Home page logo

basics logo Security Basics mailing list archives

RE: Spam: RE: Forensic/Cyber Crime Investigator
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 10 Feb 2006 08:33:10 +1100

Hi Jason

This is the first point of yours I will have to disagree with.

You state "rules of evidence apply only to law enforcement in criminal

Civil cases may be based on a "balance of probability" and are not tried
"beyond reasonable doubt". This has an exception in cases of civil fraud
allegations which are treated as criminal (and other rarer though
similar rules).

I am not an expert on US law (though it is based on common law practice
as well). Uniform evidence law does apply in Australia (and the UK
also). My comments must be weighted based on the juristic ional basis
that I work in. Most civil cases here are ex judis and do not have a

I will place reliance on Australian and NSWSC rules for comments. From
this I have to point the argument to Odgers (2004) and the sections I
have sent off previously.

Odgers, S; Peden, E; Kumar, M (2004) "Companion to Uniform Evidence
Law", Thomson Lawbook Co.
    Part 3 - Admissibility of Evidence, s7 (Hearsay), s 8 (Opinion), s 9
    Part 4 - s 17, (Facilitation of Proof)


-----Original Message-----
From: Jason Coombs [mailto:jasonc () science org]
Sent: 10 February 2006 7:07
To: Craig Wright
Cc: dave kleiman; security-basics () securityfocus com; Robinson, Sonja
Subject: Re: Spam: RE: Forensic/Cyber Crime Investigator

Craig Wright wrote:
The comment "It is best practice to treat all cases as they may end up
in litigation."

Importantly, there are no rules of evidence in civil litigation. The
parties merely raise whatever objections they can think of to the
legitimacy of the electronic discovery, and the court adjudicates each
motion. There is no such thing as "electronic evidence" in civil court.

Furthermore, rules of evidence apply only to law enforcement in criminal
cases. A defendant could fabricate information that appears to clear her
of any wrongdoing, and it could be admissable at trial. It would be up
to law enforcement to find proof that the information is not evidence of
innocence but is forged. This is where the 'questioned documents' field
of forensics enters the picture.

Anything that a non-law enforcement investigator finds that may be
valuable for either the prosecution or the defense simply enters the
fray. Arguments are made before the court, and the whole process moves
forward. Only under extraordinary circumstances would a third-party
computer investigator who botches the 'forensic controls' and 'proper
procedure' cause 'evidence' to be excluded. The jury will ultimately
give the 'evidence' whatever weight they decide to give it, and
hopefully somebody on either side (or perhaps the court) is smart enough
to explain that there is no difference between writing on a piece of
paper and the big hunk of machinery in the corner of the courtroom with
the blinking lights and beeping sounds (or all those contraband digital
videos) in it, that the machine simply holds documents and the jury must
decide if the defendant authored those documents or placed them in
storage as possessions.

Claiming that electronic investigations always produces "digital
evidence" and therefore must always employ "forensics" in order to
discover them is nonsense.


Jason Coombs
jasonc () science org

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]