need a law or a policy for my project to comply too

knowlesy · 24 Nov 2009 at 11:27

Hey guys, Im doing my final year at uni and Im developing a wireless packet sniffer on a windows ce environment, this is basically for my forensics project however I will be using it at work to pick up cctv cameras.

However Ive been looking for some terms and conditions or laws or policy's for my code/program to comply too (that are already made) so that people will follow and comply too Ive already got some of the DPA (data protection act) and an american code of cryptography export mentioned but Id prefer a terms and condition as well as more of a direct eu or uk law or policy eg mod policy or some big company policy etc, has any one got any suggestions at all ?

thanks

neil3k · 24 Nov 2009 at 11:30

no fat chicks

J.B · 24 Nov 2009 at 11:34

Im not sure I understand, but I imagine it will be more in the EULA of how the user uses the coder. ie: for diagnostic purposes on their own network/with permission.

knowlesy · 24 Nov 2009 at 11:41

J.B said:
Im not sure I understand, but I imagine it will be more in the EULA of how the user uses the coder. ie: for diagnostic purposes on their own network/with permission.

hit the nail on the head there, I'm just wanting something thats already written that i can take apart, as that will be more correct in referencing the law ....

steve-h · 24 Nov 2009 at 11:59

That sounds like a really good project :eek:

what language are you using?

knowlesy · 24 Nov 2009 at 12:13

steve-h said:
That sounds like a really good project

what language are you using?

c# squire

ran_out · 24 Nov 2009 at 12:55

There's the RIPA act - regulation of investigatory powers, which covers communications interceptions.

A quick search found some pages setting out conditions for how organisations will conform to these regulations when carrying out network monitoring but not much more than that, that would apply. Not sure if that would help at all, but thought i'd mention it.

J.B · 26 Nov 2009 at 16:37

Sorry for the late reply, maybe have a look at wiresharks EULA as I imagine it will cover a lot of things.

Aod · 26 Nov 2009 at 16:51

ACPO forensic Good-Practice Guide! they're the major guidelines that the police and professional digital forensic analysts adhere to to ensure that the evidence is accepted in court

http://7safe.com/electronic_evidence/index.html#

i see you've got the DPA in there - have you looked into the Computer Misuse Act aswell?

knowlesy · 27 Nov 2009 at 12:22

i did think of the acpo but its mostly for keeping evidential integrity.... good linking 7safe though

and for some stupid reason i didnt think of the computer misuse act.... I tried finding wiresharks eula but i didnt look on the install so it might be there hopefully

will give it ago

thanks guys

Aod · 27 Nov 2009 at 12:36

knowlesy said:
i did think of the acpo but its mostly for keeping evidential integrity.... good linking 7safe though and for some stupid reason i didnt think of the computer misuse act.... I tried finding wiresharks eula but i didnt look on the install so it might be there hopefully

will give it ago

thanks guys

good luck! sounds like one hell of a project!
remember though, even a program needs to ensure evidential integrity - make sure it doesn't add metadata to the files and so on?