One of my favourite "teachers" in this industry that I learned a lot from had a great email I will give you in full.
"""A lot of them will use the defence it was a Virus. Which is the default "you got me but I want to squirm" defence of last resort. It does have merit and you should ALWAYS check for it. But at the end of the day it's a pretty amazing virus if it can search the internet, download 100 images, burn them to CD, write "mucky pics" on it and hide the thing behind the radiator"""
His point is simple: there is always a piece of evidence that will prove or disprove intent. SOmething that requires active, knowing, user input. We look at everything we possibly can do and build the picture as a whole.
In your specific example we carefully check the times stuff occurs. If, for example, there was one download incident at an odd time (compared to normal PC usage) it would trigger alarm bells in our heads. Im not saying it is impossible to frame people in these ways - but I would be
I've yet to see a virus that downloads CP in a form that can be viewed by the normal user. I have found a couple of isolated virus' that were part of a botnet used to distribute material. But the images were carefully hidden and it was obvious where they originated.
Certainly I dont know anyu virii that open IE and google for CP :D
"""A lot of them will use the defence it was a Virus. Which is the default "you got me but I want to squirm" defence of last resort. It does have merit and you should ALWAYS check for it. But at the end of the day it's a pretty amazing virus if it can search the internet, download 100 images, burn them to CD, write "mucky pics" on it and hide the thing behind the radiator"""
His point is simple: there is always a piece of evidence that will prove or disprove intent. SOmething that requires active, knowing, user input. We look at everything we possibly can do and build the picture as a whole.
In your specific example we carefully check the times stuff occurs. If, for example, there was one download incident at an odd time (compared to normal PC usage) it would trigger alarm bells in our heads. Im not saying it is impossible to frame people in these ways - but I would be
I've yet to see a virus that downloads CP in a form that can be viewed by the normal user. I have found a couple of isolated virus' that were part of a botnet used to distribute material. But the images were carefully hidden and it was obvious where they originated.
Certainly I dont know anyu virii that open IE and google for CP :D