Product Description

Addresses the specific needs of the IT expert witness. Focuses on how digital evidence and computer forensics are altering litigation. Your guide to the complicated forensic landscape that awaits the expert technical witness. Softcover.

---

Product Details

• Amazon Sales Rank: #863568 in Books
• Published on: 2002-10-19
• Original language: English
• Number of items: 1
• Binding: Paperback
• 560 pages

From the Back Cover

Information technology is an increasingly large factor in legal proceedings. In cases large and small, from the U.S. Government's antitrust suit against Microsoft Corporation, to civil lawsuits filed over the failure of a network, to criminal cases in which the authenticity of electronic evidence is questioned, the testimony of a technical expert is essential. But in order to be effective, an expert technical witness needs much more than an understanding of the technology in question.

A Guide to Forensic Testimony is the first book to address the specific needs of the IT expert witness. It will arm you with the tools you need to testify effectively. Inside you'll find everything from an overview of basic witness responsibilities and challenges to a deeper exploration of what produces successful technical testimony. Written by a computer security authority who has served as a technical witness, and a trial attorney who focuses on how digital evidence and computer forensics are altering litigation, this book is your guide to the complicated forensic landscape that awaits the expert technical witness.

This book contains a wealth of wisdom and experience from the front lines, including firsthand accounts of the challenges faced by expert technical witnesses, practical in-court examples, and helpful advice. Among the topics covered are:

• The evolution of the expert IT witness and the growing legal dependence on technical expertise
• Legal criteria established to determine the qualifications and abilities of a technical expert to stand as a witness
• The kinds of cases and problems that are apt to be encountered in digital forensic assignments
• Damage caused when the rules of professionalism and ethics are ignored or misapplied
• The construction and maintenance of a solid professional relationship between expert and attorney
• The creation and use of visual tools in courtroom testimony
• Ways to improve the demeanor and non-verbal communication skills of the technical witness

Whether you are an information technologist asked to serve as an expert witness, a legal professional who works with information technology experts, a corporate risk manager, or a client whose interests are affected by the performance of IT experts, you will benefit greatly from A Guide to Forensic Testimony.

0201752794B09092002

About the Author

Fred Chris Smith is an experienced trial attorney who directed economic crime prosecutions for four consecutive New Mexico state attorneys general. For nearly twenty years he has also provided education and training programs throughout the country and abroad, in digital evidence and computer forensics. He has been involved as an attorney, business advisor, and teacher with information technology and legal professionals who are encountering the rapidly changing problems presented by electronic evidence in criminal cases, in the investigation of corporate network fraud and abuse, and in civil litigation. He currently serves as an Assistant United States Attorney.

Rebecca Gurley Bace is a recognized network security authority and consultant. Her career includes work with the National Security Agency, where her contribution to building the national intrusion detection research community earned her an NSA Distinguished Leadership Award. After the NSA, she became the Deputy Security Officer for the Computing Information and Communications Division of the Los Alamos National Laboratory, where she was responsible for one of the world's most complex security-critical computing environments. She is currently President/CEO of Infidel, Inc., and a Venture Partner for Trident Capital. Bace is the author of Intrusion Detection (Macmillan Technical Publishing, 2000).

0201752794AB06252002

Excerpt. © Reprinted by permission. All rights reserved.

Mark Twain is reported to have said, "An expert is just some guy from out of town." As usual, Twain is on the mark in suggesting that there should be something suspicious about a stranger who shows up and offers to help us with his expertise and then quickly hits the road. For our purposes this apothegm could be slightly altered to make an expert out to be someone from out of town who has an opinion. The revised adage may say as much about communities of interest and the part they play today in deciding whom to trust as an expert as it says about experts and how they worked in Twain's era.

This book is all about expert witnesses, with particular attention paid to those who specialize in information technologies—the hardware, software, and data that make up computers and other digital systems used for data processing and communications. The level of technical knowledge needed to deal with these systems often makes the question of assessing the expertise of a particular person daunting to all but other experts in the technical domain in question.

This is not by any means meant to be a legal textbook. Indeed, we explicitly disclaim any intention to offer or suggest legal advice to any reader. Such legal advice must come from legal counsel engaged to offer it, and the materials in this book should not be relied on as legal advice or passed onto others as such. Nor is this book meant to be treated as yet another technical manual, to be consulted only when the reader is in the midst of a crisis and in search of specific answers to specific technical problems. The book is perhaps best considered as analogous to a general travel guide to an exotic destination that the reader anticipates visiting in the near future.

