Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Licensed Penetration Tester LPT

from [Craig Wright] Network Security [Permanent Link]
Subject: RE: Licensed Penetration Tester LPT
Date: Thu, 27 Apr 2006 15:34:49 +1000 

Hello,
More FUD. Statute is not the be all and end all in law. The US is a
common law country. Convention and interpreted rules change the way that
statute is read.

Lots of people try to read many things into the law to protect their own
personal interests. This is the nature of the world. There are rules of
evidence in all jurisdictions. The nature of an expert witness is to act
as a "friend of the court".

"Just the facts Mam..."
The idea is that you stick to the facts. The moment you get into opinion
is where issues may arise. Expert testimony is about fact. Not opinion.

People who call themselves Computer Forensic experts abound. Digital
forensics is a science; it needs to be treated as such. PI licenses are
not needed if you actually stick to the role you are engaged to do and
remember that.

The Georgia statute states "An attorney at law or a bona fide legal
assistant in performing his or her duties" is excluded. There are two
instances where a person (who is an expert as defined in law) may be
called:
1       Private law cases (Contracts, Property, Torts etc, ie Civil
action)
2       Criminal Law cases (cases that are punitive in nature under a
criminal inditement process).

The Georgia law is applicable to criminal law cases - and ONLY criminal
law cases.

If you are hired by the state (i.e. Police, AG etc) - you are covered
under exemption. If you are hired by the defence, you are hired by the
attorney. This means that you also become covered under the rule unless
you are ignorant of judicial requirements and start spouting opinion
without a solid factual basis.

The role of the expert again is fact. The jury makes the determination.
As an expert you have NO opinion (or at least should have no opinion).
You find and present the facts and nothing but the facts.

"The securing of evidence in the course of the private detective
business" is important. It is crucial that the preamble and case law is
read. Before mouthing off about how the law is making us all criminals,
try to understand the law.

Regards,
Craig

-----Original Message-----

Phil Frederick wrote:

This is happening now.  Georgia has pending legislation for forensic
examination of information systems.  If you aren't licensed as an
Investigator in the state, you can be charged with a felony if the law
passes.

I can't find a link, but I swear I read this a couple days ago.
Anyone have any info, or was I hallucinating :)



http://www.securityfocus.com/columnists/399/1




Liability limited by a scheme approved under Professional Standards Legislation 
in respect of matters arising within those States and Territories of Australia 
where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If 
you are not the intended recipient, you must not use or disclose the 
information. If you have received this email in error, please inform us 
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the 
email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may 
not rely on this message as advice unless it has been electronically signed by 
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a 
Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments 
due to viruses, interference, interception, corruption or unauthorised access.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: Password secured using?, Peter Kosinar
Next by Date:  Brutus, David Ball
Previous by Thread:  RE: Licensed Penetration Tester LPT, Steve Jensen
Next by Thread:  RE: Licensed Penetration Tester LPT, Frank Knobbe
Indexes:  [Date] [Thread] [Top] [All Lists]