Home page logo

basics logo Security Basics mailing list archives

RE: Spam: RE: Forensic/Cyber Crime Investigator
From: "dave kleiman" <dave () davekleiman com>
Date: Wed, 8 Feb 2006 23:00:50 -0500


First let me say I do not know AU law, I do however have a grasp on US law.

Are employee misconduct, internal theft of trade secrets, a DoS attack on a
business, or virus a purposely released on an important business day to
disrupt business INCIDENTS? (just to name a few)

Do we respond to them?

Is that not incident response?

When we look into these, are we not conducting an investigation? (In many
states it is required that you must be a licensed investigator to do so)

If we do not do so in a forensically sound manner, and we have to pursue the
matter; will we be able to?

I believe you are contradicting yourself unknowingly.

You said "Most cases and disputes are settled outside of court and do not
involve the legal jurisdictional control".
But, I do not think you realize how accomplish staying out of court, we do
this by presenting the evidence in such a way that it is overwhelming,
air-tight, and the other side concedes. This evidence must be gathered
properly, or the other side will contest and bring it to tribunal.

You said "Many organizations have a policy of not going to litigation."
Do you mean they would rather not pursue the issue? If so then that is their
policy so there is no need to investigate.
However, if they require the incident investigated, you better have your
ducks in a row. (conduct it in a forensically sound manner)

I can personally tell you, I love it when a case does not make it passed the
deposition stage, or even not that far, if the evidence is solid!!

Remember a deposition, sworn statement, stipulation of expected testimony,
and courtroom testimony are all affirmations under oath / sworn testimony.

You said “Investigation and Forensics are separate disciplines.”
Investigations are the systematic and thorough gathering, examining, and
studying of factual information that results in the factual explanation of
what transpired.

So explain the difference to us, not just your opinion.

Maybe you are trying to explain the difference between imaging a H/D and
conducting an investigation??




The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]