by Sean L. Harrington
Significant legal and ethical challenges confront digital forensics
investigators, for which some may not be well prepared. Just as many
lawyers may be confounded by technology in dealing with digital
forensics matters, many digital forensics experts lack formal legal
training, and are uninformed about their special obligations in the
employ of a lawyer. These obligations include zealously guarding the
attorney-client privilege, applying the work product doctrine,
developing reports, exhibits, and testimony (that are both admissible
and understandable to a lay jury or judge), and conducting their work in
a way that does not compromise the integrity of the case or the rights,
privileges, or immunities of the retaining party.
In certain situations, such as where digital forensics examiners serve as special masters (see Fed.R.Civ.P. 53) or third-party neutrals (see Model Rules of Prof’l Conduct R. 2.4 cmt. 1), they are regarded as officers of the court.
The use of a third-party neutral has significant advantages. See, e.g., Craig Ball, Neutral Examiners,
Forensic Focus,
http://www.forensicfocus.com/index.php?name=Content&pid=346. First,
as an officer of the court, the expert is subject to the court’s
inherent powers, thereby providing an extra measure of accountability
for misconduct (e.g., confidentiality breaches). Second, a
third-party neutral is ostensibly impartial, which impartiality
presumptively aids in the fact-finding process and administration of
justice. Third, the third-party neutral is aptly situated to resolve
discovery disputes, including issues of confidentiality, relevance, and
privilege, and, if necessary, obtain court intervention or in camera review to resolve such disputes.
But if the examiner is not appointed by the court, but rather is
retained by a party to an adversarial proceeding, he or she is
nevertheless obliged to ferret out the truth...
Read more
Thursday, September 29, 2011
Thursday, September 22, 2011
Publishing articles at Forensic Focus
Forensic Focus is always keen to publish articles, papers or blog posts
of interest to the digital forensics community. Articles are published
not only online
but also included in the monthly newsletter (sent to over 12,00
subscribers) and promoted via our homepage/RSS feed, Twitter, LinkedIn
and Facebook accounts.
This is an excellent way of raising your profile or promoting your blog and items for publication are welcome from anyone working or studying in the field.
To register as an author and start publishing at Forensic Focus, please use the form at http://articles.forensicfocus.com/contact/
This is an excellent way of raising your profile or promoting your blog and items for publication are welcome from anyone working or studying in the field.
To register as an author and start publishing at Forensic Focus, please use the form at http://articles.forensicfocus.com/contact/
Monday, September 19, 2011
What is “good enough” information security?
by Simon Biles
I have, occasionally in the past, mentored people in (on?) Information Security – once for money (this is not a revenue stream that I’ve mastered by any stretch of the imagination!), but more often than not, informally and infrequently. What there is in common with most people who are keen, but still a bit wet behind the ears, is an idealistic world view where Information Security, as a totality, can be obtained. It sometimes seems a bit like kicking a puppy to have to break it to people that, irregardless of how long, how much money and how much technology you throw at something, it will still have vulnerabilities and risks. Even the proverbial “unplug it, stick it in a safe and throw away the key” is still vulnerable. I’ve seen “Oceans 11″ – I know what can happen to a safe.
The reality is what we do for a living is to make security “good enough” – we are risk managers, risk mitigators, risk avoidance and risk acceptance professionals. We know what can happen, and then we decide if spending £x on it is worth it. Where we go wrong, inevitably, is that we sometimes have absolutely no idea about the value of the asset that we are protecting. How can you determine if a countermeasure or control is appropriate if you don’t know this figure? The real problem is that very often the business has no real idea either...
Read more
I have, occasionally in the past, mentored people in (on?) Information Security – once for money (this is not a revenue stream that I’ve mastered by any stretch of the imagination!), but more often than not, informally and infrequently. What there is in common with most people who are keen, but still a bit wet behind the ears, is an idealistic world view where Information Security, as a totality, can be obtained. It sometimes seems a bit like kicking a puppy to have to break it to people that, irregardless of how long, how much money and how much technology you throw at something, it will still have vulnerabilities and risks. Even the proverbial “unplug it, stick it in a safe and throw away the key” is still vulnerable. I’ve seen “Oceans 11″ – I know what can happen to a safe.
The reality is what we do for a living is to make security “good enough” – we are risk managers, risk mitigators, risk avoidance and risk acceptance professionals. We know what can happen, and then we decide if spending £x on it is worth it. Where we go wrong, inevitably, is that we sometimes have absolutely no idea about the value of the asset that we are protecting. How can you determine if a countermeasure or control is appropriate if you don’t know this figure? The real problem is that very often the business has no real idea either...
Read more
Subscribe to:
Posts (Atom)