Standardization of ...
 
Notifications
Clear all

Standardization of witness statements / reports - possible?

16 Posts
6 Users
0 Likes
828 Views
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

Hi all,

Just wanted to gather your thoughts on a few things and particularly a piece of work I am currently looking into. Basically its looking at standardisation but from a report and evidence description point of view. It interesting that this was sort of mentioned in the 'New digital forensics textbook - soliciting suggestions' thread (sort of), but from an evidence misunderstanding point of view.

I was wondering if it is possible as a field to develop a standard set of technical language /definitions which can be globally used in all reports. In addition to develop a set of criteria which must be met in order to be able to use such a definition in a court report.

For example, as a field we might define and explain what an internet history record as 'A, B & C'. And in order to be able to use that definition, conditions 'X, Y & Z' must be present in the case. I am thinking that this could lead to greater consistency across all cases if every practitioner used it and provide courts with a consistent and known precedent description of different types of evidence for which they could become familiar with and get a handle on the conditions surrounding it. It would also potentially stop the potential for misinterpretation of content from inconsistent descriptions.

….I dont know if im talking rubbish here, but in my head on the way to work, it seemed to make sense 😯 . would be interested to hear thoughts on this, particularly on feasibility and the need for it, and whether anyone might be interested collaborating /working on it if its useful?

 
Posted : 28/06/2016 1:22 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

That would be a "glossary" 8O, something more or less like
http//www.alpineguild.com/glossary_of_important.htm

Judging from this attempt (seemingly failed/not finalized) at a single definition
http//www.forensicfocus.com/Forums/viewtopic/t=9374/
it won't be easy. (

jaclaz

 
Posted : 28/06/2016 2:15 pm
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

Sort of but a bit more comprehensive. As I think we would also need to define criteria that must be met before we could use a certain definition. For example, certain data is present to allow for the accurate use of the definition in the first place.

Suppose my questions are then

1. Would it be worth it?
2. Is it feasible to implement?
3. How would a global definition be agreed upon and developed?
4. Would it likely be adopted in industry and what are the likely pitfalls?

 
Posted : 28/06/2016 2:28 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Suppose my questions are then

1. Would it be worth it?
2. Is it feasible to implement?
3. How would a global definition be agreed upon and developed?
4. Would it likely be adopted in industry and what are the likely pitfalls?

I like this way of making a conversation )
Suppose that my personal answers are
1. Yes, very much, anything that helps in correctly exchange ideas and knowledge and reduce misunderstandings is worth it.
2. Yes, i don't see why it should not be feasible, maybe as said not easy, but definitely feasible, there is some previous art in making glossaries and vocabularies, so I would say it is doable.
3. Tricky question, we could elect a committee of experts and then … [1] roll
4. You can forget about it. The technical people will be against it (because they know better or think they do), the lawyers will raise every kind of exception because the adoption would make documents more readable and understandable by the laymen, the marketing guys will be against it as they would not be anymore able to leverage on the ambiguities of the definitions (or maybe that's the reason for the lawyers to be against it wink ). Maybe a small subset of the industry could found a guild (or a club) and adopt the glossary/definitions as part of its ethical code of conduct, but I wouldn't bet on this to happen.

To sum it up, IMHO it could be an exceptionally good resource ) as a reference and as part of training/education, but let me doubt that anyone will ever "adopt" it (or something similar) officially or that it will ever be given an "approved" status by anyone cry .

If you think about it, it is years that we have different software that insists on calling the same thing in a slightly different way, OT, as an example, check this (very old) thing I wrote
http//jaclaz.altervista.org/Projects/USB/USBstick.html
(scroll about half length you will find a couple "Cross Reference" tables)
Though I am not familiar with (say) Encase and AccessData software, I am pretty much sure that the same differences in terminology is all over those two programs (and in the reports they generate) and a third forensic tool will surely have yet more different definitions.

jaclaz

[1] An image is worth a thousand words
http//www.projectcartoon.com/create/

 
Posted : 28/06/2016 10:41 pm
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

would anyone fancy foruming such a panel to discuss / get the ball rolling on something like this?

 
Posted : 01/07/2016 1:58 am
(@bravo1800)
Posts: 11
Active Member
 

Just for your attention. INTERPOL have a Digital Forensics Expert Group which was recently held in Madrid and one of the feedback from the attendees was assistance with SOPs along with the items discussed within this post. We would be happy to discuss this with people and try and set up a working group to try and achieve this if required. If this of interest to you then please PM me and we can discuss.

Regards

Chris

 
Posted : 22/07/2016 7:58 pm
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

I believe something like this has already been attempted in UK LE under the umbrella of "Streamlined Forensic Reporting". However as far as I am aware it hasn't been implemented by many Hi-Tech Crime Units.

 
Posted : 22/07/2016 8:09 pm
(@dan0841)
Posts: 91
Trusted Member
 

I believe something like this has already been attempted in UK LE under the umbrella of "Streamlined Forensic Reporting". However as far as I am aware it hasn't been implemented by many Hi-Tech Crime Units.

Yes, there is a template for IIoC SFR which has been proposed in the UK and is increasingly being adopted by Forces. This is for use in IIoC cases and provides all of the information required for CPS to make a charging decision, as well as meeting the requirements for the SAP Aggravating / Mitigating factors. I've chatted to Prosecutors who are very keen and think they are a breath of fresh air. They provide all key information, use absolute laymans terminology and remove all of the technical in statements that were never relevant in 99.99% cases.

It does standardise some definitions, particularly ones which have been used by different organisations/examiners to mean different things. The key example is the term 'accessible'.

The UK CPS use this term to define whether an image is accessible to a user and used to determine whether images should be charged as 'possession' (CJA 1988) or 'Making' (PCA 1978). This is becoming a mute point following the latest DPP guidance, however, it is still required to report on accessible/inaccessible.

It used to get confused by forensic practitioners who would report artefacts like 'Temporary Internet Files' is a statement as 'accessible'. This is because 'technically' they are (if you know where/how to look). However, to be in 'custody and control' of an image (Possession) a user needs to know of its existence (See case Law)………. and most people on the street would never have heard of Internet Cache) never mind be able to find pictures in one.

So…..in the SFR a standard definition was agreed for 'accessible'……….. and that was difficult!!

So…..good idea!!…..but good luck getting agreement 😉

BTW - The SFR process has the ability to be a game changer for reporting digital forensics in the UK courts. It is worth reading up on for anyone interested in UK based forensics and IMHO is the way forward for many LE HTCUs.

 
Posted : 27/07/2016 1:52 am
(@dcs1094)
Posts: 146
Estimable Member
 

Yes, there is a template for IIoC SFR which has been proposed in the UK and is increasingly being adopted by Forces. This is for use in IIoC cases and provides all of the information required for CPS to make a charging decision, as well as meeting the requirements for the SAP Aggravating / Mitigating factors. I've chatted to Prosecutors who are very keen and think they are a breath of fresh air. They provide all key information, use absolute laymans terminology and remove all of the technical in statements that were never relevant in 99.99% cases.

We use SFR's all the time for exactly this purpose and I fully agree with the aformentioned comments! Lets get straight to the main points that need to be understood and cut out all the garbage which will confuse the situation. If further clarification is required, then a stage 2 report can be done to address the specific queries. Personally never had any issues with them…

 
Posted : 27/07/2016 2:42 am
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

Interesting stuff, folks - I wasn't aware that the SFR had been adopted for IIoC cases. Can I PM one of you to get some more details? I have a CJSM email account if that helps.

Thanks!

By the way

This is becoming a mute point following the latest DPP guidance..

..???!?!???

Any further info on this? (Fully agree about Temporary Internet Files by the way)

 
Posted : 27/07/2016 1:48 pm
Page 1 / 2
Share: