The Judge doesn't have to order you can look at it, you look at it in the confines of the various Alphabet agencies through the normal course of discovery. The only issues involved is coordination of schedules between the examiner and the agency.
And, there is no Judges order which you can get (signed, stamped, etc) anymore which will CYA at all if you have it on your computer outside of a RCFL, FBI, SS, USA office. I've stopped even bringing in a machine to Govt offices, they are usually equipped enough to set it up like I like it.
To Mike,
I agree with your first sentence 100%, the rest, well see below.
There have been cases where the judge was readying to sign the order only to be reminded that it's not a good idea and provided a cite, the Judge (or Magistrate) still believing that it would be ok as long as no parties had an issue with the other. IMHO the AUSA was frothing at the mouth waiting for the defense to cart out that material and make case law for himself.
If a judge orders that the defense can examine the evidence (CP or otherwise), then it's legal to do so…the manner in how that is done may or may not be detailed, such as no limits or limited to examine in the confines of a LE agency. Now if there is no such order, then a whole new world of issues arise, such as possessing and duplicating CP with imaging, copying files, and so forth. I'd never advise touching that stuff without a clearly detailed and signed order by a JUDGE; not from a lawyer, not a supervisor telling me that I can. I'd have to see the order and signature.
Hey David,
That's a real gray area, depending on the attorney, AUSA, prosecutor, Judge, you ask you will get several different answers.
At the very least something seems shady and the OP has not come back to clarify things.
P.S. Welcome back me, well thank you me, welcome back you, well thanks you.
Back after a bit of a layoff, bad health problem, should be close to good over the next year or so.
Greetings,
Is there a legal requirement to report this? It appears a felony may have been committed.
-David
Personally, I feel that the intent was to prevent the defendant himself or his lawyers from duplicating the CP and that is the premise that my agency operates under. The USDOJ seems to agree.
http//
I've seen it done on more than one occasion in more than one court. And this is one of the reasons I'd not ever do CP cases in the private sector, no consistency on what can/should be done and what is/should not be done.
That statement makes no sense to me.
If you do the work at the government office and use their equipment you have no issues.
When I started out over 11 years ago the game was different, even with the new laws the only things that I ever have an issue on is I do not want anyone other than myself and our counsel to be in the room as to not compromise the defense of the case. There have been several instances of agents standing over your shoulder and making notes calling others into the room etc. but when you explain to the Judge that you can't mount a reliable defense when the other side knows everything you are finding, taking any mistakes which may have been made and they then have those brought to their attention to give them time to figure out explanations or correct, you usually get the help you need.
If anyone needs the help of a skilled examiner like you, it's CP people. The world has given up on them, they are fighting for their life and frequently they get unskilled examiners on their cases because no one else wants to take those types of cases and an unskilled noob is all that's left or an unskilled veteran who refuses to change ways and methods. Work on one sometime and actually get a client who is innocent and I think you might change your feeling.
I've seen it done on more than one occasion in more than one court. And this is one of the reasons I'd not ever do CP cases in the private sector, no consistency on what can/should be done and what is/should not be done.
Nothing against working any type of forensic case, due process is a key element of our system. However, being able to choose (accept or reject) specific types of cases and even specific cases is a benefit to enjoy in this field. An intrusion case or stolen IP case can be just as fulfilling as getting to the truth of the matter in a CP case (whichever way it turns out).
My earlier comment only referred to inconsistencies in the manner that in different states and various court levels handle CP evidence and that anyone that touches or views it needs to have some legal authority to do so. If a judge orders that CP be handed over to non-LE for examination and LE refuses to do so, then I'd hate to be in that position of not complying with a court order.
I understand and appreciate your right to work the types of cases you want to work.
I was Just adding that the feeling of helping someone wrongfully charged, even if 1/1000 is great.
Nothing against working any type of forensic case, due process is a key element of our system. However, being able to choose (accept or reject) specific types of cases and even specific cases is a benefit to enjoy in this field. An intrusion case or stolen IP case can be just as fulfilling as getting to the truth of the matter in a CP case (whichever way it turns out).
My earlier comment only referred to inconsistencies in the manner that in different states and various court levels handle CP evidence and that anyone that touches or views it needs to have some legal authority to do so. If a judge orders that CP be handed over to non-LE for examination and LE refuses to do so, then I'd hate to be in that position of not complying with a court order.
If a judge orders that CP be handed over to non-LE for examination and LE refuses to do so, then I'd hate to be in that position of not complying with a court order.
The Judge may order production, however when quietly reminded of the current laws the orders are modified so that the defense team has access via whatever LE is handling the investigation.
I would be surprised to hear of any Judge ordering what amounts to distribution.
First off, to answer your question (to often members on the list get stuck on whether someone should ask that or not - to me, if the knowledge is benign, as in this case - then let's give the info as well as our opinion about why or why not.
So - in the end - you don't really give enough info.
By using the term KFF it sounds like you are using FTK?
Yes, they should be known hashes of CP if it is a CP KFF. But keep in mind that sometimes hashes get into the database that really shouldn't be there. So those alerts could be false positives. For instance, I love the Master Hacker Internet Terrorism alerts the the default FTK KFF - I haven;t seen a valid one yet. You only really know if the KFF is entirely valid if you made it. Otherwise, you need to validate the entries
What we need - what software are you using, what is the name of the KFF and where did you get it? How do you know it is a CP KFF?
As for other comments
I work at a combo (Fed/State/Local/Military) forensic lab.
I have an identical rule as was posted earlier; in that CP review by the defense must be done onsite in my lab.
bshavers wrote
If a judge orders that CP be handed over to non-LE for examination and LE refuses to do so, then I'd hate to be in that position of not complying with a court order.
The judge may order that the CP is handed over, but our lab rules (given to us by the DOJ directly) will only allow the CP to be viewed by defence counsel and defence FE onsite. If we were to allow them to walk out with it, they could be arrested for possession.
DOJ takes Adam Walsh act seriously.
In this case, if he posted his name or company, I would report a lead to the local ICAC task force to follow up that case and find out why contraband was allowed out of LE hands.
WOW it took three pages and people calling me a felon to about to call the police and FBI to get an answer. Thank you Markg43. You gave me the answer I was looking for.
Well don't worry about it ladies. I spoke to my boss and he has a court order to look at the HDD.
So a quote from him tonight "Go ahead and call the police, call the FBI, call your mommies too cause everything he is doing is perfectly legal and his 15 yrs of experience as a Federal Agent at the US Customs knows that he is correct. He is a graduate of the US Treasury Department’s Seized Computer Evidence Recovery School (SCERS). served as the Customs Service’s sole federally certified Computer Investigative Specialist (CIS) in the State of Arizona for six years.
If you want the company that I work for I will give it to you to soothe your little hearts and ensure you that there was not a CP ring happening where I work and that distribution was not happening.
PM me if you want the name of the company.