We appreciate the paucity of time available for technical experts to devote to reading a book such as this. Accordingly, although the book attempts to convey neither legal advice nor specific technical information, the chapters should still prove useful to the techie and his or her managers. The chapters can guide the consideration of "what if" scenarios that may well come to pass in the lives of many who read this book. Furthermore, like a travel book, this primer may at least provide some of the right questions (asked in the appropriate local dialects) that an expert can use to ask for directions as he or she navigates to the interesting places and events often found in the world of litigation.

One of many ways you might use this book to prepare for visiting the land of litigation as an expert is to begin with the first chapter to get a quick and entertaining overview of the process of becoming a recognized expert and testifying in court. Chapter 1 introduces technical expert witnesses who testify in criminal and civil trials and focuses on the communities of interest that society ultimately relies upon to certify the genuine expertise of their representatives and members in good standing. When you begin to think about what makes a particular individual an expert in the eyes of the law, and hence entitled to testify about his or her opinions in the course of litigation, you are led back to the specialized knowledge, training, and experience that an organized and socially recognized community of interest creates and maintains. The most peculiar thing about the technical domains that comprise what is generally described as information technology (IT) is how little they resemble the traditional, professional, licensed communities of interest that exist in other areas, such as structural engineering and medicine. These communities become important to the law as it tests the reliability of the expert and his or her methods. Most judges and jurors first hear about such communities when a community member is proffered as an expert witness in the course of litigation. For IT expert witnesses, the lack of an organized, licensed community of interest with the traditional trappings of a socially recognized expert community creates a number of issues that the courts are just beginning to confront.

We introduce established experts from a number of communities of interest that lie outside the realm of IT. These experts within ancient areas of expertise as well as new disciplines have coped with the special demands of the legal system. Their stories may provide some organizing analogies for IT professionals who become interested in forensic practices and also enable IT experts to build the lattice of disciplines, processes, and professional networks necessary to assure lawyers and courts that they are competent IT practitioners. The experiences of Raemarie Schmidt and her students bring us back to how some of the pioneers in IT forensics can contribute to recognized expert communities by developing standards and training that have become generally recognized by the courts.

A discussion of the film My Cousin Vinny offers a lighthearted account of the problems that a technical expert encounters while testifying in court. In the film, the community of expertise represented by the character Mona Lisa Vito (played to perfection by Marisa Tomei) is that of the automobile mechanic. This particular community reminds us that certain roles associated with IT are rapidly becoming as commonly accepted as those of the car mechanic or washing machine repairperson. That these areas of expertise are generally recognized and often encountered illustrates another aspect of the community of interest. In this scenario, too many members claim an expertise with too little self-regulation, peer review, and evaluation by a recognized community of professionals. This erodes the ability to separate the charlatans from the qualified and recognized practitioners of the IT trades.

The choice of a second chapter is not critical to making the best use of this guide. In fact, the techie reader may wish to go directly to Chapter 13, which includes the experiences and lessons learned by several accomplished IT experts. These technical experts, who are all widely recognized as such in their communities of interest, have varying degrees of experience as expert witnesses in criminal and civil litigation. Their observations can serve as either reviews or introductions to the chapters found between the first and the last.

Chapter 2 provides a real-world tale of just how serious this kind of communication performance can be to individual and corporate parties. This chapter also explores the kind of expectations that legal and IT social critiques bring to bear on performances by important IT witnesses in landmark cases. Passages from the deposition of Bill Gates in the Microsoft antitrust case introduce a number of the recurring themes and issues associated with expert testimony developed further in the rest of the book. The most important of these is the perception of the demeanor and overall credibility of the witness and his or her performance on the stand. This perception by the fact finder overrides, as it should, all the other components of the process of communicating complex concepts in formal testimony.

The return of Bill Gates to the witness stand two years later (and the dramatic change in the reporting of his second coming by the same IT and legal reporters) is an example of the point of this book. Judicial fact finders and the public have lofty expectations of experts, especially when the expert's testimony is key to understanding the merits of the case. Meeting those expectations requires certain things from the expert: experience, preparation, and a commitment to communicating not only the obvious expertise of the witness but also the credibility and willingness to provide useful information throughout the testimony. This set of requirements might appear excessive, but in certain cases, such as Gates', the members of the public with interest in the expert's testimony number in the millions.

Chapter 3 reprises the well-known story of how IT security experts Tsutomu Shimomura and Andrew Gross developed forensic tools to track down the hacker who broke into Shimomura's computer at the San Diego Supercomputer Center. The text recounts the investigation in the form of a hypothetical direct examination of Andrew Gross as the government's expert witness and illustrates the case with graphics designed to introduce and narrate the complex technical steps taken in the investigation. The sample testimony also explains the expert analysis of the computer network evidence used to establish that Kevin Mitnick was the original intruder and to account for how he came to possess the stolen computer data taken from Shimomura's computer.

