Security Basics mailing list archives
RE: Spam: RE: Forensic/Cyber Crime Investigator
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 10 Feb 2006 08:33:10 +1100
Hi Jason This is the first point of yours I will have to disagree with. You state "rules of evidence apply only to law enforcement in criminal cases" Civil cases may be based on a "balance of probability" and are not tried "beyond reasonable doubt". This has an exception in cases of civil fraud allegations which are treated as criminal (and other rarer though similar rules). I am not an expert on US law (though it is based on common law practice as well). Uniform evidence law does apply in Australia (and the UK also). My comments must be weighted based on the juristic ional basis that I work in. Most civil cases here are ex judis and do not have a jury. I will place reliance on Australian and NSWSC rules for comments. From this I have to point the argument to Odgers (2004) and the sections I have sent off previously. Odgers, S; Peden, E; Kumar, M (2004) "Companion to Uniform Evidence Law", Thomson Lawbook Co. Part 3 - Admissibility of Evidence, s7 (Hearsay), s 8 (Opinion), s 9 (Admissions) Part 4 - s 17, (Facilitation of Proof) Regards Craig -----Original Message----- From: Jason Coombs [mailto:jasonc () science org] Sent: 10 February 2006 7:07 To: Craig Wright Cc: dave kleiman; security-basics () securityfocus com; Robinson, Sonja Subject: Re: Spam: RE: Forensic/Cyber Crime Investigator Craig Wright wrote:
The comment "It is best practice to treat all cases as they may end up
in litigation." Importantly, there are no rules of evidence in civil litigation. The parties merely raise whatever objections they can think of to the legitimacy of the electronic discovery, and the court adjudicates each motion. There is no such thing as "electronic evidence" in civil court. Furthermore, rules of evidence apply only to law enforcement in criminal cases. A defendant could fabricate information that appears to clear her of any wrongdoing, and it could be admissable at trial. It would be up to law enforcement to find proof that the information is not evidence of innocence but is forged. This is where the 'questioned documents' field of forensics enters the picture. Anything that a non-law enforcement investigator finds that may be valuable for either the prosecution or the defense simply enters the fray. Arguments are made before the court, and the whole process moves forward. Only under extraordinary circumstances would a third-party computer investigator who botches the 'forensic controls' and 'proper procedure' cause 'evidence' to be excluded. The jury will ultimately give the 'evidence' whatever weight they decide to give it, and hopefully somebody on either side (or perhaps the court) is smart enough to explain that there is no difference between writing on a piece of paper and the big hunk of machinery in the corner of the courtroom with the blinking lights and beeping sounds (or all those contraband digital videos) in it, that the machine simply holds documents and the jury must decide if the defendant authored those documents or placed them in storage as possessions. Claiming that electronic investigations always produces "digital evidence" and therefore must always employ "forensics" in order to discover them is nonsense. Regards, Jason Coombs jasonc () science org Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Spam: RE: Forensic/Cyber Crime Investigator, (continued)
- RE: Spam: RE: Forensic/Cyber Crime Investigator Robinson, Sonja (Feb 08)
- RE: Spam: RE: Forensic/Cyber Crime Investigator Craig Wright (Feb 08)
- Re: Spam: RE: Forensic/Cyber Crime Investigator Jason Coombs (Feb 09)
- RE: Spam: RE: Forensic/Cyber Crime Investigator dave kleiman (Feb 09)
- RE: Spam: RE: Forensic/Cyber Crime Investigator Craig Wright (Feb 09)
- Re: Spam: RE: Forensic/Cyber Crime Investigator Jason Coombs (Feb 10)
- RE: Spam: RE: Forensic/Cyber Crime Investigator Craig Wright (Feb 09)
- RE: Forensic/Cyber Crime Investigator evb (Feb 10)
- Re: Spam: RE: Forensic/Cyber Crime Investigator Bob Radvanovsky (Feb 09)
- Re: Spam: RE: Forensic/Cyber Crime Investigator Jason Coombs (Feb 09)
- RE: Spam: RE: Forensic/Cyber Crime Investigator Craig Wright (Feb 10)
- Re: Spam: RE: Forensic/Cyber Crime Investigator Craig, Tobin (OIG) (Feb 13)