mailing list archives
RE: Licensed Penetration Tester LPT
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 28 Apr 2006 07:42:38 +1000
The difficultly is in language. That used on the list seldom conforms to
the legal use. Expert opinion is deemed to be that which is factually
correct in the court of law. This may be opinion based on the standing
and knowledge of the expert and the expert is to be held to account
(Tort of Negligence) for failure to apply an acceptable level of care.
Opinion as per your personal belief or as to the guilt or innocence of
either party are not relevant and any personal belief, any other aspect
of the term is likely to be used by the opposing party to their benefit.
I am happy to go on about the legal role of opinion and evidence, but I
think most people on the list are unlikely to want this.
Judges only decide fact "sub judice". This is in cases without a jury.
Any case in Georgia with expert forensic testimony will be lead before a
jury. The jury decides the facts, not the judge. The judge has the role
of applying law.
The judge's role is to apply the law to the determined facts. In cases
with a jury the facts are applied and decided by the jury (hence where
good advocates come into play - some should have been sales people).
"Surely not hired by defendant directly without involvement of
counsel?!" Well this can occur. It is the right (in most countries) of
the defendant to self determination. This is they may if they choose
You need to look at the primary focus of the task. Incident response
"may" involve going to court as a witness. This if you are working for
the firm taking action will be solely as a witness. You are a witness to
the event. This is not the same as being an expert witness hired to do
The primary focus of incident response is NOT to go to court. How many
people here go to work thinking, "who am I going to catch and charge
Now ask what the focus of the investigation is. If it is to see what has
occurred and forensically examine the host for signs of intrusion etc,
than this is not covered by the PI law.
If your primary goal is to go through systems in order to find evidence
against a particular person without any reason, i.e. an employee that
the company what's to fire is the "target". No justification is given.
No obvious damage has occurred etc. Than this may be covered, but this
is not what any ethical or responsible digital forensic analyst would
From: Frank Knobbe [mailto:frank () knobbe us]
Sent: Friday, 28 April 2006 1:56 AM
To: Craig Wright
Cc: pen-test () securityfocus com
Subject: RE: Licensed Penetration Tester LPT
On Thu, 2006-04-27 at 15:34 +1000, Craig Wright wrote:
The idea is that you stick to the facts. The moment you get into
is where issues may arise. Expert testimony is about fact. Not
You can't generalize like that. Expert testimony is very well about
opinion. Not your personal opinion/view of right or wrong (judges decide
that), but your opinion on the case matter. For example, the court may
ask you your opinion on the common/normal use of certain software where
the plaintiff/defendant is suspected of misusing it. Your opinion has to
be based on facts, not outside influence or such, but in the end, it is
your opinion that convinces a jury or helps a judge to understand the
circumstance so he can pass judgment.
The Georgia law is applicable to criminal law cases - and ONLY
If you are hired by the state (i.e. Police, AG etc) - you are covered
under exemption. If you are hired by the defence, you are hired by the
attorney. This means that you also become covered under the rule
you are ignorant of judicial requirements and start spouting opinion
without a solid factual basis.
I'm glad to hear that, and I think that most uses of expert witnesses
fall into this group (being hired by attorney, civil or district).
But I wonder in what circumstances this rule does apply then? If you're
not working for counsel, how else might you end up in court? Surely not
hired by defendant directly without involvement of counsel?!?
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within
those States and Territories of Australia where such legislation exists.
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may not rely on this message as advice
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by
a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference,
interception, corruption or unauthorised access.
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
- Re: Licensed Penetration Tester LPT, (continued)