A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness

(1) Law and the legal domain are as logic-driven as the IT profession for which this book is written.
(2) What may make perfect common sense to a non-legal professional is not necessarily in line with the legal view.
(3) The scope of this book goes far beyond how to present forensic testimony as an IT security professional.

The authors establish a context for what it means to be an expert witness, and the basics (testimony, key cases to lay groundwork, and illustrating examples).

By chapter 4, Understanding the Rules of the Game, you may find yourself mired down in more detail than you think necessary; however, it is within the morass of details where you'll start to see the complexity of the legal process. And complex it is. The dissection of key cases, how experts made a difference (either way), and cited cases that show how the law is evolving are necessary background information for any IT professional, either as an expert witness, as a plaintiff, or as a defendant.

If you do wind up in court as a witness (expert or not) in a security, contract or other case (criminal or legal), turn to chapters 9 (testimony), 11 (demeanor and credibility), and 12 (non-verbal communication). These will quickly prep you. If you are going as an expert witness I advise you to cram, especially every chapter starting with Chapter 5.

Who else should read this book? Any IT professional who is involved with contracts, quality, consulting, or product development. Chances are you may wind up in court at some point, and this material is as applicable in many cases to anyone called as a witness as it is to expert witnesses.

While this book is not easy to plow through, and the details may seem to fine-grained or to overwhelming, it will prepare you for your day in court.

Rating:
Summary: Slow Starter
Review: I was given this book as a door prize. As a result I found it a slow starter and was unable to complete the book. However the book is well written and easy to understand. It was also entertaining to read some of the examples of court proceedings. I am sure that if this had been a book I was interested in enough to buy or seek out I would have found it both enjoyable & helpful.

Rating:
Summary: Should be much thinner, but informative nonetheless
Review: My four star rating of "A Guide to Forensic Testimony" (AGTFT) is based on the text's novelty and its desire to truly help expert witnesses. Anyone who expects to testify regarding technical issues will benefit from reading this book, although they could learn just as much by reading the "Cliff Notes" version.

AGTFT shines in certain respects. Chapter 2's excerpts from Bill Gates' testimony in Microsoft's trial, chapter 4's description of the roles of expert witnesses, and chapter 8's discussion of expert witness qualifications were excellent. Succinct, educational guidance on producing effective visual aids appeared in chapter 10. I also appreciated the wisdom Gene Spafford shared with readers in chapter 13.

Elsewhere, however, I repeatedly question the dozens of pages devoted to irrelevant digressions. Before chapter one even begins, the reader is faced by 45 pages of preface, introductions, and so on. Once in the main text, the reader must contend with far too many lengthy excerpts from court decisions. I'm sure the authors and editors wrestled with the problem of how much of each reference should be included. Unfortunately, they erred on the side of too many citations. Many are simply silly -- "We sometimes don't imagine so because of the main enemy of human compassion, sloth." Good grief. I also didn't need to read about Viagra, cattle guards, Houdini, "grinners," aikido, "the unbroken circle," and other topics and metaphors intended to convey the author's intentions.

AGTFT is a good book, but I recommend waiting for someone else to read and highlight it. Then, piggyback on that person's work and pay attention to the main points. Incidentally, my copy, already highlighted, stays in my library.

Rating:
Summary: Should be much thinner, but informative nonetheless
Review: My four star rating of "A Guide to Forensic Testimony" (AGTFT) is based on the text's novelty and its desire to truly help expert witnesses. Anyone who expects to testify regarding technical issues will benefit from reading this book, although they could learn just as much by reading the "Cliff Notes" version.

AGTFT shines in certain respects. Chapter 2's excerpts from Bill Gates' testimony in Microsoft's trial, chapter 4's description of the roles of expert witnesses, and chapter 8's discussion of expert witness qualifications were excellent. Succinct, educational guidance on producing effective visual aids appeared in chapter 10. I also appreciated the wisdom Gene Spafford shared with readers in chapter 13.

Elsewhere, however, I repeatedly question the dozens of pages devoted to irrelevant digressions. Before chapter one even begins, the reader is faced by 45 pages of preface, introductions, and so on. Once in the main text, the reader must contend with far too many lengthy excerpts from court decisions. I'm sure the authors and editors wrestled with the problem of how much of each reference should be included. Unfortunately, they erred on the side of too many citations. Many are simply silly -- "We sometimes don't imagine so because of the main enemy of human compassion, sloth." Good grief. I also didn't need to read about Viagra, cattle guards, Houdini, "grinners," aikido, "the unbroken circle," and other topics and metaphors intended to convey the author's intentions.

AGTFT is a good book, but I recommend waiting for someone else to read and highlight it. Then, piggyback on that person's work and pay attention to the main points. Incidentally, my copy, already highlighted, stays in my library.

Rating:
Summary: Great Information For Criminal and Civil Case Forensics
Review: There are many books on computer forensics investigations and incident response, but you won't find too many that tell you what you need to know to take the results of those forensic investigations and make it stand up in court. A Guide to Forensic Testimony (The Art and Practice of Presenting Testimony as an Expert Technical Witness) is an excellent book on this subject. Fred Chris Smith and Rebecca Gurley Bace share their knowledge and experience of the legal system and what it takes to make your computer forensic evidence stand up in court and what you need to do to sell yourself as an expert witness and stand up to cross-examination. The book covers a lot of legal technicalities as well as ethical and professional issues.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).

Rating:
Summary: Very comprehensive guide
Review: This book might sound like the most boring security book that was ever written. It is also full of confusing and hard to read
legalese. However, security professionals that might have to deal with law enforcement due to various information security incidents (that means everybody, sooner or later) will have to buy and read it anyway and will be happy they did. The content of the book is simply exclusive. Many of the security books simply collect stuff found on the Internet and package it together - this book shines like a solid gold of unique author's experiences and research.

The interesting thing that while the book tries to convince the reader that doing expert testimony on computer security subjects might be a good thing, it is not clear that every reader will indeed be convinced of that upon reading it. The whole legal system thing is just too big and very different from other IT security professional responsibilities, so that the book might actually project the opposite impression - namely, don't mess with it. The "duty" might not be motivating enough to take a stand and testify, suffer from cross-examination, etc. Understandably, it might be good for professional reputation. It also sees from the book that such reputation can also be destroyed by the expert testimony.

The book first provides a complete history of expert testimony in
various fields, naturally leading the reader to the computer security case. The authors (Rebecca Bace is a renowned expert in the field of security) have clearly done their homework extremely well and managed to present their findings just as well.

The coverage of relevant material seems to be exceptional as
well. Relationship with lawyers, with police, other government bodies, pseudo scientists is all covered in the book.

The book also has many real-life examples, such as from 'US vs
Microsoft' and other recent and famous cases where IT and infosec were involved. It also has some fun fictitious examples, such as 'An Expert's Dream' and 'An Expert's Nightmare' cases, that illustrate the pitfalls of the process.

Overall, its not a fun book to read, but if you find yourself needing to face the courtroom - there is probably no better resource to prepare.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time he maintains his security portal info-secure.org.

Rating:
Summary: Very good book, but a bit wordy.
Review: This is a very good book, but a bit wordy.

The authors go into a lot of legal detail. If you are not a lawyer, you can skip these sections, which make up about a third of the book.

But besides that, it is a very good book.

Rating:
Summary: Very good book, but a bit wordy.
Review: This is a very good book, but a bit wordy.

The authors go into a lot of legal detail. If you are not a lawyer, you can skip these sections, which make up about a third of the book.

But besides that, it is a very good book.