Outcry as Australian police search public broadcaster

[shusson]

Yes this stood out to me too. I don't really understand why a warrant would enable alteration. Copying I can wrap my head around, but alteration without oversight seems awful. Hopefully the warrant has more fine print than the journalist implied.

[wccrawford]

Perhaps they had a ruling in the past that during accessing a computer, things got changed, like the logs. And so now they have to have that in the warrant so that they don't lose their case.

It sounds stupid, but I could see it happening.

[chopin]

But this isn't a way to do a forensic analysis. You just clone the hard drive. Anything else should not be able to stand up in court.

Afaik it is practice in rule-of-law countries to hand a clone to each party in the case.

[doomjunky]

Forensic analysts must use read-only adapters to clone hard drives.

[manicdee]

This wasn’t a forensic extraction of data from a recovered hard drive, it was a drag net across email server, file servers, content management systems, wikis, phone records, written notes … basically every form of communication that left any trace.

The ABC staff literally copied all the stuff that might be interesting (found using keyword searches) into a folder, which the ABC legal and AFP investigators went through one by one to determine what was of interest to AFP. The items of interest was then copied to a “sealed” package which the AFP pinky swears nobody will look at for two weeks while the ABC seeks an injunction.

[koenigdavidmj]

Or the right to install spyware.

[gruez]

>Perhaps they had a ruling in the past that during accessing a computer, things got changed, like the logs

they don't have imaging tools and/or write blockers?

[ben_jones]

Probably legal completeness. Think about it, log in to a windows computer there is probably an event log that gets updated. While checking browser history the history may be altered. Installing surveillance applications would modify the machine. Etc.

[Johnny555]

Installing surveillance applications

Isn't this a huge problem? That the police can forcibly install surveillance applications in a news organizations computers.

[vokep]

Seems the language needs to be specific then, or it allows for free manipulation of evidence.

Something like, allowed to copy and if that has an unintended consequence of modifying the machine, that is fine so long as evidence is not destroyed.

[willsr]

This. Also covers deleted files being overwritten when new files are created.