Feeds

Death of an expert IT witness

Computer forensics infighting

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The Home Secretary's plans to recruit top-flight computer forensic experts to work on complex cases as part of reforms of the police service may suffer a hitch.

An acrimonious dispute has erupted between the UK's leading computer crime experts. On his web site, Jim Bates, MD of Computer Forensics and a long-time police expert, attacks the professional competence of Peter Sommer and Nicholas Webber, two highly-experienced expert witnesses in the field of forensic computing.

Though UK libel laws stop us from reporting his comments, the spat raises a interesting issue. There is no formal way of deciding who is a forensic computer expert. Among the small pool of people who consider themselves leaders in this field, and are called on by the police to assist with cases, there is an argument about who is competent to perform this work.

Home Secretary David Blunkett wants civilian investigators, especially those in IT, to work as part of elite investigation squads. The government White Paper outlining the police reforms states: "Too few officers currently have the necessary skills to deal with the most complex IT-based crime."

But if they don't have the IT skills, how do they know which expert to trust to help their investigation and build a prosecution case - especially when there's infighting amongst established and experienced experts? And if there's no formal mechanism to find a computer expert, how does the defence get someone who's good and who they can trust?

Qualifications

Dr Neil Barrett, technical director of Information Risk Management and a former senior consultant with Bull, has worked with the police for more than 10 years. He's unhappy with the way computer experts are drafted into police inquiries and believes the Home Office reforms will formalise the process.

Barrett became involved with police investigations after he was asked to train officers at the Bramshill police training college. This got him known in the right circles, he says. "Right now the way it works is accidental. A trusted senior officer might know the right person to lean on in a particular area."

But "there are a whole load of people known to be incompetent. I know I'm competent but how do I prove it to other people? What we need is a way of being able to say 'what qualifies me to give this expert opinion'."

Barrett was the forensic computer expert in the prosecution of Raphael Gray, aka Curador, who claimed he hacked into sites and gained access to customer databases in order to expose lax security.

The 19 year-old published a roll of shame of ecommerce firms he had broken into on the Internet and also posted what purported to be credit card details for Bill Gates (although the latter claim was subsequently debunked). And his Web sites also offered free credit card details. Gray was sentenced to a psychiatric and community service rehabilitation order of three years.

Barrett declines to name experts he doesn't rate. But Jim Bates, MD of Computer Forensics, has no such qualms. Computer Forensics sells forensic software and services - a landmark product was DIBS (Disk Image Backup System) forensic imaging software which takes a copy of a PCs hard drive and RAM, without altering the original. It was "designed to be plod-proof," said Bates. Development came out of a liaison with the Computer Crime Unit at New Scotland Yard and the first product went on sale in 1991.

Forensic

Bates has assisted police investigations and says 50 per cent of Computer Forensics work is with the police. He has set up a web site for DIBS users and to highlight his dissatisfaction with rival forensic computer experts.

On one page, he writes about what he considers flaws. within "the English legal system there is no specific mechanism for challenging the competence of the expert witness.

"In such a new field as computer forensics" virtually anyone with a little knowledge of computers finds it easy to convince lawyers, barristers and judges that they are an "expert" and their opinions are valid and reliable.

He criticises the work of two leading forensic computer experts - Peter Sommer and Nicholas Webber, and details his opinions of cases that he and they have been involved with.

Sommer is a visiting research fellow at the London School of Economics and under the pseudonym Hugo Cornwall he wrote the Hacker's Handbook in 1985. Sommer's CV says his legal expert witness activity "has included computer forensics and contract analysis of a failed nationally-based central station alarm system, a wrongful dismissal claim where the client had been accused of planting a logic bomb in his employer's computer system, allegations of software piracy via BBSs, the Internet on CD-ROMs, and charges of international computer intrusions into US military sites."

He was also involved in the Wonderland Club investigation - a large-scale conspiracy to distribute paedophile images, and was the defence expert for Raphael Gray, aka Curador.

Webber was also involved in the Wonderland case. He was used in the BBC Panorama programme, which looked at the techniques used to trace the paedophiles. He was described only as a computer consultant and described how "we worked out a technique where we could actually watch them live on the Internet", and the trace them back first to their ISPs and them to their homes.

But Bates is not impressed with them. "The stuff on the website - I didn't put it there lightly. I don't like the idea of going out rubbishing people, but it is an important issue."

The UK forensic computer expert scene is small and the people in it know each other personally or by reputation. Bates says he's only come across eight or ten he'd be happy to come up against in court, on a competence basis.

Postgraduate

Sommer and Webber are unhappy with Bates' site which is not hosted by a UK ISP so it wouldn't be easy to shut down, if they wanted to do it. "It's not worth suing him (Bates)," said Sommer, confident of his reputation and track record.

He says "the police are perfectly capable of deciding whether an expert is competent." He acknowledges the police system for recruiting experts isn't perfect but thinks it's as good as it'll get. "They [the police] try you out on something small first, they know how to identify good people." If the expert isn't competent "it'll get shown up in court".

Barrett, Webber, Sommer and Bates disagree on how to accredit someone as a forensic computer expert. Webber thinks it will take the formation of an ethical standards body, like the BMA for doctors, with no commercial interest in the matter, which would then vouch for its members.

Barrett has high hopes for a postgraduate qualification in forensic computing from the Royal Military College of Science. The course starts in January and Barrett, who will lecture, thinks the qualification could be a base level for all forensic computer experts.

Sommer, who will be an external assessor to the course, does not think this will work. Alhough he welcomes the course, he feels the speed of change in computer technology makes it difficult for the qualification to vouch for someone's competence in the future.

"The thing which makes computer forensics unique is that everything changes so fast. An academic course takes a long time to get accredited."

So for Sommer the system ain't broke. "Like a lot of things in life, certain things are extremely difficult to do. We have to recognise it's the nature of the beast we're not going to get a prefect system."

Bates is working on a proposal which will combine an industry vouching for its members who will have passed a form of competence test. He doesn't have any particular authority to get his ideas accepted but, "nobody does, that's the problem", he said. He believes that as an expert witness 99 per cent of your testimony is fact and one per cent is professional opinion.

But the police may be coming up with their own solution. The National High Tech Crime Unit, formed specifically to tackle tech crimes, has been going for six months and hasn't used a civilian yet. "We have 40 officers who are all extremely IT literate. It's not been a requirement at this stage," said a spokeswoman. Dr Neil Barrett is listed as one of the few expert advisors to the unit on his company's web site. ®

Related Links

Home Office press release
Home Office Police Reform White Paper
Police Reform website
Peter Sommer's CV
Transcript of BBC's Panorama w0nderland programme
Forensic Computing MSc/Postgraduate Diploma from the Royal Military College of Science.

Related Stories

Welsh hacker pleads guilty to deception and theft
'Bill Gates' hacker escapes jail
Pedo porn ring gets slap on wrist
Paedophile says why he loves the Net
Demon coughs up damages in Godfrey libel case

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.