What are the most important technical skills for a computer software expert witness?

Question

As a computer software expert witness, I am required to analyze a huge range of different software technologies. During my deposition or trial testimony, the opposing expert may direct questions targeted at exposing or revealing my weaknesses. There is no time for research or education.

Given that I can't be an expert in every technology, what are the most versatile and transferrable skills or technologies I should learn?

I will start with the obvious:

1. Databases are omnipresent (but which are the best archetypes?)
2. C is often involved due to the prevalence of older Windows and DOS based systems

What should be added this list?

Answer 1

I may be mis-reading your question, but I suspect that if you are being called upon as an expert witness, you already have the expertise they are seeking; I suppose that learning more technical aspects of any technology would make you more likely to become an expert witness, but ultimately I would recommend the best skill would be of truthfulness. If you don't know, say so. Any unknown questions can then become the "to be studied" list for later review.

just my 2 cents ...

Answer 2

Computer software expert witnesses need to also have a good understanding of networking technology and be able to explain it to a jury or judge. Because a great deal of software is client/server based, being able to explain the way firewalls, ip address, http, internet routers works and why you can tell that certain pieces of software were definitely used at certain times and locations is important.

Being familiar with server operating systems and the log files they generate is also helpful.

Answer 3

Definitely learn about email systems. I'd imagine email communications come into play fairly often in court cases these days. Learn how SMTP and POP3 work. Learn the basics of email servers and what ways they can be manipulated and how difficult it is to do.

Answer 4

i think you're deceiving yourself, what is a "computer software expert witness"?. That's like saying, you're an electrical engineer, and so you have the capacity to answer any engineering questions, whether they're from chemical, mechanical, civil or other specific area of engineering.

Answer 5

It would be silly to call you as an expert witness if you cannot be an expert in the line of questioning.

Answer 6

Well, the big thing about being a witness is to listen to the counsel for which you are testifying. In the computer world, your credibility is not easily impugned. If they were to try to do so, it would be by calling into question formal education or training as insufficient to be an expert. They won't be asking you to explain what a Turing Machine is, or how to write a sorting algorithm in LISP, unless it is directly relevant to the matter at hand. They won't be playing "Gotcha!" with difficult technical questions, as it won't resonate with the judge/jury .How many jury members can you picture saying this: "I can't BELIEVE that "expert" doesn't understand database normalization! what a fraud!"? If the jury doesn't understand the question, they won't understand the answer. Any 1st year law student will tell you all about this problem (it comes up it all kinds of expert testimony situations).

No, your credibility will be questioned in laymen's terms. If you are being asked to testify, it's because you have the answers that are relevant. Stick to those and don't do any tricks (as your counsel will tell you), and you'll be fine. If your information is correct, and your degree/experience is solid, you may not even be cross-examined (they will just find their own expert to say the opposite of what you said).

Answer 7

I would say forget learning new technology outside understanding industry concepts and how they're really applied in the real world. The key thing you need to be able to do as an expert witness is explain these concepts in terms that can be easily understood by the layman. You already know this stuff or you wouldn't be the expert witness. You're there because your name and reputation are thought well of and they [prosecution/defence] need your help.

I think of it like this: The lawyer/barrister/attorney's job is to sell their vision of the truth and get the jury to buy into their vision [skewed as that vision may or may not be]. Your job is to sell the facts. Either the two are one and the same, or they aren't. Sell the facts to the best of your ability, if you have easily understood examples [by easily understood, I mean by an 8 year old], all the better.

Key concepts I would think would be software systems that people will use/exploit to either commit or to cover up a crime:

• Networking systems: Common protocols, packet tracing etc.
• Firewall systems and common exploits.
• Viruses and replication: Worms vs. Trojans etc.
• Major Operating Systems: Basic concepts and common exploits.
• Web Applications: How they're structured and how they can be exploited.
• Common hacking concepts: DoS, OOB, SQL Injection etc.
• Email concepts: transmission, receipt, tracking, header information.
• Data storage and recovery concepts and key software.
• Surveillance Techniques: Packet analysis, key loggers etc.

I'm sure there are a few others, but no others immediately spring to mind

Answer 8

Might be best sticking to wiki articles for overall descriptions... then dig a little deeper where needed.

My quick list:

• Database Wiki
• Program Languages
• Design Patterns
• Operating Systems
• Firewalls
• Malware (Virus/Trojans/worms etc)
• Web Developement