Cybersecurity

QUESTION # 1 Confusion over terminology

Give an example of terminology that could be confusing between a digital forensic expert, a lawyer, judge, and potential jurors. In your opinion, how could this potential issue be reduced? Can we ever eliminate this issue?

The most common confusing terminology is forensics. This terminology means a location or public place used for any form of judicial purposes. Currently, forensics is used in relation to law meaning scientific tests used to detect crime. Additionally, digital forensic experts used the term to refer to the process of logging, gathering and auditing data in a post hoc investigation. accordign to UMUC, (2011), this potential issue cannot be eliminated by can only reduced by making each party understand the legal goals and the actual terminologies. Additionally, forensic experts should try to report in a way that the nonprofessional can understand. It is important to run courses for the lawyers and other legal personnel with the aim of teaching them the modern forensic computer terminologies as well as methodologies (Lindqvist, Porras, 2011)In fact, it is important for computer forensic experts, their lawyers, judges as well as any forensic practitioner top build a complete model of forensics that actually takes into consideration the legal details while dealing with scientifically valid forensic analysis

Question#2 Presenting digital evidence Why is testifying and/or writing a report such a critical part of the computer forensics experts job? In your opinion, which one is more important — testifying or writing a report?

Computer forensic experts consider presenting digital evidence a very important part of their work because it is their goals to convince the public about their processes, outcomes, and decision before any verdict is passed. They have a duty to establish what they are looking for and communicate or articulate their research and decision before a court. In my opinion, testifying is more important as it allows for cross examination of evidences and explanation of terminologies in a court in a way that everyone can understand irrespective of their education background, or social standing. They have to provide defensible solution and decision to specific court cases. By testifying, the computer forensic expert provides evidences that are measureable and verifiable in an accurate manner such that all and sundry can be convinced. Because of their duty to ensure that the evidences educed in any legal proceeding or a court context are correctly integrated as well as understood by all including the judge and jury. It is important to note that both testifying and reporting are equally important, but the bottom-line is to convince all and sundry and this makes testifying much more important (UMUC, 2011). If it’s not in the report, it didn’t happen, but one has to testify the to the veracity of the report (Schneier, &, Kelsey, 1999).

Reference

B. Schneier, &, J. Kelsey, (1999). Secure Audit Logs to Support Computer Forensics. ACM Transactions on Information and System Security (TISSEC), 2(2):159{176).

U. Lindqvist U, &, A. Porras, (2011). eXpert-BSM: A Host-Based Intrusion Detection System for Sun Solaris. In Proceedings of the 17th Annual Computer Secrity Applications Conference (ACSAC), pages 240{251. IEEE Computer Society, December 10.

UMUC (2011). CSEC 650 Module 4: Cybercrime Investigation and Digital Forensics
CSEC650. Acquisition and Analysis. March 5, 2014, from UMUC Cybercrime Investigation and Digital Forensics: http://tychousa11.umuc.edu

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s