RE: Initial Machine login - Computer Forensics 101
- From: Craig Wright <Craig.Wright@xxxxxxxxxx>
- Date: Fri, 8 Feb 2008 13:41:38 +1100
The issue that is always missed with the PI debate is that it is not that a PI license is required; it is that a license is required. In Texas for instance the issue of PI Law for Digital Forensics in Tx is that people read the code in isolation. Chapter 1702, Private Security, of the Texas Occupations Code does not state that everyone needs to have a PI license to engage in forensics. It has exclusions.
§1702.324. CERTAIN OCCUPATIONS states:
"(b) This chapter does not apply to: ...(6) a licensed engineer practicing engineering or directly supervising engineering practice under Chapter 1001, including forensic analysis, burglar alarm system engineering, and necessary data collection;...
(9) an attorney while engaged in the practice of law;
(10) a person who obtains a document for use in litigation under an authorization or subpoena issued for a written or oral deposition; ...
(12) a person who on the person's own property or on property owned or managed by the person's employer:
...
(14) a person or firm licensed as an accountant or accounting firm under Chapter 901, an owner of an accounting firm, or an employee of an accountant or accounting firm while performing services regulated under Chapter 901;"
"Chapter 901 - Accountants", of Texas Occupations Code covers CPA's in the US. Additionally, there is the exclusion for a "person who obtains a document for use in litigation under an authorization or subpoena issued for a written or oral deposition;" which may be extrapolated to include CCE's and other that are operating under court orders.
Next, if you are working under the instruction of "an attorney while engaged in the practice of law", you are also excluded from this code. Many of us will be covered under one or more of these provisions and thus not need to be a PI. The license requirements to be an Engineer are far more stringent then those for a PI, so the subject is where the easiest path lies.
I am not stating that you do not need to be licensed at all, but that you do not need to be a PI. A private investigator is not the ONLY licensed person able to do forensic work. A licensed Accountant, a licensed Engineer and many other professions all suffice. These occupations are explicitly excluded from chapter 1702 of the Tx occupations code and similar provisions exist in Sth Carolina as well.
This is also not stating that the states can not license forensic collections, just that this does not mean that it is restricted to only PI's. It includes ALL the occupations deemed acceptable. As an engineer, doing work for an accounting firm in the course of an engagement for a law firm I would have no issues at all not having a PI license. In fact, given a choice, I would (if I was not already one) become an engineer BEFORE thinking of being a PI.
http://www.txdps.state.tx.us/psb/docs/OccChpt1702.pdf
Regards,
Craig Wright (GSE-Compliance)
Craig Wright
Manager of Information Systems
Direct : +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914
BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
http://www.bdo.com.au/
Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.
The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system.
Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator@xxxxxxxxxxx
BDO Kendalls is a national association of separate partnerships and entities.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Steven Bonici
Sent: Thursday, 7 February 2008 12:27 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Initial Machine login - Computer Forensics 101
--PI Licensing required for computer forensics in court Groklaw blog:
the ante is increasing on the credentials required for digital evidence
submitted in courts.
http://www.groklaw.net/article.php?story=2008013014235863
Possibly related case: Another odd example... Last week, an expert
witness was excluded due to a challenge saying an individual who
graduated college with a biochemistry major does not have enough
expertise to be a computer forensic expert despite having experience and
certifications.
http://ridethelightning.senseient.com/2008/01/when-logic-and.html
[Guest Editor (Robert Lee - SANS Forensics instructor and track lead):
Many forensic analysts/experts who testify or examine evidence may not
be licensed PIs, and, as a result motions to dismiss the testimony or
the analysis will be filed in the court. It will be up to counsel to
have a persuasive argument to counter the motion and up to the judge to
make fair decisions based on the arguments presented. Even in Texas and
South Carolina where state opinions are surfacing on the PI question, it
is still ultimately up to the judge in each case to allow the evidence
or the analysis to be included in the proceedings. I think logic will
eventually win here, but I'm glad to see it brought up in court so more
people can discuss it. Buckle your seatbelts; expect many more such
cases to keep popping up.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Murda Mcloud
Sent: Monday, February 04, 2008 11:10 PM
To: 'Michael Condon'; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Initial Machine login - Computer Forensics 101
Hi Michael,
Sorry, I forgot to give a link
http://www.e-fense.com/helix/
or F.I.R.E
http://fire.dmzs.com/
You can go for knoppix-std too.
http://www.knoppix-std.org/
The closest thing I've come to from a windows standpoint is (not the
same as the others in functionality) http://www.nu2.nu/pebuilder/
There may be others.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Michael Condon
Sent: Tuesday, February 05, 2008 2:13 AM
To: Worrell, Brian; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Initial Machine login - Computer Forensics 101
Well understood. That brings up another subject - is there freeware or a
documented procedure for making a bootable CD?
Michael Condon
----- Original Message -----
From: "Worrell, Brian" <BWorrell@xxxxxxxxxxx>
To: "Michael Condon" <mjc001@xxxxxxxx>;
<security-basics@xxxxxxxxxxxxxxxxx>
Sent: Monday, February 04, 2008 10:06 AM
Subject: RE: Initial Machine login - Computer Forensics 101
Michael,
Quick sidebar, I recall reading a post about this before on another
list. If you are being paid to do this, you need to make sure its all
above board as in some states this can be consider illegal. Do not
recall the exact issue, but part of the outcome was that you needed to
have very clear, signed, documentation on what you were asked to do.
Think the case the article was referring too was in California.
That said, I would make a copy of the drive, and not alter the original
in any way. This helps keep the evidence chain.
Brian
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Michael Condon
Sent: Saturday, February 02, 2008 11:15 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Initial Machine login - Computer Forensics 101
Here is a Computer Forensics 101 question.
Suppose a distraught woman comes to me with her husband's laptop and
wants me to search it for information about a suspected marital
indescretion.
1. Assuming it is an XP/Vista machine, how can I log in as
administrator?
2. Is the second approach to make a bistream copy of the hard drive
using an external USB har drive enclosure and proceed that way?
- References:
- Initial Machine login - Computer Forensics 101
- From: Michael Condon
- RE: Initial Machine login - Computer Forensics 101
- From: Worrell, Brian
- Re: Initial Machine login - Computer Forensics 101
- From: Michael Condon
- RE: Initial Machine login - Computer Forensics 101
- From: Murda Mcloud
- RE: Initial Machine login - Computer Forensics 101
- From: Steven Bonici
- Initial Machine login - Computer Forensics 101
- Prev by Date: RE: Legal cases on information security breaches
- Next by Date: RE: Microsoft IPSec via group policy
- Previous by thread: RE: Initial Machine login - Computer Forensics 101
- Next by thread: Re: Initial Machine login - Computer Forensics 101
- Index(es):
Relevant Pages
|
