cases where a Trojan defence has succeeded in a British court. In April this year, Karl Schofield, 39, was cleared of possession of child porn when prosecutors accepted expert testimony that the unnamed Trojan could have been responsible for the presence of 14 child porn images on his PC.

Aaron Caffrey, the teenager hacker accused of crippling the Port of Houston's web-based systems, was found not guilty of computer crime offences this month after a jury accepted his story that attackers used an unspecified Trojan to gain control of his PC and launch the assault.

The prosecution argued that no trace of Trojan infection was found on Caffrey's PC but the defence was able to counter this argument with testimony from Caffrey that it was possible for a Trojan to wipe itself.

Nobody is disputing the validity of these verdicts, however legal and security experts have expressed concerns that the Trojan defence might become subject to misuse.

Vogon's Gibbs believes such concerns have been overplayed.

"I don't believe, as some have suggested, that recent cases with 'open the floodgates' to Trojan defences in cybercrime cases. When we look at how indecent images got onto a PC, for example, there is more to substantiate a claim that a Trojan was responsible than just the viral infection of a PC," Gibbs told The Register.

Gibbs was reluctant to go into details but said that factors like file directory structures and registry entries are among the items it considers when making a forensic examination of evidence. Vogon is asked to carry out computer forensic examinations in a variety of civil and criminal cases, working for both the prosecution and defence.

When a Trojan defence is used in a criminal case it is "down to the prosecution expert to dispute the claim", Gibbs added. ®

Related Stories

Caffrey acquittal a setback for cybercrime prosecutions
Teen hacker is not guilty
Trojan defence clears man on child porn charges

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.