Penetration Testing mailing list archives
RE: Licensed Penetration Tester LPT
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 27 Apr 2006 15:34:49 +1000
Hello, More FUD. Statute is not the be all and end all in law. The US is a common law country. Convention and interpreted rules change the way that statute is read. Lots of people try to read many things into the law to protect their own personal interests. This is the nature of the world. There are rules of evidence in all jurisdictions. The nature of an expert witness is to act as a "friend of the court". "Just the facts Mam..." The idea is that you stick to the facts. The moment you get into opinion is where issues may arise. Expert testimony is about fact. Not opinion. People who call themselves Computer Forensic experts abound. Digital forensics is a science; it needs to be treated as such. PI licenses are not needed if you actually stick to the role you are engaged to do and remember that. The Georgia statute states "An attorney at law or a bona fide legal assistant in performing his or her duties" is excluded. There are two instances where a person (who is an expert as defined in law) may be called: 1 Private law cases (Contracts, Property, Torts etc, ie Civil action) 2 Criminal Law cases (cases that are punitive in nature under a criminal inditement process). The Georgia law is applicable to criminal law cases - and ONLY criminal law cases. If you are hired by the state (i.e. Police, AG etc) - you are covered under exemption. If you are hired by the defence, you are hired by the attorney. This means that you also become covered under the rule unless you are ignorant of judicial requirements and start spouting opinion without a solid factual basis. The role of the expert again is fact. The jury makes the determination. As an expert you have NO opinion (or at least should have no opinion). You find and present the facts and nothing but the facts. "The securing of evidence in the course of the private detective business" is important. It is crucial that the preamble and case law is read. Before mouthing off about how the law is making us all criminals, try to understand the law. Regards, Craig -----Original Message----- Phil Frederick wrote:
This is happening now. Georgia has pending legislation for forensic examination of information systems. If you aren't licensed as an Investigator in the state, you can be charged with a felony if the law passes. I can't find a link, but I swear I read this a couple days ago. Anyone have any info, or was I hallucinating :)
http://www.securityfocus.com/columnists/399/1 Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Re: Licensed Penetration Tester LPT, (continued)
- Re: Licensed Penetration Tester LPT Chris Hajer (Apr 26)
- Re: Licensed Penetration Tester LPT Tim (Apr 26)
- Re: Licensed Penetration Tester LPT xelerated (Apr 26)
- Re: Licensed Penetration Tester LPT Richard Van Luvender (Apr 27)
- Re: Licensed Penetration Tester LPT Brian Anderson (Apr 26)
- Re: Licensed Penetration Tester LPT Maudite MLRL (Apr 25)
- RE: Licensed Penetration Tester LPT Ramsdell, Scott (Apr 26)
- RE: Licensed Penetration Tester LPT jim (Apr 27)
- RE: Licensed Penetration Tester LPT v b (Apr 27)
- RE: Licensed Penetration Tester LPT jim (Apr 27)
- RE: Licensed Penetration Tester LPT Steve Jensen (Apr 26)
- RE: Licensed Penetration Tester LPT Craig Wright (Apr 27)
- RE: Licensed Penetration Tester LPT Frank Knobbe (Apr 27)
- Re: Licensed Penetration Tester LPT Mark Teicher (Apr 27)
- Re: Licensed Penetration Tester LPT Mark Teicher (Apr 27)
- Re: Licensed Penetration Tester LPT Gene Cronk (Apr 27)
- RE: Licensed Penetration Tester LPT Craig Wright (Apr 27)
- RE: Licensed Penetration Tester LPT Damien Dinh (Apr 27)
- Re: Licensed Penetration Tester LPT Mark Teicher (Apr 27)
- RE: Licensed Penetration Tester LPT Mark Teicher (Apr 27)