IT standards and guides do not adequately prepare IT practitioners to appear as expert witnesses: An Australian perspective

Security Journal

Volumn 29, Issue 2, 2016, Pages 306-325

  Butler, Andrew ^a   Choo, Kim Kwang Raymond ^a  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

Author keywords

digital evidence; digital forensics; expert evidence; expert witness; information technology (IT); IT practitioners

Indexed keywords

EID: 84963591540     PISSN: 09551662     EISSN: 17434645     Source Type: Journal    
DOI: 10.1057/sj.2013.29     Document Type: Review

References (32)

1. ABC News. (2008) Court watches graphic video of Burnley tunnel crash. ABC News 1 September.
2. ABC News. (2008) Coroner orders suppression of Burnley Tunnel report. ABC News 4 April.
3. Brezinski, D. and Killalea, T. (2002) RFC 3227-Guidelines for evidence collection and archiving, IETF, http://datatracker.ietf.org/doc/rfc3227/, accessed 17 January 2013.
4. Carey, A. (2012) Citylink tunnels re-opened. The Age 3 October, 2012.
5. Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y. and Sastry, S. (2011) Attacks Against Process Control Systems: Risk Assessment, Detection, and Response. Proceedings of ASIACCS 11, 22-24 March, Hong Kong, China, pp. 335-366.
6. Citilog. 2003 Snapshot of Citilog Applications in Asia Pacific-Melbourne CityLink, Australia, http://www .citilog.com/pdfs/Melbourne%20CityLinkLE-Snapshot.pdf, accessed 17 January 2013.
7. Choo, K.K.R. (2010) High tech criminal threats to the national information infrastructure. Information Security Technical Report 15(3): 104-111.
8. Choo, K.K.R. (2011) The cyber threat landscape: Challenges and future research directions. Computers & Security 30(8): 719-731.
9. Dix, A. (2010) The Burnley Incident in a current theoretical perspective. 5th International Conference-Tunnel Safety and VentilationTunnel Ventilation-Graz, Austria, 4 May.
10. Edwards, J. and Stavropoulos, P. (2012) Melbourne Back On The Move. ABC News, http://www.abc.net.au/news/2012-10-03/melbourne-Tunnels-reopen-After-day-of-chaos/4293716.
11. Fabro, M. and Cornelius, E. (2008) Recommended Practice: Creating Cyber Forensics Plans for Control Systems, Idaho National Laboratory. http://www.inl.gov/technicalpublications/Documents/4113665.pdf, accessed 17 January 2013.
12. Falliere, N., Murchu, L.O. and Chien, E. (2010) W32.Stuxnet dossier: Version 1.3 (November 2010). Cupertino, CA: Symantec.
13. Grance, T., Kent, K. and Kim, B. (2004) NIST SP800-61-Computer Security Incident Handling Guide, NIST, January.
14. Henderson, C. and Lenz, K.W. (2011) Legal issues concerning expert evidence and testimony. In: A. Mozayani and C. Noziglia (eds.) The Forensic Laboratory Handbook Procedures and Practice, Chapter 7, pp. 181-212.
15. Kent, K., Chevalier, S., Grance, T. and Dang, H. (2006) NIST SP800-86-Guide to Integrating Forensic Techniques into Incident Response, NIST, August.
16. Levy, M. (2012) Tunnels could be closed for afternoon peak, The Age 3 October.
17. Markoff, J. (2010) Worm can deal double blow to nuclear program. New York Times 19 November, http://www .nytimes.com/2010/11/20/world/middleeast/20stuxnet.html?ref=technology, accessed 17 January 2013.
18. Martini, B. and Choo, K.K.R. (2012) An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9(2): 71-80.
19. McKemmish, R. (1999) What is Forensic Computing? Trends and Issues in Crime and Criminal Justice, Canberra: Australian Institute of Criminology, no. 118, June.
20. Montgomery, J. and Bueker, T. (2010) Incident management an immediate reply. Thinking Highways 5(1): 48-50.
21. Nicholson, A., Webber, S., Dyer, S., Patel, T. and Janicke, H. (2012) SCADA security in the light of cyber-warfare. Computers & Security 31(4): 418-436.
22. Pallaras, S. (2011) New technology: Opportunities and challenges for prosecutors. Crime, Law and Social Change 56(1): 71-89.
23. Sanger, D. (2012) Confront and Conceal: Obamas Secret Wars and Surprising Use of American Power. New York: Crown Publishers.
24. Shinder, L. and Cross, M. (eds.) (2008) Chapter 17-becoming an expert witness. In: Scene of the Cybercrime, 2nd edn., 9 June, pp. 693-725.
25. Standards Australia. (2003) HB 171:2003 Handbook Guidelines for the management of IT evidence, Sydney, NSW: Standards Australia.
26. Standards Australia. (2006) AS/NZS ISO/IEC 18044:2006 Information technology-Security techniques-Information security incident management, 2 August, Sydney, NSW: Standards Australia.
27. Standards Australia. (2006) AS/NZS ISO/IEC 27001:2006 Information technology-Security techniques-Information security management systems-Requirements, 23 June, Sydney, NSW: Standards Australia.
28. Standards Australia. (2006) AS/NZS ISO/IEC 15443.1:2006-Information technology-Security techniques-A framework for IT security assurance Part 1: Overview and framework, 2 August, Sydney, NSW: Standards Australia.
29. TISN. (2005) SCADA Security-Advice for CEOs, 12 January, http://www.ema.gov.au/agd/WWW/rwpattach.nsf/VAP/(930C12A9101F61D43493D44C70E84EAA)~SCADA+Security.pdf/file/SCADA+Security.pdf.
30. Transdyn. 2011 CityLink Automated Tollway Traffic & Facilities Management System, http://www.transdyn.com/pdf/citylink-Automated-Tollway-Traffic-management-system.pdf, accessed 27 May.
31. Victorian Government. (2010) Security of Infrastructure Control Systems for Water and Transport, October.
32. Woolf, H. (1996) Access to Justice: Final Report to the Lord Chancellor on the Civil Justice System in England and Wales. H.M. Stationery Office.