-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike, I respectfully disagree with you on these 2 points: > ... the purpose is to make use of a tool which does only one > job and is so transparently simple that it can be accepted by > non-technical people in court as valid for legal purposes. After > all this *is* > forensics! There really is no requirement for a forensic tool to be "transparently simple". Ghost, SafeBack, EnCase, Maresware, The Forensics Tool Kit, The Coroner's ToolKit, etc, are far from simple. The folks at Guidance Software have published that EnCase has over 300,000 lines of source code. But all these tools, when used properly by someone who understands to some level of detail what the tools are doing can be used to get evidence into court. > No way could you defend a complex system like Linux on this basis, > particularly taking into account the way is has been developed. Linux is just an operating system. From one perspective it is no different than any other operating system: it gives users access to resources to get a job done. Of course it is vastly different from a number of other perspectives, but if a user knows how to leverage the built in tools of the operating system, they can forgo buying many of the commercial forensic tools available. Linux is a powerful forensic platform. It is really a matter of training, knowledge, skills and experience. And those same qualities are what qualify an individual to testify in court as an expert. The real issues are knowing your tools, knowing what they can and what they can't do, testing them to validate their functionality and using them properly to conduct you work. The court's will not argue about that and will not impose upon the forensic examiner that any particular tool must or should be used. Respectfully, James ********************************************* James O. Holley Advanced Research Projects Team Fiderus Strategic Security & Privacy Services (w) 703.684.3140 (p) 888.620.5275 jholleyat_private or 6205275at_private Emergency 24 hour response: 1-877-595-8491 ********************************************* -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.2 iQA/AwUBOztAHavnU17EydfvEQKExQCfQ8sTm/rGiKOre138qtpcxnxL/DwAn0Oz MTsoPFqqOyk1+BATtbX6IHLe =HK5Z -----END PGP SIGNATURE----- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 16:45:47 PDT