Chapter 4 provides some historical background, outlining the evolution of the legal process and also exploring the growing importance of expert witness testimony that accompanies the evolution of society's dependence on technology. The different roles of the expert witness as consultant, strategist, and testifying witness are introduced along with some of the problems that can arise when the expert and his or her attorney do not keep these often conflicting roles clear and distinct throughout thecourse of litigation.

Chapter 5 gives the beginning expert several examples by analogy of the kinds of problems that may persist due to the pace of advances in IT. Some of the problems are considered to be a direct consequence of the inherent immaturity of the IT field. In particular, issues arise in areas where no rigorous community of interest has been established or where no formal education or training is available. In these cases, the expert cannot point to generally accepted standards or a formal peer review process for determining the reliability of the concepts and techniques that he or she uses to decide what happened in a given case. Discussions of astrologers, phrenologists, handwriting analysts, and fingerprint comparison experts and their communities of interest illustrate the kinds of problems that IT domain experts may encounter when their expertise is challenged in court.

Chapter 6 provides examples, many of them extreme, of what can go wrong when commonsense rules...

---

Customer Reviews

Leads through a legal minefield
After reading this book - more than once, I might add, I came away with a few impressions:

(1) Law and the legal domain are as logic-driven as the IT profession for which this book is written.
(2) What may make perfect common sense to a non-legal professional is not necessarily in line with the legal view.
(3) The scope of this book goes far beyond how to present forensic testimony as an IT security professional.

The authors establish a context for what it means to be an expert witness, and the basics (testimony, key cases to lay groundwork, and illustrating examples).

By chapter 4, Understanding the Rules of the Game, you may find yourself mired down in more detail than you think necessary; however, it is within the morass of details where you'll start to see the complexity of the legal process. And complex it is. The dissection of key cases, how experts made a difference (either way), and cited cases that show how the law is evolving are necessary background information for any IT professional, either as an expert witness, as a plaintiff, or as a defendant.

If you do wind up in court as a witness (expert or not) in a security, contract or other case (criminal or legal), turn to chapters 9 (testimony), 11 (demeanor and credibility), and 12 (non-verbal communication). These will quickly prep you. If you are going as an expert witness I advise you to cram, especially every chapter starting with Chapter 5.

Who else should read this book? Any IT professional who is involved with contracts, quality, consulting, or product development. Chances are you may wind up in court at some point, and this material is as applicable in many cases to anyone called as a witness as it is to expert witnesses.

While this book is not easy to plow through, and the details may seem to fine-grained or to overwhelming, it will prepare you for your day in court.

Should be much thinner, but informative nonetheless
My four star rating of "A Guide to Forensic Testimony" (AGTFT) is based on the text's novelty and its desire to truly help expert witnesses. Anyone who expects to testify regarding technical issues will benefit from reading this book, although they could learn just as much by reading the "Cliff Notes" version.

AGTFT shines in certain respects. Chapter 2's excerpts from Bill Gates' testimony in Microsoft's trial, chapter 4's description of the roles of expert witnesses, and chapter 8's discussion of expert witness qualifications were excellent. Succinct, educational guidance on producing effective visual aids appeared in chapter 10. I also appreciated the wisdom Gene Spafford shared with readers in chapter 13.

Elsewhere, however, I repeatedly question the dozens of pages devoted to irrelevant digressions. Before chapter one even begins, the reader is faced by 45 pages of preface, introductions, and so on. Once in the main text, the reader must contend with far too many lengthy excerpts from court decisions. I'm sure the authors and editors wrestled with the problem of how much of each reference should be included. Unfortunately, they erred on the side of too many citations. Many are simply silly -- "We sometimes don't imagine so because of the main enemy of human compassion, sloth." Good grief. I also didn't need to read about Viagra, cattle guards, Houdini, "grinners," aikido, "the unbroken circle," and other topics and metaphors intended to convey the author's intentions.

AGTFT is a good book, but I recommend waiting for someone else to read and highlight it. Then, piggyback on that person's work and pay attention to the main points. Incidentally, my copy, already highlighted, stays in my library.

Very good book, but a bit wordy.
This is a very good book, but a bit wordy.

The authors go into a lot of legal detail. If you are not a lawyer, you can skip these sections, which make up about a third of the book.

But besides that, it is a very good book.