Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Is a career change to Computer Forensics fantasy or can it bereality?

From: Murda Mcloud <murdamcloud () bigpond com>
Date: Wed, 13 Dec 2006 16:44:51 +1000
This is quite an interesting article relating to this point-I thought Paula
simply meant that the expert had to be 'tested' so to speak before being
allowed to be heard in a trial. 

http://www.scl.org/editorial.asp?i=1416



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Craig Wright
Sent: Monday, December 11, 2006 8:33 AM
To: security-basics () securityfocus com
Subject: FW: Is a career change to Computer Forensics fantasy or can it
bereality?


What planet are you from?

The comment "To testify as an expert you must be "certified" to do so by
the Court." Is just BS! The parties and the court accept the expert or
they counter with other "experts". This allows them to introduce
"opinion". Their testimony is weighted based on their credibility.

As an example... AU

EVIDENCE ACT 1995 - SECT 79


Exception: opinions based on specialised knowledge


If a person has specialised knowledge based on the person's training,
study or experience, the opinion rule does not apply to evidence of an
opinion of that person that is wholly or substantially based on that
knowledge.

And ... UK

"If matters arise in our law which concern other sciences or faculties,
we commonly apply for the aid of that science or faculty which it
concerns" Buckley v Rice Thomas (1554)

The expert witness is, thus, an exception to the exclusionary rule and
is permitted to give opinion evidence. In civil litigation this has
statutory authority in the UK:

"Where a person is called as a witness in any civil proceedings, his
opinion on any relevant matter on which he is qualified to give expert
evidence shall be admissible in evidence" Civil Evidence Act 1972, S.3
(1).

I can keep going on US, ECJ etc if you wish, but the fact is that there
is nothing to "certify" an expert. In Sub-juris cases you have to be
able to convince the justices of your merit. When in front of a Jury,
you need to convince them. At the same time the opposing council will
try to tear down your credibility. The duty of an expert is to the
court! Not to any party - even the one paying you. Truth first, loyalty
to the court. See the guidelines below.

And as for how an expert should behave...

http://www.fedcourt.gov.au/how/prac_direction.html

Regards,

Craig






-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Paula McPherson
Sent: Friday, 8 December 2006 9:24 PM
To: gillettdavid () fhda edu; reapersoft () gmail com;
security-basics () securityfocus com
Subject: RE: Is a career change to Computer Forensics fantasy or can it
bereality?




To testify as an expert you must be "certified" to do so by the Court.

Either through a voir dire of your Vitae (examination and
cross-examination

of one's professional expertise including review of all published works)
or

stipulation of parties, one way or the other the dude taking the stand
has

to be a hardware and software God.





Though I came from a legal background, I did not come to system security

late; I had to wait for them to upgrade the abacas.




-----Original Message-----

From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On

Behalf Of David Gillett

Sent: Wednesday, December 06, 2006 7:41 PM

To: reapersoft () gmail com; security-basics () securityfocus com

Subject: RE: Is a career change to Computer Forensics fantasy or can it
be

reality?





There has always been a conflict in my mind that one who




persues Forensics needs to first be a Security/IT type, I




have seen where this looks to be true and where it does not,




perhaps someone can comment on that.





  There are at least two common definitions of "Computer Forensics",

which *do* overlap.  Undoubtedly, some of the sources you've seen

are using one and some another.




1.  Investigation of Computer Security Incidents

  A lot of this is recognizing what's abnormal and figuring out how

it came about.  Obviously, someone without an IT background is going

to be ill-equipped for this.




2.  Recovering Evidence from Computer Systems

  This is all about being able to testify, as necessary, at termination

hearings, lawsuits, and even criminal trials, as to things like

standard procedures, sanitary methods, chain of custody, and the like.

Detailed IT knowledge is helpful, but is more essential to tool authors

than to tool users.  Although the evidence is stored in a digital


information system, the acts of which it provides evidence need not

involve any violation of computer security, but are more often evidence

of fraud, infidelity, or other sorts of non-computer malfeasance.




