"Part of the problem is that once it was realized the investigaotr was using pirated tools, all of his investigations can be called into question. Nothing coming out of this person could be trusted."
The cracked version operates like the non-cracked version. It simply alleviates the dongle need.
What might be the real issue is that a non-licensed user was using software that requires a valid license. Don't necessarily look at as is. Another view might be I loan my SMART dongle to Person XXX. They acquire and analyze using SMART, only they're not the registered user. Therefore they have no business operating the tool.
Anyways, just a brain fart for Monday.
farmerdude
hey i thought andy encouraged non-smart users to use it for acquisitions? P
regardless though, farmer's boot cd >*
"Part of the problem is that once it was realized the investigaotr was using pirated tools, all of his investigations can be called into question. Nothing coming out of this person could be trusted."
The cracked version operates like the non-cracked version. It simply alleviates the dongle need.
What might be the real issue is that a non-licensed user was using software that requires a valid license. Don't necessarily look at as is. Another view might be I loan my SMART dongle to Person XXX. They acquire and analyze using SMART, only they're not the registered user. Therefore they have no business operating the tool.
Anyways, just a brain fart for Monday.
farmerdude
"The cracked version operates like the non-cracked version. It simply alleviates the dongle need."
Pirated, unlicensed, etc. Call it what you will. Would you advocate it's use? And as others have pointed out, with so many other free and low-cost tools, why risk using pirated software? While MD5s, etc, could show if the tool has been tampered with, you are now clouding the case and will have to spend time defending the use of illegal software (and isn't that one of the crimes that forenics invstigators are often called into investigate)?
While it is possible, as others have pointed out, that the tools is exactly the same (which, technically, it can not be if it has been hacked in any way), it really comes down to this The prosecution is not supposed to break the law to get convictions. If this investigator is using pirated software, it calls his whole methodology into question. If he took a shortcut by using pirated software, what other shortcuts did he take non-sterilized media, inaccurate chain-of-custody, etc.
Look at what happened to Foundstone (http//
bj
bjgleas,
You, as we say, hit the nail directly on the head. Why bring the question of a lack of ethics into a case when it can so easily be avoided. I did several hundred examinations before I was ever asked to produce proof of ownership of my software. But it did happen.
Clients pay very well for our services. They deserve better. Once you are proven a criminal it makes it very difficult for the courts to put any stock in your findings.
Tough Call ….if Encase has been cracked - then in theory one could argue that the Integrity of the application has been affected, and therefore any previous acceptance of courts of evidence produced by Encase becomes invalid as they were all using the uncracked version. Not only is the Forensic Analyst is an awkward spot, but one could argue - so too would be the evidence. For who knows what was done to the software using the crack/patch?
bjgleas,
You, as we say, hit the nail directly on the head.
I don't think he did. No one is advocating or condoning the use of illegal software, that was not the question. The question was, in effect, "We have a suspected wrongdoer, we have just discovered that our investigator may have used unlicensed software, does that mean that the original suspect must go free?" In other words given those circumstances can anything of the case be salvaged?
I think that the digital evidence in this case could possibly fall under the "Fruit of the poisonous tree" argument.
Quotes taken from http//
"Fruit of the poisonous tree is a legal term in the United States used to describe evidence gathered with the aid of information obtained illegally."
Since the software used to collect the evidence is illegal, the results produced by it would be tainted.
"Like the exclusionary rule, the fruit-of-the-poisonous-tree doctrine is intended to deter police from using illegal means to obtain evidence."
This investigator used illegal software to collect evidence, so that evidence should be tossed. While there are exceptions to this rule, I think it would be an uphill battle.
How much impact will it have on the case if the digital evidence gets thrown out? I don't know. But according to Casey in Digital Evidence and Computer Crime (2004), "If a case hinges upon a single form or source of digital evidence … then the case is unacceptably weak."
And in my opinion, if you are using, or allowing your investigators to use, pirated (unlicensed, illegal, etc) software, then this is the price you pay. You need to learn from your mistakes and make damn sure it doesn't happen again.
bj