DFF › Bad Guys and Good Guys

Bad Guys and Good Guys
Monday, February 04, 2008 (01:07:03)

Posted by msve

13. 4. 2007 an interesting thread was published at "cftt@yahoogroups.com", called "defense practitioners". I forgot my web-access ID/PASS, so i am not able to copy this discussion for you (and it could be against the rights of CFTT forum, I think). Shortly - it was about the right of "bad guys" (ie. private forensic experts working for defenders) to participate at CFTT group.
It seems to me, that only some US computer forensic experts have this problem - who is the bad-guy or good-guy.

Personally me I do not understand this problem. Probably because my (and I am sure also for lot of others forensic experts) understanding of the position and mission of the forensic expert is very simple: to search for the true, no matter for what side of the court I am working. True and only the true, independent, complete, based on all my the best knowledge and clear conscience. Nothing else. And it is the problem of my client, if the true will be useful for him. Important for me is only, that I do my work well and my client will pay me for my work.
Why I am writing this now? Because the similar (identical) discussion was at HTCIA mail-list this Friday. Yes, it was also about the rules of the membership of the HTCIA, but what was unforeseen for me, that dividing between good and bad guys was made based on the side where the expert is, mostly, not based on the quality of his or her work.
I think some explanation of this phenomenon is necessary. For me and I am sure also for a lot of others. What is the real problem of bad-guys and good-guys? Why this problem is especially in US? Is this problem also somewhere else?
I am a former LE officer/expert and I know about some secretiveness of the LE community (see ENFSI, as an example) and in some rare cases it is legitimate. But why to separate LE and private experts so strong? All we have one goal - to reveal the true. And the digital forensic science is the only one science, so why to dissipate our efforts?
I see the main problem of Digital Forensics Science in extreme separation of efforts, number of (more or less) closed groups and associations, each of them is looking for it own separate position (or advantage?). Those great amount of different initiatives and groups is result of next reasons:
1. The digital forensic examination becomes a great problem and lot of us feel necessity to do something in this area
2. The digital forensic examination becomes a great and a hard business
3. Lack of the serious theoretical background of this forensic science
Those three reasons (some other reasons could be defined, I am sure) brings problems in communication, as the most important point in effective cooperation. And without mutual cooperation we will have a problem, because digital crime is extremely expansive and is one of the most dangerous type of the crimes in this days, in our "information society".

Content received from: DFF, http://dff-prague.com