In my experience, the court really has no interest in how I did what I did.
The other expert might want to discuss it sometimes, but the court's main
interest is in what I found and what it means. They certainly don't want to
go through page after page of procedural information on top of the recovered
files. This might be just a UK (England & Wales, and Scotland - different
legal systems) perspective of course.
On a personal note, I'm concerned about the current UK CRFP proposals for
accreditation of computer examiners. The last draft mechanism that I saw
seemed to revolve around procedure with little interest in experience or
qualifications.
On Thursday 10 March 2005 00:24, Regis Cassidy wrote:
> For my thesis I will be researching how digital analysis is properly
> logged and how the evidence is presented in court. I wish to add
> extensions to Brain's Autopsy Forensic Browser so that reports are
> automatically generated. I want these reports to provide a summary (or a
> timeline so to speak) of when the investigator performed what. I also
> want the reports to provide summaries of the actual evidence discovered
> during the investigation. For example, the reports should contain
> information as to what deleted files have been recovered and provide
> detailed information about the nature of that evidence. My question is,
> what is that detailed information? I have no experience on the legal
> side of digital forensics so I am hoping all you expert witnesses out
> there may be able to help me out. How should digital evidence be
> represented in court by means of a paper report? What is being done now
> and how do you think it can be done more effectively?
>
> In theory, say you are using your digital forensics application. You
> complete your analysis and have now effectively completed you
> investigation. But now you need a way to show and explain everything you
> did and everything you discovered. You push the "generate report" button
> and the printer spits out a thick manuscript that details the whole
> entire investigation and you are done and ready to head to court. For
> the manuscript to be complete what all needs to be in it? Please respond
> with you suggestions and sources of where I may obtain more information.
>
> Thanks in advance,
> Regis Cassidy
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
|
