RE: Licensed Penetration Tester LPT

["Craig Wright" <cwright () bdosyd com au>]

Hello,
More FUD. Statute is not the be all and end all in law. The US is a
common law country. Convention and interpreted rules change the way that
statute is read.

Lots of people try to read many things into the law to protect their own
personal interests. This is the nature of the world. There are rules of
evidence in all jurisdictions. The nature of an expert witness is to act
as a "friend of the court".

"Just the facts Mam..."
The idea is that you stick to the facts. The moment you get into opinion
is where issues may arise. Expert testimony is about fact. Not opinion.

People who call themselves Computer Forensic experts abound. Digital
forensics is a science; it needs to be treated as such. PI licenses are
not needed if you actually stick to the role you are engaged to do and
remember that.

The Georgia statute states "An attorney at law or a bona fide legal
assistant in performing his or her duties" is excluded. There are two
instances where a person (who is an expert as defined in law) may be
called:
1       Private law cases (Contracts, Property, Torts etc, ie Civil
action)
2       Criminal Law cases (cases that are punitive in nature under a
criminal inditement process).

The Georgia law is applicable to criminal law cases - and ONLY criminal
law cases.

If you are hired by the state (i.e. Police, AG etc) - you are covered
under exemption. If you are hired by the defence, you are hired by the
attorney. This means that you also become covered under the rule unless
you are ignorant of judicial requirements and start spouting opinion
without a solid factual basis.

The role of the expert again is fact. The jury makes the determination.
As an expert you have NO opinion (or at least should have no opinion).
You find and present the facts and nothing but the facts.

"The securing of evidence in the course of the private detective
business" is important. It is crucial that the preamble and case law is
read. Before mouthing off about how the law is making us all criminals,
try to understand the law.

Regards,
Craig

-----Original Message-----

Phil Frederick wrote:
> This is happening now.  Georgia has pending legislation for forensic
> examination of information systems.  If you aren't licensed as an
> Investigator in the state, you can be charged with a felony if the law
> passes.
>
> I can't find a link, but I swear I read this a couple days ago.
> Anyone have any info, or was I hallucinating :)

http://www.securityfocus.com/columnists/399/1




Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------