Security Basics mailing list archives
RE: Law Enforcement Foresics Tools
From: Craig Wright <Craig.Wright () bdo com au>
Date: Fri, 8 Feb 2008 13:39:33 +1100
You can just as easily argue that Encase is subject to false positives as all software is. Based on evidence law, this is a silly argument. Printed log file are admitted more than occasionally. Good practice means more then tools. Regards, Dr Craig Wright (GSE-Compliance) Craig Wright Manager of Information Systems Direct : +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 http://www.bdo.com.au/ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of TVB NOC Sent: Wednesday, 6 February 2008 7:07 AM To: Mason, Samuel; gillettdavid () fhda edu; Michael Condon; security-basics () securityfocus com Subject: RE: Law Enforcement Foresics Tools Any evidence that is gathered, rather it is virtual, physical, or other, needs to follow a court approved process. An Encase Certified Investigator using Encase software can have their evidence thrown out just as quickly as someone utilizing an open source solution if a Judge or court deems the evidence was not gathered or handle properly. The only problem sometimes with open source solutions in a court room, is that someone can argue that the solution used is not certifiable and therefore can be subject to providing false positives... Just my 2 cents... Again, like Samuel stated, I am not trying to argue, just providing information based on what I have read in the past or watched on TV... -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mason, Samuel Sent: Tuesday, February 05, 2008 10:29 AM To: 'gillettdavid () fhda edu'; 'Michael Condon'; security-basics () securityfocus com Subject: RE: Law Enforcement Foresics Tools No disrespect intended (and I'm not trying to start an argument) but I think it's important to state that court systems do not approve or disapprove forensic tools. Therefore a freeware tool should be, from a court perspective, just as good as a purchased tool. What I've heard from experts (having never tried a case in court myself) is that evidence without a chain of custody, timelines, and other sound forensic practices is just as likely to be shot down from EnCase as any other tool. Again, not saying you had proposed this per se in your message but I thought I'd pass along that chestnut of wisdom from pros. Samuel Mason CISSP, GCFA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Gillett Sent: Wednesday, January 30, 2008 9:54 AM To: 'Michael Condon'; security-basics () securityfocus com Subject: RE: Law Enforcement Foresics Tools As I understand it, EnCase has sold well in that market, and evidence collected by an EnCase-certified investigator using this tool is unlikely to be challenged *on technical grounds* in court. Dave Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Condon Sent: Tuesday, January 29, 2008 8:51 PM To: security-basics () securityfocus com Subject: Law Enforcement Foresics Tools What are the primary Forensics Tools used by local, state, federal Law Enforcement? Michael Condon
Current thread:
- Re: BitStream Copy Utility, (continued)
- Re: BitStream Copy Utility Ansgar -59cobalt- Wiechers (Feb 04)
- RE: BitStream Copy Utility Murda Mcloud (Feb 05)
- Re: BitStream Copy Utility Michael Condon (Feb 05)
- Re: BitStream Copy Utility Ansgar -59cobalt- Wiechers (Feb 05)
- RE: BitStream Copy Utility Murda Mcloud (Feb 05)
- Re: BitStream Copy Utility Brian Johnson (Feb 05)
- Re: BitStream Copy Utility p1g (Feb 05)
- Re: BitStream Copy Utility Nikhil Wagholikar (Feb 07)
- RE: Law Enforcement Foresics Tools TVB NOC (Feb 05)
- RE: Law Enforcement Foresics Tools Craig Wright (Feb 08)