Join Us!

About legality of u...
 
Notifications
Clear all

About legality of usage of unlicensed forensics tool  

Page 1 / 2
  RSS
cs2018
(@cs2018)
New Member

You know forensics tools are very expensive. I am new in this field and I can not afford to buy them at the moment. However there are some forensics tools around whose dongles are emulated or which are cracked.

I know it is illegal to emulate dongles or crack but my question is a bit different.

As I am newcomer to forensics field I wonder if the courts interrogate used programmes for reports are licensed or not.
Must I refrain to use such programmes or not?

Regards

Quote
Posted : 25/11/2018 6:07 pm
Igor_Michailov
(@igor_michailov)
Senior Member

It is not nessesary to use commercial tool in DFIR. You can use freeware tools or do something manually.

Digital Forensics with Open Source Tools
https://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867

Top 20 Free Digital Forensic Investigation Tools for SysAdmins
https://techtalk.gfi.com/top-20-free-digital-forensic-investigation-tools-for-sysadmins/

ReplyQuote
Posted : 25/11/2018 6:23 pm
jaclaz
(@jaclaz)
Community Legend

As I am newcomer to forensics field I wonder if the courts interrogate used programmes for reports are licensed or not.

I would put it differently, independently from whether the Court will be interested in the legalities of your agreement (or non-agreement) with the maker of the software[1], basically you will be making in Court a sworn statement that you used Tool "A" in your professional activity.

And this will be recorded in the acts of the Court (which tend to be very persistent and usually publicly accessible documents).

Now, two possibilities (up to you to evaluate the risks and consequences connected with them and the probability either may happen)
1) the software maker gets to know about that and sues you, having available what equates to a plain confession of the infringement
2) the solicitor of the other party (in the same or other trial) gets to know about that and manages to use this piece of info to invalidate your report and/or expert witness statement

jaclaz

[1] it won't

ReplyQuote
Posted : 25/11/2018 7:16 pm
nightworker
(@nightworker)
Active Member

We dont have forensic universal standart yet
only one thing is standart that hash and integrity so that
if you can verify your evidence you can use whatever tool you want

ReplyQuote
Posted : 26/11/2018 6:43 am
randomaccess
(@randomaccess)
Active Member

You can get a lot done with adequate training (whether its paid or self taught by reading various books and research) and freely available and open source tools

If it were to come out that you are using pirated software to conduct your examinations your ethics may get called into question, and for no reason when there are freely available tools to use

ReplyQuote
Posted : 26/11/2018 7:19 am
azrael
(@azrael)
Senior Member

Legality of licensing issues aside …

You could use this as an opportunity to make you a better forensic analyst …

Use your cracked version of software to do "triage" then verify all of the evidence that you have found using a tool such as WinHex (which is free) - you'll have to learn how to find and interpret things yourself within the image, but when you write your report (a) your tool will be beyond reproach and (b) you'll actually understand how you got the results, rather than being a "button monkey" …

Yes, it's more work - but that, generally is the way of life - things that you don't pay for tend to be harder … The skills learnt will stand you in good stead though !

EDIT You could, of course, extrapolate this to "Trial" versions of tools too …

ReplyQuote
Posted : 26/11/2018 7:24 am
jaclaz
(@jaclaz)
Community Legend

…l such as WinHex (which is free) .

Free since when? 😯

Last time I checked it it was Commercial
https://www.x-ways.net/winhex/comparison.html

Relatively cheap when compared to many other "forensic tools", still
http//www.x-ways.net/order.html

jaclaz

ReplyQuote
Posted : 26/11/2018 9:24 am
azrael
(@azrael)
Senior Member

Free since when? 😯

Sorry, good point well made - there is an unlimited and fully featured "evaluation" … But you are absolutely right, not free beyond the evaluation.

( I have a full Forensic License and I think it's the best thing since sliced bread … )

ReplyQuote
Posted : 26/11/2018 9:32 am
Bunnysniper
(@bunnysniper)
Active Member

You know forensics tools are very expensive. I am new in this field and I can not afford to buy them at the moment. However there are some forensics tools around whose dongles are emulated or which are cracked.

2 things one is playing around with hacked versions of commercial tools and the 2nd one is the usage for a court process.
The first case is okay, since you only play around and do not make any money, but experience from it. Using an illegally acquired software to make any money with it is clear "no - go" for me. And I would never ever risk the usage of such a software in front of a judge or the lawyers there….

