I don't intend to be a critic, but the reality is that I am.
Anyone holding themselves out as an expert witness in any field
should have acquired an understanding of the law regarding expert witnesses,
their role in the judicial system, the tests applied by the state and
federal courts to expert testimony and the rules of evidence.
In my opinion, this knowledge must be acquired on a first-hand
basis, not third-hand by inquiring of a mail list where the accuracy of the
responses is not known.
The answer to the question is that very tool and every expert is
open to question in every case. The courts do not accept tools. No tool,
technique, system or methodology testifies. Experts testify as to their
opinions and conclusions. Although, for example, the use of EnCase has been
challenged, it is not EnCase that was approved or accepted by the court:
rather it was the use of EnCase by a competent expert.
Competent attorneys attack the credibility of the witness, not the
tools they use. The qualified expert knows the limitations of their tools
and can testify authoritatively on those limitations. The qualified expert
can also explain why the tool they use and, more importantly, the
methodology they employed are truly probative.
It doesn't matter whether the tool is EnCase, Forensic Tool Kit,
WinHex or anything else as long as the expert's testimony cannot be proven
scientifically, technologically or factually wrong. The expert and their
competency matter; not, within reason, the tool(s) they use.
Jerry
Jerry Saperstein
Computer Forensics Specialist
847-475-7645 Voice
jerry@civildiscovery.com
www.civildiscovery.com
-----Original Message-----
From: Evidence Technology [mailto:le@evidencetechnology.net]
Sent: Friday, June 24, 2005 6:39 PM
To: Valdis.Kletnieks@vt.edu
Cc: 'Andre Protas'; forensics@securityfocus.com
Subject: RE: Tools accepted by the courts
<< VALDIS SAID: In fact, the single biggest threat to the mechanic's
testimony is if the opposing counsel introduces evidence that although
Craftsman ratchets are fine tools for their intended purpose, the mechanic
was *way* out of line because the appropriate class of tool wasn't "ratchet
wrench", but rather "plyers"... >>
Question: Do you (or anyone else, of course) know of cases in which tool
issues like this have actually had an impact on case outcome? I recently
read an article about a case in which some evidence was challenged because
the examiner worked from a forensic copy generated in EnCase and then
couldn't testify on deep theory and EnCase development elements. The
challenge was unsuccessful at trial as well as the appellate level.
Jerry Hatchett, CCE
Evidence Technology, LLC
Computer Forensics, Forensic Video/Audio, Data Recovery Tupelo, Mississippi,
USA
www.evidencetechnology.net
