Hi,
I've noticed a significant prejudice against computer forensic professionals who work for the defense. Some professional bodies will deny you admission if you have ever worked for a defendant and you may find a lot of other doors closed to you if you do this. Certain tools for example are only available to law enforcement.

I believe computer forensics to be an extension of forensic science. I also believe that justice cannot be served by making the forensic process a closed system not open to scrutiny. In science peer review is important to ensure the validity of the scientific process and it's conclusions.

Does this attitude exist, and if so does it hold back the progress of computer forensics?

Jimbob

Actually, I have seen this.  There are at least two very well know groups (that I will refrain from naming) that will not accept you into the group, or remove you from the group, if they find out you worked as an expert witness for the defense in a criminal matter.  If you talk to the group members the prevailing opinion is that when you work for the defense, almost 100% of the time you are helping them make their case by challenging the methods or ability of another forensics analyst.  If you are attacking their methods (tools, the science behind data forensics, standard approaches, etc), then you are actually attacking the entire practice of forensics which is bad for the community.  If you attack the ability of the other analyst, then this is often viewed as a personal attack against someone that was trying to catch a crook.  I don't necessarily agree with these arguments, but I hear them a lot.  With that being said, if someone screwed up the case, then they screwed up the case.  Period.  Also, if you do your own analysis and can present evidence that is valid and relevant to the case (ex. you find out that someone's system was actually hacked into and the illegal activities might not have been performed by the system owner but by the intruder) then that should absolutely be presented in court.  However, whatever your motivation might be, as soon as you sit on the other side of the isle there are just going to be repercussions.

I agree with that first part.  I guess there should have been a disclaimer.  If you are providing valid data, you are a good guy regardless of who you represent.  If you are picking apart another forensic expert you can be frowned on.  But really I think it all has to do with the situation.  If you argue on the defense about a specific practice that the other party used to prove a child porn case...punch yourself (unless it is absolutley legit and not a goofy technicality in a growing and erratic feild).  But if you work for the defense and show that it was indeed from a virus or different user...that is a different case.

There are always going to be cases where one side or the other missed something, but more often than not the defense is going to push for any shred of reasonable doubt based on concepts rather than facts.  It's become very common for the defense to latch onto any shred of malware as possible "proof" that their client did not download that 4GB of child pr0n.  I don't care how security conscious you are, you are almost guaranteed to have some artifact of malware on your system.  There were a couple of high profile cases where the defense argument was based around files that were left behind when the system anti-virus identified a malware and disabled/removed most of the affected files.  Of course it missed some which were left behind but not functional.  The defense argued that it proved the system had been compromised at some time in the past, and it created reasonable doubt because a "hacker" could have used the machine to download the pics.  None of the timestamps lined up, but of course that's because the "hacker" changed them all.  He also arranged all of the pictures into a nice, organized set of folders.  Anyway, in this case the forensics analysts produced the same data (what was on the system) but the defense was based on their version of what that data was saying.