Home page logo
/

basics logo Security Basics mailing list archives

Re: Spam: RE: Forensic/Cyber Crime Investigator
From: "Craig, Tobin (OIG)" <tobin.craig () va gov>
Date: Sat, 11 Feb 2006 12:23:25 -0500

hopefully somebody on either side (or perhaps the court) is smart enough 
to explain that there is no difference between writing on a piece of 
paper and the big hunk of machinery in the corner of the courtroom with 
the blinking lights and beeping sounds (or all those contraband digital 
videos) in it, 

Hopefully someone IS smart enough to explain there is a WORLD of difference between a written document and a computer!!

I'm not going to go into this any more other than to say that as a certified Questioned Document examiner AND as a 
certified Computer examiner, you have once more done nothing but demonstrate your own distorted bias. There is no point 
in me or anyone cautioning you about what you say in your emails, but I will caution those who have to read your 
postings. 

Just my opinion, nothing more, nothing less.

Tobin




-----Original Message-----
From: Jason Coombs <jasonc () science org>
To: Craig Wright <cwright () bdosyd com au>
CC: dave kleiman <dave () davekleiman com>; security-basics () securityfocus com <security-basics () securityfocus 
com>; Robinson, Sonja <SRobinson () HIPUSA com>
Sent: Thu Feb 09 15:07:23 2006
Subject: Re: Spam: RE: Forensic/Cyber Crime Investigator

Craig Wright wrote:
The comment "It is best practice to treat all cases as they may end up in litigation."

Importantly, there are no rules of evidence in civil litigation. The 
parties merely raise whatever objections they can think of to the 
legitimacy of the electronic discovery, and the court adjudicates each 
motion. There is no such thing as "electronic evidence" in civil court.

Furthermore, rules of evidence apply only to law enforcement in criminal 
cases. A defendant could fabricate information that appears to clear her 
of any wrongdoing, and it could be admissable at trial. It would be up 
to law enforcement to find proof that the information is not evidence of 
innocence but is forged. This is where the 'questioned documents' field 
of forensics enters the picture.

Anything that a non-law enforcement investigator finds that may be 
valuable for either the prosecution or the defense simply enters the 
fray. Arguments are made before the court, and the whole process moves 
forward. Only under extraordinary circumstances would a third-party 
computer investigator who botches the 'forensic controls' and 'proper 
procedure' cause 'evidence' to be excluded. The jury will ultimately 
give the 'evidence' whatever weight they decide to give it, and 
hopefully somebody on either side (or perhaps the court) is smart enough 
to explain that there is no difference between writing on a piece of 
paper and the big hunk of machinery in the corner of the courtroom with 
the blinking lights and beeping sounds (or all those contraband digital 
videos) in it, that the machine simply holds documents and the jury must 
decide if the defendant authored those documents or placed them in 
storage as possessions.

Claiming that electronic investigations always produces "digital 
evidence" and therefore must always employ "forensics" in order to 
discover them is nonsense.

Regards,

Jason Coombs
jasonc () science org

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault