Re: Fw: [IACIS-L] Statement by Defense Expert

[Valdis.Kletnieks () vt edu]

On Wed, 06 Jun 2007 04:36:08 -0000, =?utf-8?B?SmFzb24gQ29vbWJz?= said:
> Until and unless a person has worked for years as a software engineer, and
> has studied technical details of information security including the creation
> and exploitation of software bugs to force software to do things that it was
> never designed to do, there is no way that a person can imagine the precise
> technical implications of the sort of scenarios that we encounter in the real
> world when law enforcement computer examiners and prosecutors collaborate to
> transform a particular bit of data into forensic evidence of guilt to be used
> against a person who stands accused of a crime.

So I take it that law enforcement computer examiners and prosecutors *do* have
the years of experience in software engineering and exploit construction and
use, to qualify them to translate a bit of data into forensic evidence of guilt?

Since the standard is "innocent until proven guilty", it would seem that the
prosecution's interpretation would need to be even *more* technically rigorous
that the defense's interpretation.  However, the number of district attorneys
and detectives that have 10 and 20 years of full-time work experience in
computer security is very limited, so one wonders why the court would accept
the findings from a prosecution expert that doesn't have the qualifications that
you imply a defense expert should have?

Also - do you require that all DNA testing be done by a professional with several
decades of research in genetics, or do you allow a well-trained technician to
do the work?

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/