Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Tools accepted by the courts

from [Jerry Saperstein] Network Security [Permanent Link]
Subject: RE: Tools accepted by the courts
Date: Mon, 27 Jun 2005 16:15:43 -0500 
 
        The Florida cases are distinguishable from the subject of the
discussion here.

        Breathalyzers may be dependent on software. The breathalyzer
manufacturers apparently have not released the software code to the state -
and the state probably hasn't asked for it. But, should a defendant really
push the issue, they could quite possibly subpoena the breathalyzer
manufacturers for the source code. A similar situation occurred recently
with automobile "black boxes" and was resolved in favor of the parties
requesting the black box code, subject to appropriate protective orders.

        The issue, however, is different with software used for imaging hard
drives. The principles are well know and you can produce hashes to
demonstrate that the image is an exact duplicate of the source. A claim that
one examiner found data and the other did not could be resolved by
scientific methodology: e.g., if two competent examiners can't reach the
same results (not opinions as to what the results represent), throw the
results out.

        Likewise the tool itself can be tested scientifically without the
need for source code.

        In short, the situations are very different.

Jerry

Jerry Saperstein
Computer Forensics Specialist
847-475-7645 Voice

jerry@civildiscovery.com

www.civildiscovery.com 

-----Original Message-----
From: farrell [mailto:farrell@cyberia.coldstream.ca] 
Sent: Saturday, June 25, 2005 12:06 AM
To: forensics@securityfocus.com
Subject: RE: Tools accepted by the courts 

On Fri, 24 Jun 2005, Evidence Technology wrote:


Question: Do you (or anyone else, of course) know of cases in which 
tool issues like this have actually had an impact on case outcome? I 
recently read an article about a case in which some evidence was 
challenged because the examiner worked from a forensic copy generated 
in EnCase and then couldn't testify on deep theory and EnCase 
development elements. The challenge was unsuccessful at trial as well as

the appellate level.

Could this be similar to the situation quoted here:

URL: http://tampatrib.com/floridametronews/MGBUBJ5QK9E.html

DUI Defendants Skip Charge By Asking How Test Works The Associated Press
Published: Jun 5, 2005

[cut]

"All four of Seminole County's criminal judges have been using a standard
that if a DUI defendant asks for a key piece of information about how the
machine works - its software source code, for instance - and the state
cannot provide it, the breath test is rejected, the Orlando Sentinel
reported Wednesday."

ttyl
      Farrell J. McGovern
      Coldstream Associates
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tools accepted by the courts, Evidence Technology
Next by Date:  Tools accepted by the courts, Becky Nelson
Previous by Thread:  RE: Tools accepted by the courts, farrell
Next by Thread:  RE: Tools accepted by the courts, Jerry Saperstein
Indexes:  [Date] [Thread] [Top] [All Lists]