Home page logo
/

basics logo Security Basics mailing list archives

Re: Spam: RE: Forensic/Cyber Crime Investigator
From: Jason Coombs <jasonc () science org>
Date: Fri, 10 Feb 2006 09:07:23 +1300

Craig Wright wrote:
The comment "It is best practice to treat all cases as they may end up in litigation."

Importantly, there are no rules of evidence in civil litigation. The parties merely raise whatever objections they can think of to the legitimacy of the electronic discovery, and the court adjudicates each motion. There is no such thing as "electronic evidence" in civil court.

Furthermore, rules of evidence apply only to law enforcement in criminal cases. A defendant could fabricate information that appears to clear her of any wrongdoing, and it could be admissable at trial. It would be up to law enforcement to find proof that the information is not evidence of innocence but is forged. This is where the 'questioned documents' field of forensics enters the picture.

Anything that a non-law enforcement investigator finds that may be valuable for either the prosecution or the defense simply enters the fray. Arguments are made before the court, and the whole process moves forward. Only under extraordinary circumstances would a third-party computer investigator who botches the 'forensic controls' and 'proper procedure' cause 'evidence' to be excluded. The jury will ultimately give the 'evidence' whatever weight they decide to give it, and hopefully somebody on either side (or perhaps the court) is smart enough to explain that there is no difference between writing on a piece of paper and the big hunk of machinery in the corner of the courtroom with the blinking lights and beeping sounds (or all those contraband digital videos) in it, that the machine simply holds documents and the jury must decide if the defendant authored those documents or placed them in storage as possessions.

Claiming that electronic investigations always produces "digital evidence" and therefore must always employ "forensics" in order to discover them is nonsense.

Regards,

Jason Coombs
jasonc () science org

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]