Home page logo

basics logo Security Basics mailing list archives

RE: Forensic/Cyber Crime Investigator
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 9 Feb 2006 22:02:49 +1100

Hi Dave,


To further add weight to the argument and as you seem to think I base comments on opinion, please read the following as 
an introduction. I can keep going if you wish?


Please look at Bayne (2003) (p293) s8.470 as a particular reference. 

[see also Idoport Pty Ltd v National Australia Bank Ltd [2001] NSWSC 995 [181], [182] and [188]ff]

[see also Ocean Marine Mutual Insurance Assoc. (Europe) OV v Jetopay Pty Ltd [2000] FCA 1463 at [21]-[23] (in Makita at 
744 [86]]

[ See also Makita (Australia) Pty Ltd v Sprowles (2001) 52 NSWLR 705 at 744 [85]]


The following academic texts are helpful. The references are not extensive.


Reed, Chris. (2004), "Internet Law, Text and Materials", 2nd Ed. University College London, Cambridge University Press. 

    p263, s43 p111


Coderre, David G. (2004) "Fraud Detection, A revealing look at fraud, Data Analysis Techniques and Methods", Ekaros 
Analytical Inc, Vancouver, CA

    pp 51-64, pp 211-224


Turnbull, C. Stephen (2003) "Fraud Investigation using Idea" Ekaros Analytical Inc, Vancouver, CA

    p11, pp15-16, p 21, p 35


Allen, Mark (2002) "e-business, the law and you", Pearson Education Australia

    pp 95-108, p 130


Odgers, S; Peden, E; Kumar, M (2004) "Companion to Uniform Evidence Law", Thomson Lawbook Co.

    Part 3 - Adminssibility of Evidence, s7 (Hearsay), s 8 (Opinion), s 9 (Admissions)

    Part 4 - s 17, (Facilitation of Proof)


Calvert M, Reid I (2002) "Technology Contracts", 2nd Ed. LexisNexis Butterworths

    Part II, s 7, Part IV, s 16, s17


Cairns B (2005) "Australian Civil Procedure", 6th Ed. Thomson Lawbook Co.

    p 567-568, p466, p 59,65,78, 79,457-466,472


Hunter, Cameron & Henning (2005) "Litigation II, Evidence and Criminal Process", 7th Ed. LexisNexis Butterworths

    s 20.1, s 20.4, s11.7, s 11.6

    see also Coco principles (Coco v R (1994) 179 CLR 427


Hunter, Cameron & Henning (2005) "Litigation I, Civil Procedures", 7th Ed. LexisNexis Butterworths

    ses Evidence; Relivance


Bayne, Peter (2003) "Uniform Evidence Law, Text and esential cases" The Federation Press, Au

    See "Presumptions of accuracy of scientific instruments"

    S.a "Burden of Proof"


The College of Law (2005) "Practice Papers, Select Papers", Volume 1

    s A8 p179-    


Would you like more cases? I am happy to supply case law to support my argument as well?



        -----Original Message----- 
        From: Craig Wright 
        Sent: Thu 9/02/2006 5:02 PM 
        To: 'dave kleiman'; security-basics () securityfocus com 
        Subject: RE: Forensic/Cyber Crime Investigator
        Original Message----- 
        From: dave kleiman [mailto:dave () davekleiman com] 
        Sent: 9 February 2006 3:01 
        To: security-basics () securityfocus com 
        Subject: RE: Spam: RE: Forensic/Cyber Crime Investigator 


        First let me say I do not know AU law, I do however have a grasp on US law. 

        Are employee misconduct, internal theft of trade secrets, a DoS attack on a business, or virus a purposely 
released on an important business day to disrupt business INCIDENTS? (just to name a few)

        Do we respond to them? 

        Is that not incident response? 

        When we look into these, are we not conducting an investigation? (In many states it is required that you must 
be a licensed investigator to do so)

        If we do not do so in a forensically sound manner, and we have to pursue the matter; will we be able to? 

        I believe you are contradicting yourself unknowingly. 

        You said "Most cases and disputes are settled outside of court and do not involve the legal jurisdictional 
        But, I do not think you realize how accomplish staying out of court, we do this by presenting the evidence in 
such a way that it is overwhelming, air-tight, and the other side concedes. This evidence must be gathered properly, or 
the other side will contest and bring it to tribunal.

        You said "Many organizations have a policy of not going to litigation." 
        Do you mean they would rather not pursue the issue? If so then that is their policy so there is no need to 
        However, if they require the incident investigated, you better have your ducks in a row. (conduct it in a 
forensically sound manner)

        I can personally tell you, I love it when a case does not make it passed the deposition stage, or even not that 
far, if the evidence is solid!!

        Remember a deposition, sworn statement, stipulation of expected testimony, and courtroom testimony are all 
affirmations under oath / sworn testimony.

        You said “Investigation and Forensics are separate disciplines.” 
        Investigations are the systematic and thorough gathering, examining, and studying of factual information that 
results in the factual explanation of what transpired.

        So explain the difference to us, not just your opinion. 

        Maybe you are trying to explain the difference between imaging a H/D and conducting an investigation?? 




Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]