Security Basics mailing list archives

RE: Law Enforcement Foresics Tools

From: Craig Wright <Craig.Wright () bdo com au>
Date: Fri, 8 Feb 2008 13:39:33 +1100


You can just as easily argue that Encase is subject to false positives as all software is.

Based on evidence law, this is a silly argument. Printed log file are admitted more than occasionally. Good practice 
means more then tools.

Regards,
Dr Craig Wright (GSE-Compliance)


Craig Wright
Manager of Information Systems

Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential. If you are not the named addressee you must not 
read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received 
this message in error, please notify the sender by return email, destroy all copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. 
You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or 
Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer 
viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may 
result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy 
statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator () 
bdo com au.

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of TVB NOC
Sent: Wednesday, 6 February 2008 7:07 AM
To: Mason, Samuel; gillettdavid () fhda edu; Michael Condon; security-basics () securityfocus com
Subject: RE: Law Enforcement Foresics Tools

Any evidence that is gathered, rather it is virtual, physical, or other,
needs to follow a court approved process. An Encase Certified
Investigator using Encase software can have their evidence thrown out
just as quickly as someone utilizing an open source solution if a Judge
or court deems the evidence was not gathered or handle properly.

The only problem sometimes with open source solutions in a court room,
is that someone can argue that the solution used is not certifiable and
therefore can be subject to providing false positives...

Just my 2 cents... Again, like Samuel stated, I am not trying to argue,
just providing information based on what I have read in the past or
watched on TV...

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mason, Samuel
Sent: Tuesday, February 05, 2008 10:29 AM
To: 'gillettdavid () fhda edu'; 'Michael Condon';
security-basics () securityfocus com
Subject: RE: Law Enforcement Foresics Tools

No disrespect intended (and I'm not trying to start an argument) but I
think it's important to state that court systems do not approve or
disapprove forensic tools. Therefore a freeware tool should be, from a
court perspective, just as good as a purchased tool. What I've heard
from experts (having never tried a case in court myself) is that
evidence without a chain of custody, timelines, and other sound forensic
practices is just as likely to be shot down from EnCase as any other
tool.

Again, not saying you had proposed this per se in your message but I
thought I'd pass along that chestnut of wisdom from pros.

Samuel Mason CISSP, GCFA

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of David Gillett
Sent: Wednesday, January 30, 2008 9:54 AM
To: 'Michael Condon'; security-basics () securityfocus com
Subject: RE: Law Enforcement Foresics Tools

  As I understand it, EnCase has sold well in that market, and evidence
collected by an EnCase-certified investigator using this tool is
unlikely
to be challenged *on technical grounds* in court.

Dave Gillett

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Michael Condon
Sent: Tuesday, January 29, 2008 8:51 PM
To: security-basics () securityfocus com
Subject: Law Enforcement Foresics Tools


What are the primary Forensics Tools used by local, state,
federal  Law Enforcement?
Michael Condon

Current thread:

Re: BitStream Copy Utility, (continued)
- - - Re: BitStream Copy Utility Ansgar -59cobalt- Wiechers (Feb 04)
    - RE: BitStream Copy Utility Murda Mcloud (Feb 05)
    - Re: BitStream Copy Utility Michael Condon (Feb 05)
    - Re: BitStream Copy Utility Ansgar -59cobalt- Wiechers (Feb 05)
    - RE: BitStream Copy Utility Murda Mcloud (Feb 05)
    - Re: BitStream Copy Utility Brian Johnson (Feb 05)
    - Re: BitStream Copy Utility p1g (Feb 05)
    - Re: BitStream Copy Utility Nikhil Wagholikar (Feb 07)
- RE: Law Enforcement Foresics Tools Mason, Samuel (Feb 05)
  - RE: Law Enforcement Foresics Tools TVB NOC (Feb 05)
    - RE: Law Enforcement Foresics Tools Craig Wright (Feb 08)