Meet Evan Kohlmann "The Terrorist Search Engine"
However, despite having an unprecedented success rate inside the court as an "Expert Witness" in putting bad guys to jail, a lot of IT Security Experts are questioning his research and investigation methods.
One good question from a fellow IT Security Professional posted at Schneier on Security:
@Clive "court recognized Expert Witnesses"
This is related to the profile on Kohlmann. There was the comment on "if his method is sound". Well what's an expert? Someone who knows what they are talking about. How can you tell they are an expert? They know more than me.
Kohlmann should be being challenged by the opposition lawyers as to his qualifications and knowledge. But what can a lawyer really know about any experts’ area? They usually just get the CV and "has testified in many trials of this nature" kinds of anecdotal assurance. While the opposition can try to challenge an expert's testimony they really can't try to impeach an expert, can they?
They are limited to putting their experts up to testify, to rebut the other side’s expert. So the jury has two sets of conflicting expert opinion. What's needed is an expert cross examining the witnessing expert to reveal those misstatements, lies, distortions, and 'reduction in detail' that technical people use to make complex ideas understandable by executives, lawyers, judges, and their juries.
In my opinion, every research and investigative methodology, framework, etc. in used by an expert for Computer Forensics purposes and presented in Court, should be heavily scrutinized no matter how effective and successful it is when it comes to putting bad guys to jail. Of course we value the credibility and integrity of the Expert based on his track record, but as technology progresses things are getting easier to be digitally manipulated, even worst, "hacked".