Go Back   Technibble Forums > Other Discussions > General Chat

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 07-01-2012, 12:16 AM
nesrinamb nesrinamb is online now
 
Join Date: Jan 2011
Location: Southern California
Posts: 715
nesrinamb is on the way
Default Is their such a thing as court approved forensic software?

I was talking to a forensics guy the other day and went on and on about being certified in "encase forensic software" and how it was the one that the courts recognized.

Well is their such a thing as court "certified or recognized"?

I find it hard to believe that some open-source things wouldn't be recognized by the court since they do the same job but just don't look as pretty.

I looked at the price and one license is about $3,700 plus over $2,000 for basic training. and if you want to go for intermediate and advanced add $5,000 on top to what you already got.
Reply With Quote
  #2  
Old 07-01-2012, 12:24 AM
technibbling's Avatar
technibbling technibbling is offline
 
Join Date: Apr 2012
Posts: 79
technibbling is an unknown quantity at this point
Default

http://en.wikipedia.org/wiki/EnCase

Accreditation

In 2001, Jessica M. Bair, a former U.S. Army Criminal Investigation Command Special Agent and computer forensics examiner, created the EnCase Certified Examiner (EnCE) program with John Colbert, to certify professionals in the use of Guidance Software's EnCase computer forensics software. By 2009, over 2,100 professionals were certified in EnCase. In 2006, Bair was the technical editor for the Sybex published Official EnCE Study Guide[6].

In 2009, Bair created the EnCase Certified eDiscovery Practitioner (EnCEP) program to certify professionals in the use of Guidance Software's EnCase eDiscovery software, as well as their proficiency in eDiscovery planning, project management and best practices spanning legal hold to load file creation.

[edit]Countermeasures

Because EnCase is well known and popular with law enforcement, considerable research has been conducted into defeating it (as well as anti-computer forensics in general). The Metasploit Project produces an anti-forensics toolkit, which includes tools to prevent EnCase from finding data or from operating at all. Manual defences are possible too, for example by modifying the file system.[7]

Furthermore, because law enforcement procedures involving EnCase have to be documented and available for public scrutiny in many judicial systems, those wishing to defend themselves against its use have a considerable pool of information to study.

Copies of EnCase have been widely leaked on peer-to-peer file sharing networks, allowing full analysis of the software. Proof-of-concept code exists that can cause EnCase to crash, or even use buffer overflow exploits to run arbitrary code on the investigator's computer. It is known that EnCase is vulnerable to zip bombs, for example 42.zip.[8]
__________________
Respectfully,
Benjamin
Reply With Quote
  #3  
Old 07-01-2012, 01:34 AM
nesrinamb nesrinamb is online now
 
Join Date: Jan 2011
Location: Southern California
Posts: 715
nesrinamb is on the way
Default

I already read the wiki article. I wanted to get the opinion of the forensic guys in here and see how they dealt with it when their in court and if its really a big deal.

I had not seen the forensicfocus.com forum before, I will check that out.
Reply With Quote
  #4  
Old 07-01-2012, 07:29 PM
300DDR's Avatar
300DDR 300DDR is online now
 
Join Date: Jun 2012
Location: Los Angeles, CA
Posts: 745
300DDR will become famous soon enough
Default

I just read recently on a website for someone like encase (maybe them, maybe someone else) that no forensic software is technically "court approved."
Reply With Quote
  #5  
Old 07-02-2012, 10:07 PM
colonydata's Avatar
colonydata colonydata is offline
 
Join Date: Jun 2010
Location: Statesboro,GA
Posts: 991
colonydata is on a distinguished road
Default

Foresnic software is not approved per say as much as the procedures and methods that it implements.

that being said if you are not a certified forensic examiner, you should absolutely not be getting involved in matters of foresnic examination if there is even the slightest chance that this might end up in court. because all of the evidence you collect can eaisly be thrown out.
__________________
Quote:
"At Georgia Southern, we don't cheat. Cheating takes money, and we don't have any."-Erk Russell
Reply With Quote
  #6  
Old 07-03-2012, 03:08 PM
HFultzjr HFultzjr is offline
 
Join Date: Jul 2010
Location: Central PA, USA
Posts: 862
HFultzjr will become famous soon enough
Default

Quote:
Originally Posted by colonydata View Post
Foresnic software is not approved per say as much as the procedures and methods that it implements.

that being said if you are not a certified forensic examiner, you should absolutely not be getting involved in matters of foresnic examination if there is even the slightest chance that this might end up in court. because all of the evidence you collect can eaisly be thrown out.


Exactly my opinion.

Best left to the experts (both technical and legal).

Too many variables to screw up a case.
__________________
Harold
ACS Alternative Computer Solutions
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:00 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.