Feeds

Suspected paedophile cleared by computer forensics

Trojans found on accused man's HDD

  • alert
  • submit to reddit

Seven Steps to Software Security

IT forensics firm Vogon has explained how its work helped clear a man accused of storing child pornography on his computer by proving his PC was contaminated by Trojan horse infection capable of downloading illicit images onto his machine.

Julian Green was arrested in October 2002 after police raided his home and found 172 indecent pictures of children on his hard drive. His solicitor, Chris Bittlestone of South Devon law firm Kitson Hutchings, called in one of Vogon International's forensic investigators, Martin Gibbs, to help.

A clone of Green's hard drive was sent to Vogon International in Bicester, where it was imaged and processed in the forensic laboratory using Vogon's specialist software. The data was then extensively examined and a report prepared, which highlighted that the Trojans were most likely to have come from unsolicited emails that Green opened before he deleted them.

Gibbs identified 11 Trojan horse programs on Green's computer which were set to log onto "inappropriate sites" without Green's permission whenever he loaded up a browser to access the Internet.

These findings were decisive in clearing Green of the 13 charges of making indecent images he faced at Exeter Crown Court this summer. On receiving evidence from Vogon the prosecution decided to drop the case.

"The prospects of my client being able to effectively defend himself without Vogon's help were very remote," said Bittlestone. "The stakes for him were extremely high - if he had been convicted, prison was a strong likelihood.

"The maximum sentence for possession of such images is ten years' imprisonment, and anyone convicted of such a matter would have become subject to registration with the police as a sex offender for a period of five years. Martin Gibbs' report was pivotal in this very important case."

Green's acquittal is one of three recent cases where a Trojan defence has succeeded in a British court. In April this year, Karl Schofield, 39, was cleared of possession of child porn when prosecutors accepted expert testimony that the unnamed Trojan could have been responsible for the presence of 14 child porn images on his PC.

Aaron Caffrey, the teenager hacker accused of crippling the Port of Houston's web-based systems, was found not guilty of computer crime offences this month after a jury accepted his story that attackers used an unspecified Trojan to gain control of his PC and launch the assault.

The prosecution argued that no trace of Trojan infection was found on Caffrey's PC but the defence was able to counter this argument with testimony from Caffrey that it was possible for a Trojan to wipe itself.

Nobody is disputing the validity of these verdicts, however legal and security experts have expressed concerns that the Trojan defence might become subject to misuse.

Vogon's Gibbs believes such concerns have been overplayed.

"I don't believe, as some have suggested, that recent cases with 'open the floodgates' to Trojan defences in cybercrime cases. When we look at how indecent images got onto a PC, for example, there is more to substantiate a claim that a Trojan was responsible than just the viral infection of a PC," Gibbs told The Register.

Gibbs was reluctant to go into details but said that factors like file directory structures and registry entries are among the items it considers when making a forensic examination of evidence. Vogon is asked to carry out computer forensic examinations in a variety of civil and criminal cases, working for both the prosecution and defence.

When a Trojan defence is used in a criminal case it is "down to the prosecution expert to dispute the claim", Gibbs added. ®

Related Stories

Caffrey acquittal a setback for cybercrime prosecutions
Teen hacker is not guilty
Trojan defence clears man on child porn charges

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.