When Bill Boni, corporate VP of information security at Motorola, contacted me with this story, I couldn't believe it. In some states, he said, computer investigators could go to jail for practicing without a PI license.
"You're crazy," I told him. "PI's don't know the first thing about logic bombs and slack space and other hidden files. They don't have the years of geek it takes to know how to gather evidence without disturbing it."
Turns out, Boni was right, at least in South Carolina and Texas where they've made it a crime to present evidence in their states that's not overseen by a licensed PI. Dozens of other states are honing their laws do the same.
I've since written two articles on the subject, the latest (June 2) at
Whitehatworld and a much longer article in January's
Baseline.
This subject riles me up, so I decided to blog about it.
While I agree that we need some "medical-examiner"-like controls around the field of digital forensics (looking inside computer-based devices for evidence of crime), I know that the PI industry is not the one to control the professional standards and hold the only rights to practice this highly-specialized field.
It would take years for a digital forensics examiner to gain the legal/gumshoe/law enforcement background it takes to be a PI (not to mention licensing fees) for every state they present evidence in. Nor do the gumshoes have the years of geek required to do digital forensics - even the editor of PI Magazine told me most PI's have neither the skill nor the inclination to do true digital forensics.
The time to act is now. If you're in the digital forensics profession, you should be contacting your professional organizations about how you can help turn back this trend and keep digital forensics in the hands of computer professionals who understand evidence collection in the digital realm.
That will mean establishing independent boards, similar to medical and forensics examiner boards, state by state.
Recent Comments