[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: Two questions
From:       Bert Knabe <bert.knabe () lubbockonline ! com>
Date:       2008-02-26 14:55:50
Message-ID: 7401A5A5-55C0-4529-BD58-B23CE192F51C () lubbockonline ! com
[Download RAW message or body]

I apologise asking before looking. I googled "PI license computer  
forensics" right after asking for more info, and got over 100k hits.  
But any other information you may have on this subject would be much  
appreciated.

Bert Knabe
Technician
Lubbock Avalanche-Journal
806-766-2158


On Feb 25, 2008, at 1:24 PM, Jon R. Kibler wrote:

> Michael,
>
> I am NOT a lawyer and do not know the law in your area. However, I do
> know that U.S. DoJ is pushing hard to require anyone doing anything
> forensics or incident response to be a licensed PI.
>
> Please see my embedded comments...
>
> Michael Condon wrote:
> <SNIP>
>> I also need to find out if you just need certification, or just  
>> need to be a licensed PI, or both, in each of the three states.
>
> My best advice would be to contact the a lawyer or the state attorney
> general in each jurisdiction. You may also want to post a question to
> Security Focus' forensics mailing list. However, be wary of any 'legal
> opinions' you may receive.
>
> However, I can tell you that in SC, to get a PI license requires 2  
> years
> training and a year apprenticeship.
>
>> And what certification, if not CHFI, is recognized as sufficiently  
>> valid to perform this kind of investigation (perhaps CISSP/ISC2)?
>
> I have heard law enforcement openly laugh at CHFI -- and CISSP and  
> other
> non-forensics certs are useless. The certification that I see most law
> enforcement agencies require is the ISFCE/CCE -- which, as I  
> understand
> it, takes 3 years to obtain.
>
>> I've had to do internal sort of forensic work of this sort and  
>> more for former employers - it resulted in reprimand or at times  
>> termination.
>
> These days, doing such work could easily get you criminally  
> prosecuted.
> I have been given legal advice to 'do nothing that can be construed as
> forensics.' I was told that looking at someone's browser's history and
> showing management where they had been going to xxxporn.com would be
> considered doing forensics, as would using DNS query logging or  
> sniffing
> network traffic to show similar activity. It is even questionable  
> as to
> whether it is technically legal for an organization's IT staff, unless
> they have a PI license, to use IDS logs to track down compromised  
> systems,
> as that may be considered incident response.
>
> Insane mess? I agree.
>
> Jon Kibler
> -- 
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> m: 843-224-2494
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>

[prev in list] [next in list] [prev in thread] [next in thread]