Hacker News new | ask | show | jobs
by rwmj 3313 days ago
There's a large amount of information generated when you send an email, and a whole branch of IT (digital forensics) with many dedicated professionals who deal with such things routinely.

Even though I only worked peripherally with digital forensics people, and I know a lot about how email/computers/networks work, I know enough to know that I could never get away with forging an email (especially not one where anything serious depended on it).
1 comments
sinaa 3313 days ago
Still, as far as I understand it, it comes down to how good/competent the IT dept is at log-keeping, and how complicit they are in the forgery.

In a more broader way, how can one prove innocence if their company use the employee's credentials (ID/email/etc.) to drop the blame on them? Wouldn't it be the employees words against the employer, while at the same time the employer has the control over the data/evidence?

link
rwmj 3313 days ago
Digital forensics professionals deal all the time with attempts at active fraud (eg. people deleting logs, clearing caches, etc). Even if the IT department didn't keep the logs, or tried to delete them, there would be some "Data remanence" on one of the various machines involved in sending/transmitting/receiving the email.
link
dismantlethesun 3313 days ago
Do digital forensics professionals ever fail to find sufficient evidence, like their peers in the non-digital world?
link
PeterisP 3312 days ago
Sure, but removing all traces is hard and most criminals are careless, sloppy or dumb.

I mean, if this particular case is real, someone has performed a serious crime, risking years in jail, for a comparably trivial reason and small gain - it's not an indication that the perpetrator is likely to be risk-averse, meticulous and smart.

If we were looking at a forged email as a part of a sophisticated campaign for extracting secret information or defrauding very large amounts of money, then it would be likely that the forgery is done carefully by skilled people thoroughly removing all traces - but for a reason like this? not likely. Heck, digital "intelligence ops" by major governments sometimes leave traces due to some sloppiness or carelessness, it's very hard to be sufficiently thorough.

link
jamespo 3313 days ago
If they are clued up enough to require 2FA to send email remotely, they're clued up enough to keep logs.
link