Friday, January 30, 2009

Friday thoughts to expand on

I've been having some interesting discussions of late. Instead of keeping these things 'close to the chest' I figured I'd throw out some thoughts and questions(some rhetorical) here. This is more of a placeholder than anything but if you have thoughts of your own please share them.

Do particular sources of artifacts speak more loudly or carry more weight when they are reviewed by the trier of fact(think lay person in a decision making role) in a case?

Do more sources of artifacts automatically mean a stronger case, or must they agree to make a stronger case? Which ones matter and which ones have a "who cares" factor?

Think preponderance of evidence.

Reasonable belief is a game that can't be played in digital forensic science due to the circumstantial nature of digital evidence as it pertains to intrusions. It's like working a murder case with no body and no weapon. A clinical approach is required and a clinical approach requires criteria yet there has been no established criteria in any state.

If given SYSTEM or root level privileges on a computer, could you, with your knowledge set, defeat your own ability to accurately analyze that same system?

Does Access equal Acquired? Acquired is what the law looks for.

With operating systems and applications being as over-engineered as they currently are, is there any possibility of anyone being able to show cause and effect?

0 comments: