Security Basics mailing list archives
RE: Law Enforcement Foresics Tools
From: "TVB NOC" <tvbnoc () temeculavalleybank com>
Date: Tue, 5 Feb 2008 12:06:56 -0800
Any evidence that is gathered, rather it is virtual, physical, or other, needs to follow a court approved process. An Encase Certified Investigator using Encase software can have their evidence thrown out just as quickly as someone utilizing an open source solution if a Judge or court deems the evidence was not gathered or handle properly. The only problem sometimes with open source solutions in a court room, is that someone can argue that the solution used is not certifiable and therefore can be subject to providing false positives... Just my 2 cents... Again, like Samuel stated, I am not trying to argue, just providing information based on what I have read in the past or watched on TV... -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mason, Samuel Sent: Tuesday, February 05, 2008 10:29 AM To: 'gillettdavid () fhda edu'; 'Michael Condon'; security-basics () securityfocus com Subject: RE: Law Enforcement Foresics Tools No disrespect intended (and I'm not trying to start an argument) but I think it's important to state that court systems do not approve or disapprove forensic tools. Therefore a freeware tool should be, from a court perspective, just as good as a purchased tool. What I've heard from experts (having never tried a case in court myself) is that evidence without a chain of custody, timelines, and other sound forensic practices is just as likely to be shot down from EnCase as any other tool. Again, not saying you had proposed this per se in your message but I thought I'd pass along that chestnut of wisdom from pros. Samuel Mason CISSP, GCFA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Gillett Sent: Wednesday, January 30, 2008 9:54 AM To: 'Michael Condon'; security-basics () securityfocus com Subject: RE: Law Enforcement Foresics Tools As I understand it, EnCase has sold well in that market, and evidence collected by an EnCase-certified investigator using this tool is unlikely to be challenged *on technical grounds* in court. Dave Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Condon Sent: Tuesday, January 29, 2008 8:51 PM To: security-basics () securityfocus com Subject: Law Enforcement Foresics Tools What are the primary Forensics Tools used by local, state, federal Law Enforcement? Michael Condon
Current thread:
- BitStream Copy Utility, (continued)
- BitStream Copy Utility Michael Condon (Feb 04)
- Re: BitStream Copy Utility Ansgar -59cobalt- Wiechers (Feb 04)
- RE: BitStream Copy Utility Murda Mcloud (Feb 05)
- Re: BitStream Copy Utility Michael Condon (Feb 05)
- Re: BitStream Copy Utility Ansgar -59cobalt- Wiechers (Feb 05)
- RE: BitStream Copy Utility Murda Mcloud (Feb 05)
- Re: BitStream Copy Utility Brian Johnson (Feb 05)
- BitStream Copy Utility Michael Condon (Feb 04)
- Re: BitStream Copy Utility p1g (Feb 05)
- Re: BitStream Copy Utility Nikhil Wagholikar (Feb 07)
- RE: Law Enforcement Foresics Tools TVB NOC (Feb 05)
- RE: Law Enforcement Foresics Tools Craig Wright (Feb 08)