tag:blogger.com,1999:blog-4088979.post6138160989881551573..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Private Eyes AgainRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-4088979.post-73562126662565071092011-05-04T20:51:53.025-04:002011-05-04T20:51:53.025-04:00SC is well on way to exempting those in Computer F...SC is well on way to exempting those in Computer Forensics & Network security from being licensed Private Investigators (PIs).<br />http://www.scstatehouse.gov/sess119_2011-2012/bills/580.htm<br /><br />This measure has made it's way out of the subcommittee and is on to full senate for approval; next step would be to pass the SC House (and appears that will happen.)<br /><br />I think there needs to be some standard for the profession set to protect public interest and keep unskilled PC techs from mishandling evidence. Just not sure what the right balance of oversight would be at this point. <br /><br />On other hand, I went through the process and now have a full PI Agency License so I guess it proves anyone can do it.<br /><br />Thoughts?Clay Boswell, GCFA, CISSP, PInoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-65476795459214568812010-04-21T23:13:21.919-04:002010-04-21T23:13:21.919-04:00SC is in process of removing PI requirement for di...SC is in process of removing PI requirement for digital forensics. <br /><br />http://www.scstatehouse.gov/sess118_2009-2010/bills/1237.htmClay Boswellnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-76502326820905203902008-01-08T09:55:00.000-05:002008-01-08T09:55:00.000-05:00Darren,I have a few problems with the GCFA.First -...Darren,<BR/>I have a few problems with the GCFA.<BR/><BR/>First - SANS removed the requirement for a practical. It's a paper test now unless you go for "gold". <BR/><BR/>Second - It's based largely on Helix and Sleuthkit/Autopsy. Not entirely vendor neutral is it?<BR/><BR/>Third - It doesn't test against procedures - which is really what forensics hinges on. Bad procedures equals bad outcome.<BR/><BR/>I don't see much else that's wrong with it though.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-77200407372795821442008-01-08T09:25:00.000-05:002008-01-08T09:25:00.000-05:00The CCE is the only vendor neutral cert that's wor...<I>The CCE is the only vendor neutral cert that's worth getting right now when it comes to the private sector. </I><BR/><BR/>hogfly, what do you think of the GCFA cert? I am considering going for that one this year.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-23623948110904285152008-01-06T14:32:00.000-05:002008-01-06T14:32:00.000-05:00The reality of the situation is I have tried since...The reality of the situation is I have tried since June 2005 to get my PI license to allow me to eventually perform computer forensic work for the public in SC. HOWEVER what I have found is the process is very difficult. Mr. Abrams is in a very unique situation - he's a computer expert & lawyer. Also in June/July 2005 office personnel at SLED Licensing did not even return my phone calls or faxes when I inquired about performing computer forensic work and steps I would need to take to be properly licensed.<BR/><BR/>In SC to become a License PI you must be a PI apprentice for 3 years (BS or MS exempts 1 to 1.5 years). Most PIs are not up-to-speed with computer forensics and want you to perform surveillance and tracking of individuals in order to meet the 3 year requirement. I have documented contact with 22 PI agencies in my area and they either "already have it covered with their 'tech guy'" or they not interested in this area. Likewise I'm not interested in taking pictures of people and following them into unknown areas.<BR/><BR/>So far it's simply been frustrating. When I read the Baseline article I probably side with John Mellon - there needs to be uniformity in the computer forensic licensing field in the mean time we'll probably have some form of the Nevada proposal in SC shortly. And I think there could be merit to having a separate state licensing board for Information Security & Computer Forensics. It would be good to see the CISSP (as an example) be be elevated to a state licensed professional.<BR/><BR/>Recently I took the online practice test for Certified Computer Examiner (CCE) test. Extremely simple test if you have any forensic experience. There is a separate hardware self-assessment practice test - if you have cracked open a PC before you should ace. I truly hope the certification (Q&A + Practical) is challenging enough to weed out the "PC Magazine Experts".<BR/><BR/><BR/>In any case, today I signed up for the Certified Computer Examiner (CCE) exam and class. I wonder if we'll see the number of CCE certifications significantly increase? This must be good for their business!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-10988093787593565192008-01-06T13:52:00.000-05:002008-01-06T13:52:00.000-05:00The company I work for is in Canada. My group do...The company I work for is in Canada. My group does forensic investigations on behalf of ISPs. In most cases this is network forensics. Our customers are ISPs around the world with a fair number in the United States. Wonder how these laws apply to investigations that are done remotely? I'm guessing they don't, as there would have to be some sort of International agreement. But I'm not a lawyer, so I will have to look into it.<BR/>-mike.Michael Dundashttps://www.blogger.com/profile/14053750507205026016noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-64744037512498339262008-01-04T08:43:00.000-05:002008-01-04T08:43:00.000-05:00Richard,I obtained the CCE a few years ago while p...Richard,<BR/>I obtained the CCE a few years ago while pursuing my degree in computer forensics and I'm up for recert right now. Every two years it's required that the examiner perform one examination if you meet education requirements during the two year period or perform a number of examinations that have been documented. The original testing was not too bad. The CCE is the only vendor neutral cert that's worth getting right now when it comes to the private sector. <BR/><BR/><BR/>The CCE list is the most worthwhile part of getting the cert IMO. There's a lot of intelligent discussion and the PI issue has been discussed time and time and time again. I suspect the CCE is looked upon favorably due to the fact that it originated in Georgia. The Southeast Cybercrime summit is put on by Kennesaw State U. - and is heavily attended by CCE's.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-30080799598591114482008-01-04T03:28:00.000-05:002008-01-04T03:28:00.000-05:00Hi Richard,That's the case in Singapore where I am...Hi Richard,<BR/><BR/>That's the case in Singapore where I am based working for I-Analysis Pte Ltd. As we gather evidence for potential civil or criminal proceedings we fall under the Private Investigation and Security Agencies Act. This was made known to us by a law firm that hired us to gather evidence for their client.<BR/><BR/>Interpretation.<BR/>2. —(1) In this Act, unless the context otherwise requires —<BR/><BR/>"company" means —<BR/><BR/>(a) a company incorporated pursuant to the Companies Act or pursuant to any corresponding previous law; or<BR/><BR/>(b) a company or other body incorporated outside Singapore;<BR/><BR/>"licence" means a private investigator’s licence or a security guard agency’s licence, as the case may be, granted under this Act;<BR/><BR/>"licensee" means the holder of a licence;<BR/><BR/>"licensing officer" means the licensing officer appointed under section 4 and includes an assistant licensing officer appointed under that section;<BR/><BR/>"private investigator" means any person (whether or not he carries on any other business) who exercises or carries on or advertises or notifies or states that he exercises or carries on or that he is willing to exercise or carry on or in any way holds himself to the public as ready to undertake any of the following functions:<BR/><BR/>(e) securing evidence to be used in civil or criminal proceedings,<BR/><BR/>on behalf of any other person and for or in consideration of any payment or other remuneration (whether monetary or otherwise);<BR/><BR/>There is no provision for technical credentials such as certifications, however the police audit each application prior to granting the licence. <BR/><BR/>If I am not wrong, there is a specific provision excluding employees performing such tasks for their employer as part of their employment however I can't seem to find the reference at the moment. This would be similar to what you wrote about in your post.<BR/><BR/>The Law Society in the UK has a list of recognised experts but how they are judged to have sufficient knowledge to be accepted as experts I am not sure. <BR/><BR/>Regards,<BR/>DarrenAnonymousnoreply@blogger.com