Re: PI to do Forensics? WAS: Re: Two questions

["Jon R. Kibler" <Jon.Kibler () aset com>]

Okay,

I AM NOT A LAWYER, but...

I just found time to break down and read the SC PI statute.

It says that you must be a PI to "... to obtain or furnish
information with reference to the: identity, habits, conduct,
business, occupation, honesty, integrity, credibility, knowledge,
trustworthiness, efficiency, loyalty, activity, movement,
whereabouts, affiliations, associations, transactions, acts,
reputation, or character of a person; (or) ... securing of evidence
to be used in a criminal or civil proceeding, or before a board, an
administrative agency, an officer, or investigating committee..."

Computer forensics is not explicitly mentioned, but I would think
that the 'securing of evidence' probably includes that too. What
worries me is that IDSes, network monitoring, maybe even log
capture and analysis could fall into that category.

I am not a lawyer. However, I can see where it could be twisted
such that if I worked for a company, and I got caught violating
company policy through someone in IT looking for evidence of a
policy violation, and that person was a PI, they either could
not use that evidence to punish me, of if they did and I was to
turn around a sue them, that evidence could not be used in court.

You can check your own state's laws at:
        http://www.law.cornell.edu/states/listing.html

IMHO, if you are doing incident response or computer/network
forensics -- including intrusion detection -- you should get
legal advice!

Jon
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
m: 843-224-2494




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.