mailing list archives
RE: Forensic/Cyber Crime Investigator
From: "Craig Wright" <cwright () bdosyd com au>
Date: Sat, 11 Feb 2006 08:21:18 +1100
To briefly go into a couple things.
To contradict several posts that have stated there are no standard processes for digital forensics;
1 Australia, Standards Australia has a handbook for the collection and presentation of digital evidence
2 UK, the Association of Chief Police Officers has drafted guidelines in relation to prefered forensic
proceedures. Bell (2002, p323) quereies wheter a statuory scheme under the Police and Criminal Evidence Act 1984 would
be more appropriate.
3 Standardised forensic proceedures have been developed by the FBI's Computer Analysis Response Team (CART)
We all know that there are other possible methods than these, but the simple answer is that a departure may lead to a
challenge from the defense council.
Next in the US as most of the responses have come from (and I have had to do a hell of a lot of reading as AU law and
US law though similar are not the same) the US;
The courts have commented on "textbook best practice". See - United States v Trumph Capital Group Inc. 211 FRD 31.
More on standard forensic proceedures may be optained from (in the US)
USA, Circuit Court for Winnebago County (trial)
State of Wisconsin, Court of Appeals, 24 May 2000 (appeal)
2000 WI App 128
This was a Child Pron Case. The accused was charged with 19 counts - 4th Ammendment challenge, discovery under warrant
As for sufficent accuaracy of records see
United States v Salgado, 250 F 3d 438 (6th Cir, 2001)
For process in obtaining evidence;
USA, 175th Judicial Court, Bexar County, Texas (Trial); Court of Appeals, San Antonio, Texas, 11 June 2003 (appeal
Ref http://www.4law.co.il/Le558.htm (appeal decision)
Another case of child porn. Process in obtaining evidence, pleading the 4th, "expectation of privacy", pleaded guilty
So much for brief. I promise the list and all those who have asked to compile a list of statistical sources on Monday.
This will include those from the Australian Institute of Criminology, CCH, Various Court Reports etc...I can not
promise access to the jounals or even send copies without getting permission from the copyright holders.
References (being that it seems I have to start referencing posts these days - and to keep stating I do NOT like Google
- there are REAL search facilities on REAL data - eg Books24x7, Safari, Emerald and other JOURNAL searches - this is a
benifit of University over just a Cert ;)
Bell, R. E. (2002) "The prosecution of Computer Crime", Journal of Financial Crime, vol. 9 no. 4, pp 308-325
PS - please forgive any spelling errors as this is just a text terminal on the road and checking is difficult at the
PPS - I have started using Google to filter information such that I place a higher relivance to facts that re not
available from Google ;)
PPS - please do not ask me for court transcripts. I can get them yes, but they a) cost money, b) are copyrite.
PPPS - for any queries concerning legal process in any other unmentioned country - 3 is enough, sorry
From: evb [mailto:swiver () cox net]
Sent: Fri 10/02/2006 5:23 AM
To: security-basics () securityfocus com
Subject: RE: Forensic/Cyber Crime Investigator
:there are legislative implications with the
:use of the word.
And what would those be?
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within
those States and Territories of Australia where such legislation exists.
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by
a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference,
interception, corruption or unauthorised access.
- Forensic/Cyber Crime Investigator, (continued)