Monday, March 26, 2007


Over on Hogfly's Forensic Incident Response blog he has a great entry about peer reviews. I agree with everything he says and support it. One thing I was thinking about was by publishing this information you are letting every Tom, Dick and Harry have the information, they would then throw out there own shingle and state that they are a computer forensics professional because they know how to acquire a drive. Now this may be true but as you questions these individuals and talk to them at length you will then realize that they are no better then a 1st line of support. You know what I am talking about, you call support and they run you through every step you have also run through before calling them, that is why you are calling them. What I am getting at is the process/procedure is as only as good as the person who understands it and can explain it. After talking to some just going through the steps of the procedure you can ask why they did step 6. If you get the "Deer in the headlights" look you know you can question them further and that they do not understand the peer reviewed process that is published on the Internet. So I guess the previous line of thought should now be a moot point.

Now that Hogfly has thrown down the gauntlet I guess it is time to polish up those procedures and get a peer review or 2.


1 comment:

Anonymous said...

