Tips on testifying in a computer crimes case

WindowSecurity.com - As an IT professional and working network administrator, you may find yourself called upon to testify as a victim or a witness (i.e., a representative of a company whose network is victimized) in a computer-related crime.
Another possibility is that you might someday want to use your technical expertise to become a professional expert witness in computer-related cases. In this article, we examine the basics of testifying in either capacity in a case involving computer crimes, and how you can move into the lucrative field of computer forensics, on either a full- or part-time basis.
Note: The discussion in this article is based on the U.S. legal system. The process of testifying is similar in most jurisdictions, but different rules and procedures may apply in other countries.
Understanding computer crime concepts
As the incidence of intrusions, attacks and release of malicious code (viruses, worms, Trojan horses, etc.) has grown and the real cost to businesses of dealing with these attacks has become more evident, prosecution of computer crime has become more common despite the difficulties involved in identifying and proving the case against an offender, who most often does his dirty work from a remote location.
Before testifying in court, it's important to understand basic legal concepts surrounding network attacks and intrusions. In the U.S. (and many other countries), a case can be brought against attackers and intruders under either criminal or civil law. A civil case, called a tort, is a lawsuit brought by a private citizen (or a corporation, which is an entity under law) against another person or legal entity, seeking some sort of relief (usually this is money, but sometimes it's in the form of an injunction, which is a court order compelling the other person to do or not do something).
A criminal case is an action brought by the government (local, state or federal) on the behalf of society, and seeks to punish the offender. The punishment can be in the form of a fine, jail or imprisonment, or even (in capital cases, which generally only apply to the offense of murder with special circumstances) the death penalty.
The civil and criminal justice systems are completely separate. The same act can be both a crime and a tort, and a hacker could be sued in civil court and prosecuted in criminal court for the same act (the prohibition on double jeopardy applies only to criminal cases). In both civil and criminal cases, rules of evidence apply. These rules are not the same for both

Reprinted with permission from

For more security news visit WindowSecurity.com
Story copyright 2006 WindowSecurity.com. All rights reserved.