mailing list archives
Re: Fw: [IACIS-L] Statement by Defense Expert
From: Valdis.Kletnieks () vt edu
Date: Wed, 06 Jun 2007 16:47:35 -0400
On Wed, 06 Jun 2007 04:36:08 -0000, =?utf-8?B?SmFzb24gQ29vbWJz?= said:
Until and unless a person has worked for years as a software engineer, and
has studied technical details of information security including the creation
and exploitation of software bugs to force software to do things that it was
never designed to do, there is no way that a person can imagine the precise
technical implications of the sort of scenarios that we encounter in the real
world when law enforcement computer examiners and prosecutors collaborate to
transform a particular bit of data into forensic evidence of guilt to be used
against a person who stands accused of a crime.
So I take it that law enforcement computer examiners and prosecutors *do* have
the years of experience in software engineering and exploit construction and
use, to qualify them to translate a bit of data into forensic evidence of guilt?
Since the standard is "innocent until proven guilty", it would seem that the
prosecution's interpretation would need to be even *more* technically rigorous
that the defense's interpretation. However, the number of district attorneys
and detectives that have 10 and 20 years of full-time work experience in
computer security is very limited, so one wonders why the court would accept
the findings from a prosecution expert that doesn't have the qualifications that
you imply a defense expert should have?
Also - do you require that all DNA testing be done by a professional with several
decades of research in genetics, or do you allow a well-trained technician to
do the work?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/