mailing list archives
RE: Forensic/Cyber Crime Investigator
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 9 Feb 2006 22:02:49 +1100
To further add weight to the argument and as you seem to think I base comments on opinion, please read the following as
an introduction. I can keep going if you wish?
Please look at Bayne (2003) (p293) s8.470 as a particular reference.
[see also Idoport Pty Ltd v National Australia Bank Ltd  NSWSC 995 ,  and ff]
[see also Ocean Marine Mutual Insurance Assoc. (Europe) OV v Jetopay Pty Ltd  FCA 1463 at - (in Makita at
[ See also Makita (Australia) Pty Ltd v Sprowles (2001) 52 NSWLR 705 at 744 ]
The following academic texts are helpful. The references are not extensive.
Reed, Chris. (2004), "Internet Law, Text and Materials", 2nd Ed. University College London, Cambridge University Press.
p263, s43 p111
Coderre, David G. (2004) "Fraud Detection, A revealing look at fraud, Data Analysis Techniques and Methods", Ekaros
Analytical Inc, Vancouver, CA
pp 51-64, pp 211-224
Turnbull, C. Stephen (2003) "Fraud Investigation using Idea" Ekaros Analytical Inc, Vancouver, CA
p11, pp15-16, p 21, p 35
Allen, Mark (2002) "e-business, the law and you", Pearson Education Australia
pp 95-108, p 130
Odgers, S; Peden, E; Kumar, M (2004) "Companion to Uniform Evidence Law", Thomson Lawbook Co.
Part 3 - Adminssibility of Evidence, s7 (Hearsay), s 8 (Opinion), s 9 (Admissions)
Part 4 - s 17, (Facilitation of Proof)
Calvert M, Reid I (2002) "Technology Contracts", 2nd Ed. LexisNexis Butterworths
Part II, s 7, Part IV, s 16, s17
Cairns B (2005) "Australian Civil Procedure", 6th Ed. Thomson Lawbook Co.
p 567-568, p466, p 59,65,78, 79,457-466,472
Hunter, Cameron & Henning (2005) "Litigation II, Evidence and Criminal Process", 7th Ed. LexisNexis Butterworths
s 20.1, s 20.4, s11.7, s 11.6
see also Coco principles (Coco v R (1994) 179 CLR 427
Hunter, Cameron & Henning (2005) "Litigation I, Civil Procedures", 7th Ed. LexisNexis Butterworths
ses Evidence; Relivance
Bayne, Peter (2003) "Uniform Evidence Law, Text and esential cases" The Federation Press, Au
See "Presumptions of accuracy of scientific instruments"
S.a "Burden of Proof"
The College of Law (2005) "Practice Papers, Select Papers", Volume 1
s A8 p179-
Would you like more cases? I am happy to supply case law to support my argument as well?
From: Craig Wright
Sent: Thu 9/02/2006 5:02 PM
To: 'dave kleiman'; security-basics () securityfocus com
Subject: RE: Forensic/Cyber Crime Investigator
From: dave kleiman [mailto:dave () davekleiman com]
Sent: 9 February 2006 3:01
To: security-basics () securityfocus com
Subject: RE: Spam: RE: Forensic/Cyber Crime Investigator
First let me say I do not know AU law, I do however have a grasp on US law.
Are employee misconduct, internal theft of trade secrets, a DoS attack on a business, or virus a purposely
released on an important business day to disrupt business INCIDENTS? (just to name a few)
Do we respond to them?
Is that not incident response?
When we look into these, are we not conducting an investigation? (In many states it is required that you must
be a licensed investigator to do so)
If we do not do so in a forensically sound manner, and we have to pursue the matter; will we be able to?
I believe you are contradicting yourself unknowingly.
You said "Most cases and disputes are settled outside of court and do not involve the legal jurisdictional
But, I do not think you realize how accomplish staying out of court, we do this by presenting the evidence in
such a way that it is overwhelming, air-tight, and the other side concedes. This evidence must be gathered properly, or
the other side will contest and bring it to tribunal.
You said "Many organizations have a policy of not going to litigation."
Do you mean they would rather not pursue the issue? If so then that is their policy so there is no need to
However, if they require the incident investigated, you better have your ducks in a row. (conduct it in a
forensically sound manner)
I can personally tell you, I love it when a case does not make it passed the deposition stage, or even not that
far, if the evidence is solid!!
Remember a deposition, sworn statement, stipulation of expected testimony, and courtroom testimony are all
affirmations under oath / sworn testimony.
You said “Investigation and Forensics are separate disciplines.”
Investigations are the systematic and thorough gathering, examining, and studying of factual information that
results in the factual explanation of what transpired.
So explain the difference to us, not just your opinion.
Maybe you are trying to explain the difference between imaging a H/D and conducting an investigation??
Dave Kleiman, CAS,CCE,CIFI,CISM,CISSP,ISSAP,ISSMP,MCSE
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within
those States and Territories of Australia where such legislation exists.
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by
a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference,
interception, corruption or unauthorised access.
- Re: Forensic/Cyber Crime Investigator, (continued)