I've encountered some fairly bright people who work in law enforcement, but unfortunately, there are far too many trainable idiots working as cops and detectives. Even computer forensics types aren't nearly as computer savvy as you would expect. Typically they will be trained on how to use one software package (usually ENCASE) and that's all they know. They spend a few months receiving company propaganda on how the software works to apprehend criminals and are considered to be computer experts after this superficial indoctrination period. (Actually you see the same thing with many computer techs who are Micro$oft certified techies. They lack a broad awareness of computer science, but they are experts on how to use a specific software package or cluster of associated software products.) These "trained" idiots are then allowed to provide an "expert" opinion in court despite their dismal lack of computer knowledge. They'll testify that ENCASE told them that such and such happened and leave out all the other possible explanations for some piece of computer evidence that they found. This blind faith in ENCASE (or whatever software product or technique they are using) passes for an "expert" opinion and so it's no wonder that many court hearings resemble what would more appropriately be referred to as a kangaroo court. We pat ourselves on the back all the time for being a modern society, but we are as backwards as any other society in many ways.
A kangaroo court or kangaroo trial is a colloquial term for a sham legal proceeding or court. The outcome of a trial by kangaroo court is essentially determined in advance, usually for the purpose of ensuring conviction, either by going through the motions of manipulated procedure or by allowing no defense at all.
LINK:
https://secure.wikimedia.org/wikipedia/en/wiki/Kangaroo_court'
Also this might be of interest:
Countermeasures
Because EnCase is well-known and popular with law enforcement, considerable research has been conducted into defeating it (as well as anti-computer forensics in general). The Metasploit Project produces an anti-forensics toolkit, which includes tools to prevent EnCase from finding data or from operating at all. Manual defenses are possible too, for example by modifying the file system. Furthermore, because law enforcement procedures involving EnCase have to be documented and available for public scrutiny in many judicial systems, those wishing to defend themselves against its use have a considerable pool of information to study. Copies of EnCase have been widely leaked on peer-to-peer file sharing networks, allowing full analysis of the software. Proof-of-concept code exists that can cause EnCase to crash, or even use buffer overflow exploits to run arbitrary code on the investigator's computer. It is known that EnCase is vulnerable to zip bombs, for example 42.zip.
LINK:
https://secure.wikimedia.org/wikipedia/en/wiki/EncaseALSO:
http://www.metasploit.com/