ReplyQuote
Posted : 26/11/2018 10:07 am
jaclaz
(@jaclaz)
Community Legend

The first case is okay, since you only play around and do not make any money, but experience from it.

Or in other words, using pirated/cracked software for acquiring the experience and competence that will later allow you to make money is OK, it is only when you use it to directly make money that it is not OK. ?

Isn't it like saying that it is OK to drive a stolen race car as long as you do that it for training/practicing, but that you shouldn't actually enter an official competition with it? roll

jaclaz

ReplyQuote
Posted : 26/11/2018 10:34 am
Bunnysniper
(@bunnysniper)
Active Member

The first case is okay, since you only play around and do not make any money, but experience from it.

Or in other words, using pirated/cracked software for acquiring the experience and competence that will later allow you to make money is OK

It is at least a diference for me….somehow he has to make some experience. Any better ideas? Not all vendors offer a trial version. And if he later buys it before he makes money from it`s a usage I really think is "understandable".

ReplyQuote
Posted : 26/11/2018 11:28 am
randomaccess
(@randomaccess)
Active Member

I still think you'd learn more by pulling down ftk imager, Eric's tools, and the nirsott web browser stuff and running that over a system.
You'd get a bunch done and learn a lot
If you want to carve first then photorec is also free

ReplyQuote
Posted : 26/11/2018 12:10 pm
azrael
(@azrael)
Senior Member

It is an interesting question - training providers ( university & others ) quite often have site licenses for a particular product. How do you evaluate other tools if evaluation versions aren't available ?

I would be a complete hypocrite to condemn someone who is using it for training purposes - I'll eat my hat ( wool, flat ) if there is a single person here who hasn't used an unlicensed/pirated bit of software ( or broken the terms of licensing ) or hasn't illicitly copied a film/piece of music/academic paper in breach of copyright - I hate to say it, but the IT industry ( and by extension Digital Forensics ) is built on such things.

Until job adverts stop saying "Experience of EnCase" and start saying "Experience of Forensics Tooling" this is always going to be an issue.

Catch-22

ReplyQuote
Posted : 26/11/2018 12:19 pm
passcodeunlock
(@passcodeunlock)
Senior Member

Answering the OP title "About legality of usage of unlicensed forensics tool", there is no other answer to this then NO. The usage of unlicensed forensics tools is illegal. Using an unlicensed forensic tool related to a live case remains an illegal activity, no matter of any kind of explanations.

Learning or training from "illegal" sources is up to everybody's own conscience to do it or not.

ReplyQuote
Posted : 26/11/2018 12:53 pm
jaclaz
(@jaclaz)
Community Legend

It is at least a diference for me….somehow he has to make some experience. Any better ideas? Not all vendors offer a trial version. And if he later buys it before he makes money from it`s a usage I really think is "understandable".

The whole point that a few members pointed out, is that there is seemingly noone with a gun forcing you to use Commercial or non-free (or non freeware) software (and BTW, as it was pointed out, the use of such "simpler" and "free" tools often have more learning value for the beginner).

But there are several possible views on this.

One is the "moral" view, where
cracked software is a no-no (independently from the actual usage) ,
another one is
OK for tests/training or if you are poor/cannot afford to buy a license but not for professional usage,
the third one is the "immoral" one
everything is fine as long as "they" don't catch you.

Of these I personally find the two extremes more valid than the middle one (which I call the Robin Hood approach).

As a matter of fact quite a few of the Robin Hood theory supporters point out how piracy is a good thing for the software developers, as the user of cracked software may later become a legit customer, whilst if he/she had took the "moral" approach he/she would have had no occasion to try and get familiar with the given software and that there is no loss for the maker of the software because the user would not have bought it anyway.

In digital forensics there is however a further step, you may happen to be called as an expert witness in a case where the use of counterfeit/pirated/cracked software is the actual object of the case, would you be able to use data gathered through the use of your own pirated/cracked software to certify the illicit use of some software by the suspect (keeping a straight face, I mean)?

Some may say that since all job offers are for people with experience with Encase, Nuix and *whatnot* [1], it is fair to use the cracked software to get at least familiar with them.

Everyone should take the stance he/she thinks better (and consider the consequences - if any - of the choice made).

jaclaz

[1] besides the other "basic" requirements wink
https://www.forensicfocus.com/Forums/viewtopic/t=13579/

ReplyQuote
Posted : 26/11/2018 1:09 pm
Page 1 / 2
Share: