RE: PI to do Forensics? WAS: Re: Two questions

["Scott Moulton" <SMoulton () nicservices com>]

That was the old laws, I am not sure that is the new current law in SC.
I understand the new law to state specifically "Digital Investigations".
Here is the Georgia introduction that is getting introduced everywhere.
It passed but we yelled a lot and it got vetoed. But I have been told
they will try again this year. Notice the " any type of digital or
electronic information"

"(3) 'Private detective business' means providing or accepting
employment to provide protection of individuals from death or serious
bodily harm or the business of obtaining or furnishing, or accepting
employment to obtain or to furnish, information, including but not
limited to any type of digital or electronic information, with reference
to:

http://www.legis.ga.gov/legis/2007_08/fulltext/hb504.htm

----------------------------------------------------------
Scott A. Moulton / Certified Computer Forensic Specialist 
Forensic Strategy Services, LLC & My Hard Drive Died &
Network Installation Computer Services, Inc.
----------------------------------------------------------
601b Industrial Court, Woodstock, Ga 30189 
Phone: 770-926-5588 Fax: 770-926-7089
Web: www.NetworkInstallation.com
Web: www.ForensicStrategy.com
Web: www.MyHardDriveDied.com
----------------------------------------------------------


-----Original Message-----
From: Jon R. Kibler [mailto:Jon.Kibler () aset com] 
Sent: Tuesday, February 26, 2008 4:49 PM
To: security basics
Cc: Scott Moulton; Bert Knabe
Subject: Re: PI to do Forensics? WAS: Re: Two questions

Okay,

I AM NOT A LAWYER, but...

I just found time to break down and read the SC PI statute.

It says that you must be a PI to "... to obtain or furnish
information with reference to the: identity, habits, conduct,
business, occupation, honesty, integrity, credibility, knowledge,
trustworthiness, efficiency, loyalty, activity, movement,
whereabouts, affiliations, associations, transactions, acts,
reputation, or character of a person; (or) ... securing of evidence
to be used in a criminal or civil proceeding, or before a board, an
administrative agency, an officer, or investigating committee..."

Computer forensics is not explicitly mentioned, but I would think
that the 'securing of evidence' probably includes that too. What
worries me is that IDSes, network monitoring, maybe even log
capture and analysis could fall into that category.

I am not a lawyer. However, I can see where it could be twisted
such that if I worked for a company, and I got caught violating
company policy through someone in IT looking for evidence of a
policy violation, and that person was a PI, they either could
not use that evidence to punish me, of if they did and I was to
turn around a sue them, that evidence could not be used in court.

You can check your own state's laws at:
        http://www.law.cornell.edu/states/listing.html

IMHO, if you are doing incident response or computer/network
forensics -- including intrusion detection -- you should get
legal advice!

Jon
-- 
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
m: 843-224-2494




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.