Educause Security Discussion mailing list archives
Re: Computer Forensic Requirements
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Tue, 27 May 2008 08:39:28 -0700
Any incident, whether it ends up in civil or criminal court, should be treated and processed as if it will from the beginning. That means that your staff should have specific training and/or certifications to perform in a manner that will preserve evidence and not corrupt the "crime scene." If your state requires that a certified forensic specialist or analyst who will conduct investigations and provide expert testimony in court must also be licensed as a private investigator, then your staff who are expected to perform this role as forensics specialists will also need to be licensed as private investigators. It is even possible that the office they work out of will need to be a licensed agency--depending on the various state regulations. Some states license PI's separately for carry (armed) or non-carry (unarmed), as well. This can get into a deep wormpile when it comes to educational institutions requiring staff to be unarmed PI's, and institutional security offices to be licensed as PI agencies. This should trigger a serious review of incident response standards and procedures. How far do you want your staff to go, what liability do you want your institution to carry with "investigations," and wouldn't you really rather just bring in the necessary trained and certified professionals when needed? At least, they are--or should be--cognizant of the applicable laws regarding evidence, privacy, and legal investigation. A key in many of the state requirements--as I understand it--is if the person is certified as a forensic specialist or analyst, they must apply for, qualify and be granted a license as a PI before they can conduct an investigation (forensic examination) that would be admissible (or at least believable by a jury) in court and not run you afoul of various privacy and other laws. The operative terms are "investigation" and "certified forensic analyst." I'm not a lawyer, so you still need to get some input from that faction. This is still a relatively new field. You're likely to get some wildly varying viewpoints. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Douglas Gale Sent: Monday, May 26, 2008 10:58 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Computer Forensic Requirements A number of states, including New York, South Carolina, and Texas, either require or are considering requiring computer forensic specialists to have a private investigator (PI) license. A cursory reading of the various regulations in those states (I am not a lawyer) implies that this applies to a college or university employing an external firm for digital forensics. What is less clear to me is whether or not it applies if internal staff is used for analysis. Do they have to be licensed? Or do they have to be licensed only if the findings are used in civil or criminal proceedings? What about non-profit consortiums (e.g. state networks) that provide security services to their higher education members? Has anyone had any experience with this issue or obtained legal opinions?
Current thread:
- Computer Forensic Requirements Douglas Gale (May 26)
- <Possible follow-ups>
- Re: Computer Forensic Requirements Pace, Guy (May 27)