One more post on Open Source Tools and DF in court.

Leave a reply

Email from the professor this morning (Emphasis added by professor):

We also had some discussion regarding tool acceptance in court.  I wanted to provide some additional detail on this.  Remember its the testimony of the witness that is being accepted.  *Disclaimer I am not an attorney* Rule 702 of the Federal Rules of Evidence (FRE) say the following:

Rule 702. A witness who is qualified as an expert by knowledge, skill, experience, training, or education may testify in the form of an opinion or otherwise if:

(a) the expert’s scientific, technical, or other specialized knowledge will help the trier of fact to understand the evidence or to determine a fact in issue;

(b) the testimony is based on sufficient facts or data;

(c) the testimony is the product of reliable principles and methods; and

(d) the expert has reliably applied the principles and methods to the facts of the case.

END RULE 702

While several FRE rules discuss acceptance of evidence (Rules 401-404) and testimony( Article VI  and Article VII) 702 explains much. …  Michigan’s Rules of Evidence follows the FRE closely.

a little less confused now.

Leave a reply

So, I went and looked things up on my own, in regards to my last post about being a little confused on Digital Forensics and Open Source Tools. Like usual, Google is your friend.

The search term I used was: “digital forensics open source tools court approved”, without the quotes. Which returned this page: https://www.google.com/search?q=digital+forensics+open+source+tools+court+approved

I think the best line out of everything I read was:

Saying that one tool is court approved and another is not, is like saying you can take crime scene photos with a Nikon, but not a Kodak. It’s just silly, and it’s a myth perpetuated by those who seek to benefit from the existence of such a rumor.

The Digital Standard
That really does make sense. When you think about it, it is the person on the stand and their testimony that is being checked. Yes, methodology and procedure go with the testimony but why would one tool matter, as long as it gets the same results as the expert from the other side. Does it have to have all the fancy bells and whistles, or does it just have to get the job done?

One thing that has bothered me about the “No open source tools” argument is that DD for raw disk copies is acceptable. Most of the other tools doe the same work and then add compression or other bells and whistles, but really are based off it. So why is it O.K. to use some of the tools but not all.

A little confused about Digital Forensics and the tools to use

Leave a reply

So I took Digital Forensics 1 at Eastern. The professor that taught the class owns his own forensics business. One of the things the professor kept repeating through out the semester: “You can’t use Open Source Tools for Forensics, it won’t stand up in court”. “You have to use Court approved tools, tools that the court has accepted in previous trials”.

Tonight, we started Digital Forensics 2. It’s a different professor. This one does Digital Forensics for a living as well for the Department of Justice. He said that you can use Open Source tools for Forensics, does so regularly, and testifies in court for it. This professor said there are no such thing as court approved tools, even though that Encase claims otherwise in their marketing material.

So I’m confused. Can you or can you not use Open Source tools Digital Forensics? I know there are books on the subject like Digital Forensics with Open Source Tools by Cory Altheid, but don’t know how it’s viewed over all when using Open Source tools.

It’s really not hard to search the internet

Leave a reply

Looking at twitter the other day, I’m left wondering whatever happened to people working for news agencies doing research, has researching things you see died?

A tweet came out:

Winter gales on Lake Michigan have encased the St. Joseph Lighthouse in a thick coating of ice (c. John McCormick): pic.twitter.com/PaxuxEhpqS

Embedded image permalink
c. John McCormick – http://www.michigannutphotography.com

Now, that’s an awesome looking photo. To me the ice looks a little like butter cream frosting, so I went and did a little checking, to see if it’s real. It was, and the checking took me all of 10 seconds to find a large image. Un-edited so it still contained it’s exif data. I used the reverse image search tool for Chrome. The exif data for the original photo is from Jan 23, 2013

Back to the tweet however. If you notice, in the tweet the Scott Meiklejoh said it wasn’t his photo, and gave credit to the original artist. Yet the first response to the tweet in the timeline is:

Anthony Morrison ‏@THETonyMorrison3 Jan

@ScottyTWN this is crazy!! Can we use this photo on CNN?? Tweet me!!

Looking at Mr. Morrison’s information he does work at CNN as a photographer. So you would think he’d actually be diligent enough to make sure he was asking the right person for permission to use a photo. I’m not trying to shame or insult Mr. Morrison, I’m just surprised at the instant request for usage without digging any.

So the question is, what ever happened to people researching things and doing a little leg work?

Welcome to my new blog

Leave a reply

I’ve wanted to create this blog for a while, but never seemed to find the time to set it up the way I wanted it. If you’ve seen me around you know that I had chrisrattis.blogspot.org, and I have www.ratsandrogues.com. The first one was ok, but I wanted more control over the site. The second one is for the Podcast I started with Infosec Rogue, and had MWJComputing join recently.

About Me:

I work full time, currently doing Network security audits for application design, designed a point of presence for working with business partners, firewall rule design, and maintaining a web based terminal emulator.

I started my Cybersecurity / Information Security / IT career in doing physical work, changing locks, running cables, building POPs and Data Centers, and then moved in to Network Operation Centers, and System Administration.

I’ve worked in Networking Service, Telecommunication, Automotive, Publishing, and Infrastructure as a Service.

I’m a senior at Eastern Michigan working on my degree in Applied Information Assurance. My classes have included Intelligence Analysis, Cyber Crime Investigations, Cyber Law, Digital Forensics, and Foreign and Domestic Terrorism and Information Warfare

I run the Ann Arbor chapter of TOOOL

I hold the following licences, certifications, certificates and degrees:

  • Associate of Applied Science, Computer Information Systems
  • Associate in General Studies focus on Anthropology
  • Security+
  • Offensive Security Wireless Professional
  • New Mexico Tech Energetic Materials Research and Testing Center – Incident Response to Terrorist Bombings program – Awareness Level
  • Eastern Michigan University Center for Regional and National Security – Incident Response to Weapons of Mass Destruction
  • Technician class Amateur Licenses

I also podcast, teach lock picking, and speak at conferences.