<< ANDRE SAID: For more advanced forensics, the best cert (certifications
are KEY for court cases) is the CFCE... >>
The CFCE is now available to law enforcement only, unless something has
recently changed. I'm comfortable in saying the CCE
(www.certified-computer-examiner.com) is now the dominant CF cert for the
private sector.
As for the tool debate in general, it's key to remember that the competence
of the examiner is paramount. As is cross-validation. A point-and-click
examiner (someone with no training who buys EnCase or some other tool and
starts performing forensic exams) is IMHO vulnerable in court no matter what
tools s/he may have used.
There are many great tools available, depending on the task at hand, and as
long as an examiner knows what s/he's doing and can demonstrate that
satisfactorily to the court, AND if the evidentiary chain of custody has
been protected such that the original evidence is still available, from
which the probative evidence at issue can be demonstrably produced, I think
the choice of tool is of little consequence.
Despite the implication in some marketing, there are no "stamps of approval"
from courts for certain products. The phrase "court validated" when
referring to forensic software is IMHO pure smoke and mirrors. It's the
EVIDENCE that's declared admissible, not a tool, and it's the EXAMINER
deemed competent and/or credible, not a tool.
If an auto mechanic testifies as an expert witness in an auto-related case,
is more weight given to his testimony because he chose a Craftsman ratchet
instead of a Snap-On? No. Weight is assigned because he convinces the court
that he knows what he's doing.
Jerry Hatchett, CCE
Evidence Technology, LLC
Computer Forensics, Forensic Video/Audio, Data Recovery
Tupelo, Mississippi, USA
www.evidencetechnology.net
