Remember that "forensics" is defined through the use of forensics. Establishmentarians like to build big walls around the subject and ensure there is a high barrier to entry with requirements for certifications, formal education and training, and so forth... But the fact is, and always will remain, that forensics is expert rhetoric meant to convince others of a particular viewpoint. Any forensic expert who believes with absolute certainty that their methods and procedures cannot be fooled is a danger to everyone in society because they are delusional. Sometimes the rhetoric is backed up by empirical evidence, so we can write and read books about how to gather and analyze this evidence empirically so as not to contaminate it or misinterpret it, but in the end you cannot escape the fact that any person and any method that proves to be more convincing becomes the standard of practice in forensics. Thus any claim of the "right" way to do something is valid only until somebody else comes up with a different way to do something and a convincing explanation as to why it too is "right" or perhaps even "better". Remember also that many, many established forensic experts reject the very existence of "computer forensics"; pointing out (accurately) that this is nothing more than a sub-specialty area within the catch-all "forensic engineering" field, where engineers (rather than scientists) who ply a trade with expert technical knowledge of methods and procedures can offer valuable testimony in a court setting without being scientists or being bothered to adhere to lofty principles like the scientific method, the pursuit of truth and justice, and simple ethics. Sincerely, Jason Coombs jasoncat_private -----Original Message----- From: Kruse, Warren G, II (Warren) [mailto:wgkruseat_private] Sent: Monday, May 05, 2003 8:23 AM To: 'Matías Bevilacqua-Brechbühler Trabado'; 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensicsat_private Subject: RE: Computer Forensics Very true, that plus the technology changes so fast. We fought that problem for two years when we were writing our computer forensics book. You don't want it to be outdated before it hits the shelves. -wk Warren G. Kruse II, CISSP, CFCE Investigations Manager Lucent Technologies 732-949-8713 wgkruseat_private -----Original Message----- From: Matías Bevilacqua-Brechbühler Trabado [mailto:mbevilacquaat_private] Sent: Sunday, May 04, 2003 2:45 PM To: 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensicsat_private Subject: RE: Computer Forensics > > Will it be only technical procedures or will it integrate > some kind of > > process like "In case of a crisis situation" process ? > > This is the heart of what annoys me about computer forensics > books. They are excellent resources for methodology and > procedure but are void of most any hands-on technical > information. It would be very nice to have a reference of > hands-on technical information to consult when performing > different types of forensics scenarios. This is because Computer Forensics depends so much on methodology and procedures. Both are critical for a successful Forensic process. I will be taking this into consideration when creating the survey I talked about, let's see what the rest of the community thinks about it. Regards, Matías Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4º-2ª 08007 Barcelona-SPAIN Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 06 2003 - 06:00:48 PDT