.

Computer Forensics Faces Private Eye Competition

<<

don

User avatar

Administrator
Administrator

Posts: 4257

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jan 04, 2008 11:53 pm

Computer Forensics Faces Private Eye Competition

Interesting article from Deb Radcliff of Baseline Magazine about the fight over the digital forensics field with current PIs.

Who has the right to probe digital crime? That very question may be the next battleground between the flatfooted private detective of old and the new-age computer sleuth.

The Internet is boundless and cybercrime scenes stretch from personal desktops across the fiber networks that circle the globe. Digital forensic investigators like Harold Phipps, vice president of industry relations at Norcross Group in Norcross, Ga., routinely slip across conventional geographic jurisdictions in pursuit of digital evidence and wrongdoers.
Lawmakers across the Savannah River in Columbia, S.C., have different ideas, however. Under pending legislation in South Carolina, digital forensic evidence gathered for use in a court in that state must be collected by a person with a PI license or through a PI licensed agency.

If the law passes, the highly specialized task of probing deep into computer hard drives, network and server logs for telltale signs of hacking and data theft would land in the hands of the same people who advertise in the Yellow Pages for surveillance on cheating spouses, workers' compensation fraud and missing persons. Otherwise, digital evidence collected by unlicensed practitioners could be excluded from criminal and civil court cases. Worse yet, those caught practicing without a license could face criminal prosecution.

"It's an ambush," says Phipps, a 31-year FBI veteran now with Norcross Group, a digital e-discovery business. "Under the South Carolina statute, only a handful of licensed PIs across that state have the years of information system and tools experience needed to do true digital forensics with repeatable processes of documentation and chain of custody. This is the only group that stands to gain."

South Carolina isn't alone in considering regulating digital forensics and restricting the practice to licensed PIs. Georgia, New York, Nevada, North Carolina, Texas, Virginia and Washington are some of the states going after digital forensic experts operating in their states without a PI license.

Tools and training for digital forensics have existed for years, but the process of forensics remains a relative unknown art among the information security profession. It's a growing field, though, given the ever-increasing amount of cybercrime, identity theft, data leakage and regulatory landscape around data protection. Digital forensic specialists perform critical tasks ranging from identifying sources of data compromises and holes in security infrastructure, to collecting evidence for employee disciplinary actions, to testifying in criminal prosecutions.

With much of today's evidence lingering on computers and handhelds, PIs see this is as a lucrative field to pursue, even if they lack the requisite experience, contend digital forensic experts like John Mellon, founder of the International Society of Forensic Computer Examiners (ISFCE) based in Brentwood, Tenn. IT professionals also feel that putting forensics into the hands of what are mostly inexperienced, one-off divorce and surveillance PIs will ultimately bring the evolving, highly specialized field to its knees.

All but six states have PI licensing laws on the books, according to Jimmie Mesis, publisher of PI Magazine, 32 of which could be interpreted to include digital forensic investigators. While their languages differ, these licensing laws essentially consider a PI to be anybody engaging in the business of securing evidence to be used in criminal or civil proceedings.

"In April [2007], the state attorney general opined that even if you never set foot in South Carolina, if you're collecting evidence to be used in court here, you still need a South Carolina [PI] license," says Steve Abrams, a licensed independent PI and computer forensic examiner based in Sullivans Island, S.C. "Licensing authorities in New York, Pennsylvania, Texas and Oregon have opined the same way."

As one of eight permanent members of the South Carolina Law Enforcement Division Private Investigations Business Advisory Committee, Abrams is a key promoter and developer of the South Carolina PI licensing legislation. He is also one of a handful of state professionals Phipps refers to who can successfully dovetail digital and conventional PI skills into a single business. In addition to legal and computer programming background, Abrams has PI licenses in South Carolina and New York, and he's looking into getting a license in Utah.

The state PI measures are not meant to be punitive against ethical, skilled forensic professionals working on behalf of their corporations, Abrams contends. Rather, they are being established to protect and preserve the integrity of evidence.

Abrams' concerns about digital evidence integrity are not unfounded.

Defense attorneys have used lapses in the chain of custody of evidence, poorly documented evidence collection techniques and lack of credibility of forensic investigators as means to have evidence thrown out of court cases. Conversely, computer security specialists have quietly complained that prosecutors and government investigators—particularly the FBI—rely heavily on the naivety of defendants and their attorneys in computer-related cases. In some cases, an attorney doesn't know enough to challenge the validity of digital evidence presented by the state.

"The problems in South Carolina occur when folks from national [law] firms come into South Carolina, seize digital evidence, have that evidence analyzed in a lab in some other state, and then send it back to South Carolina for litigation," Abrams says. "The state has no mechanism to hold them accountable if they screw up, which I see all the time in cases."


For complete story:
http://www.baselinemag.com/article2/0,1 ... 720,00.asp

Don
CISSP, MCSE, CSTA, Security+ SME
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 237

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Jan 07, 2008 4:53 pm

Re: Computer Forensics Faces Private Eye Competition

I fail to see how having a PI license makes evidence any more secure. Its basically the states grasping at straws to regulate computer forensics. I'm sorry but what about all the questionable material gathered from machines from regular uncertified pc repair techs, is that now considered inadmissable? I think this is better left for individual juries to decide whether or not the case is sound versus some lobbyist for the PI licensing board.
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Mon Jan 07, 2008 5:30 pm

Re: Computer Forensics Faces Private Eye Competition

I would have to totally agree with you oleDB.  If this was the case currently, an earlier case this year where I was asked to recover deleted files, and document what was recovered would have been for naught.  And said computer's operator would still be working for us, or have been able to fight against the canning. 

I think you nailed it right there, with law makers kissing up to PI licensing board lobbyists.  If they make it require a PI license nation wide... there will be a very very minute number of PI's making a cr4p load of money.... since few of them I've come accross would be a computer forensics expert.  And those that are would be in very high demand with the migration of a lot of data from hardcopy to electronic.
"Bad.. Good?  I'm the guy with the gun"

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software