> Anybody that clicks the link to get their daily Apple rumor will instantly become a criminal.
No this is not the case at all. It is my job to seperate out things like that - and show use. So a few images in your browser cache would be flagged as a negative. Or perhaps a (non apparent) zip file that was dl'd then deleted a few minutes later (with the images). Traces are left of the PC but you wqouldnt get in any trouble for isolated incidents like that.
On the other hand if the zip got downloaded and unzipped to "mucky pics/blah blah" and then there was evidence of it being viewed.. well....
Two things worry me about the whole 'data as evidence' thing. The first is, the easiest way for a criminal to distance themself it must surely be to snoop some collegues password and log in on their computer after hours.
Secondly, in the old days, the KGB was the master of the 'honey trap': get some clerical worker in a compromising position and then blackmail them into spying. Given that there are many more ordinary people than pedophiles, I would have thought that installing illegal data by virus and then blackmailing would be a lucrative sideline for these Russian 'businessmen' who originate it. I'm a little surprised that you don't get many such viruses. The question is, have they not thought of it yet, does it not work for some reason, or are the viruses too clever at concealing themselves?
One of my favourite "teachers" in this industry that I learned a lot from had a great email I will give you in full.
"""A lot of them will use the defence it was a Virus. Which is the default "you got me but I want to squirm" defence of last resort. It does have merit and you should ALWAYS check for it. But at the end of the day it's a pretty amazing virus if it can search the internet, download 100 images, burn them to CD, write "mucky pics" on it and hide the thing behind the radiator"""
His point is simple: there is always a piece of evidence that will prove or disprove intent. SOmething that requires active, knowing, user input. We look at everything we possibly can do and build the picture as a whole.
In your specific example we carefully check the times stuff occurs. If, for example, there was one download incident at an odd time (compared to normal PC usage) it would trigger alarm bells in our heads. Im not saying it is impossible to frame people in these ways - but I would be
I've yet to see a virus that downloads CP in a form that can be viewed by the normal user. I have found a couple of isolated virus' that were part of a botnet used to distribute material. But the images were carefully hidden and it was obvious where they originated.
Certainly I dont know anyu virii that open IE and google for CP :D
No this is not the case at all. It is my job to seperate out things like that - and show use. So a few images in your browser cache would be flagged as a negative. Or perhaps a (non apparent) zip file that was dl'd then deleted a few minutes later (with the images). Traces are left of the PC but you wqouldnt get in any trouble for isolated incidents like that.
On the other hand if the zip got downloaded and unzipped to "mucky pics/blah blah" and then there was evidence of it being viewed.. well....
Intent is the important thing