  Certifications come in both flavors, too.  My impression is that the

particular certs you've listed are attempting to certify expertise under

the first definition; under the second, courts have decided to accept

evidence retrieved by a few specific tools *when used by a vendor-

certified operator*, and so each tool has its vendor certification

program.

  (Jobs in the second category have so far mostly been with law
enforcement

and prosecutorial agencies, although I expect that at some point there
will


begin to be a market for these skills on the defendant side as well.)




  To those who use the second definition, activities under the first

definition are a subset of "Incident Response", and you may find it

easier to get into that general field and then specialize in the
particular

aspect that interests you, than to try to go directly into
specialization.




David Gillett











-----Original Message-----



From: listbounce () securityfocus com




[mailto:listbounce () securityfocus com] On Behalf Of




reapersoft () gmail com



Sent: Tuesday, December 05, 2006 5:04 AM



To: security-basics () securityfocus com



Subject: Is a career change to Computer Forensics fantasy or




can it be reality?








Hello,








I am a software engineer working in the VoIP space.  I am




looking to change my career path and get into Computer Forensics.








Without any experience its going to be a tough road but I




believe my troubleshooting skills and software experience can




help.  My troubleshooting ability can be valuable on the




investigation side of things, I generally will "chew" on a




problem until its solved or at least until I have another way




to debug it and gather more information.  My programming




skills can come in handy for gathering information during an




investigation when its a network intrusion or for malware




analysis, at least this is my reasoning. 









Some things I am doing now is reading books (File System




Forensic Analysis, Real Digital Forensic etc...) and




listening to relevant podcasts but that only takes one so




far.  My other thought is to get one of the many




certifications out there so that when I attempt to gain




employment I am at least showing some initiative and not just




a passing interest in the field.  Spending some of my own




money shows a committment to my goal.








There has always been a conflict in my mind that one who




persues Forensics needs to first be a Security/IT type, I




have seen where this looks to be true and where it does not,




perhaps someone can comment on that.








I am looking for opinions on what certifications I might




spend my money on.  Should I go with a security cert, a pure




forensics cert, some combination of both or neither.








Some of the Forensic specific certs I have been evaluating




are the SANS GCFA and ISFCE CCE.








I have posted this to the SecurityFocus Forensics list but it




was rejected because it was off topic.  I did however get




some good feedback from the lists' moderator, thanks for that!



I wish to get some more feedback from others so hopefully the




Basics list is the place to post.








In a nutshell:








Can one get into the field of Computer Forensics thru self




study and getting a certification or is it such a closed




field that I should look elsewhere for a career change and




not waste my time/money?








Is the field primarily based on experience and not certs?








Any and all opinions are welcome.








Thanks in advance,








MH








--------------------------------------------------------------



-------------



This list is sponsored by: ByteCrusher








Detect Malicious Web Content and Exploits in Real-Time.



Anti-Virus engines can't detect unknown or new threats.



LinkScanner can. Web surfing just became a whole lot safer.








http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=s



fmaildetect



--------------------------------------------------------------



-------------













------------------------------------------------------------------------
---

This list is sponsored by: ByteCrusher




Detect Malicious Web Content and Exploits in Real-Time.

Anti-Virus engines can't detect unknown or new threats.

LinkScanner can. Web surfing just became a whole lot safer.




http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec
t

------------------------------------------------------------------------
---







------------------------------------------------------------------------
---

This list is sponsored by: ByteCrusher




Detect Malicious Web Content and Exploits in Real-Time.

Anti-Virus engines can't detect unknown or new threats.

LinkScanner can. Web surfing just became a whole lot safer.




http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec
t

------------------------------------------------------------------------
---





Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential.
If you are not the intended recipient, you must not use or disclose the
information. If you have received this email in error, please inform us
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
email and destroy any printed copy. 


Any views expressed in this message are those of the individual sender. You
may not rely on this message as advice unless it has been electronically
signed by a Partner of BDO or it is subsequently confirmed by letter or fax
signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: