Jason,
** enthusiastic applause **
Unfortunately, though all of your points below are completely valid,
lawyers and judges (as a rule) don't understand the technology. So
they're going to wish to rely on some certifying body to understand it
for them and rubberstamp experts and tools. This whole thread seems to
be about what tools, people, and certs compose the appropriate collage
of rubber stamps. And yes, the unstated motivation behind it is likely
less about truth and expertise than mercenary interest.
Some of us will have no trouble defending our expertise, tools, and
thier proper use (under cross) with logic, experience, and solid
methodology. Others will likely sit there repeatedly pointing at thier
certification. Fortunately, the bar association in my state is a pretty
tight community. If someone screws up, everone will know it in short
order, and these things will sort themselves out nicely.
On Tue, 2005-06-28 at 14:51 -1000, Jason Coombs wrote:
Evidence Technology wrote:
I also agree wholeheartedly with Tobin, in that "our job is to provide
objective, accurate, scientifically sound testimony of often complex
material in a manner that can be reasonably understood by a jury, using
tools techniques and processes that we understand and can defend if
necessary." But in my experience some lawyers and even corporate clients do
put stock in certs. And I also believe we'll see judges attaching more and
more credibility to valid certs, as well.
Jerry,
Certifications do nothing to put a stop to the common practice of
spreading misinformation and misunderstanding about technology, the
Internet, information security, digital communications and software.
What we really need is public disclosure of the mistakes made by
specific computer forensic examiners.
How many times have you seen terrible analysis and completely wrong,
misleading technical testimony or expert report writing? In my
experience it happens in nearly every case.
I attempted to post a message in this discussion about specific failures
of well-known persons and the moderator rejected it.
Go forth and obtain whatever certifications you wish, but do not forget
that your mistakes tell more about what you do not understand than any
certification you ever acquire, and there are people such as myself who
will not stop calling attention to the mistakes that are being made and
the harm that those mistakes cause.
Everyone understands that nobody is perfect, that people make honest
mistakes. What nobody understands is that people who claim to have
technical knowledge and who have credentials to back up that claim often
times do not understand enough about the hidden details of the operation
of technology, despite their competency as skilled technical persons.
Too many certified forensic examiners and too many technical expert
witnesses or law enforcement professionals learn how to operate a
computer as an end user of forensic tools but fail to understand the
basics of information security.
Complete mastery of the field of information security must form the
foundation of computer forensics, or those who practice it are deaf,
dumb, and blind.
Worst of all, these certified examiners think they are doing valuable
work, when what in fact they are doing is spreading lies and
unsupportable beliefs about their own economic worth -- being paid very
well for wearing a 'forensic' seal of approval appears to cause people
to believe that their 'expertise' is worth money.
What about the pursuit of truth? What about correct technical testimony
and proper explanations to judges, juries, prosecutors, and law
enforcement as to what is really going on in the digital world? Everyone
seems to care more about getting certified and getting paid than about
putting a stop to widespread abuse of other people's ignorance and
profiteering through presumptions of competency that ignore solid
evidence to the contrary.
I don't want a judge seeing a certification and giving it weight. I want
a judge seeing through the technical flaws of supposed-experts who come
before them offering electronic 'proof' and 'digital evidence' from
computer hard drives where neither can truthfully be found.
Woefully,
Jason Coombs
jasonc@science.org
**************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or
the
sender immediately and do not disclose the contents to anyone or make copies.
** this message has been scanned for viruses, vandals and malicious content **
**************************************************************************************************
