Security Basics mailing list archives
Re: PI to do Forensics? WAS: Re: Two questions
From: "Jon R. Kibler" <Jon.Kibler () aset com>
Date: Tue, 26 Feb 2008 16:48:52 -0500
Okay, I AM NOT A LAWYER, but... I just found time to break down and read the SC PI statute. It says that you must be a PI to "... to obtain or furnish information with reference to the: identity, habits, conduct, business, occupation, honesty, integrity, credibility, knowledge, trustworthiness, efficiency, loyalty, activity, movement, whereabouts, affiliations, associations, transactions, acts, reputation, or character of a person; (or) ... securing of evidence to be used in a criminal or civil proceeding, or before a board, an administrative agency, an officer, or investigating committee..." Computer forensics is not explicitly mentioned, but I would think that the 'securing of evidence' probably includes that too. What worries me is that IDSes, network monitoring, maybe even log capture and analysis could fall into that category. I am not a lawyer. However, I can see where it could be twisted such that if I worked for a company, and I got caught violating company policy through someone in IT looking for evidence of a policy violation, and that person was a PI, they either could not use that evidence to punish me, of if they did and I was to turn around a sue them, that evidence could not be used in court. You can check your own state's laws at: http://www.law.cornell.edu/states/listing.html IMHO, if you are doing incident response or computer/network forensics -- including intrusion detection -- you should get legal advice! Jon -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 m: 843-224-2494 ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Current thread:
- Two questions Michael Condon (Feb 22)
- Message not available
- Re: Two questions Michael Condon (Feb 25)
- Re: Two questions Jon R. Kibler (Feb 25)
- Re: Two questions Bert Knabe (Feb 26)
- Re: Two questions Bert Knabe (Feb 26)
- PI to do Forensics? WAS: Re: Two questions Jon R. Kibler (Feb 26)
- Re: PI to do Forensics? WAS: Re: Two questions Adam Pal (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- Re: PI to do Forensics? WAS: Re: Two questions Jon R. Kibler (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- Re: PI to do Forensics? WAS: Re: Two questions Jon R. Kibler (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Scott Moulton (Feb 26)
- RE: PI to do Forensics? WAS: Re: Two questions Craig Wright (Feb 27)
- Re: Two questions Michael Condon (Feb 25)
- RE: PI to do Forensics? WAS: Re: Two questions Craig Wright (Feb 27)
- Message not available