±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 32353
New Yesterday: 1 Visitors: 129

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

ISO 17025

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3, 4  Next 

ISO 17025

Post Posted: Mon Jan 30, 2012 5:14 am

I am interested in ISO 17025 accreditation and also ISO 27001.
Which are the steps to be accreditated as ISO 17025?

Senior Member

Re: ISO 17025

Post Posted: Tue Jan 31, 2012 1:35 pm

- sebastianorossi
I am interested in ISO 17025 accreditation and also ISO 27001.
Which are the steps to be accreditated as ISO 17025?


- In theory there is no difference between theory and practice, but in practice there is. - 

Senior Member

Re: ISO 17025

Post Posted: Tue Jan 31, 2012 3:14 pm

Usually the process is to bend over while UKAS screw you for everything you have, crippling your business in the process.

Oops, did I say that out loud?
The views expressed by me do not reflect on my employer or the quality of work I produce Wink

Senior Member

Re: ISO 17025

Post Posted: Tue Jan 31, 2012 11:46 pm

Begin by seriously asking - is it really necessarily for your unit to be 17025 accredited? What value will it bring, do you have the budget and the additional manpower to implement and maintain it?

If so the; I suggest you begin by buying copies of the 17025 and 27001 standards from ISO and familiarizing yourself with the standards and also research the accepted interpretations of some clauses. Next get training on implementing 17025 will give you some idea off the extent of work involved in getting your operation up to the standard. Do Not underestimate the level of effort required (by all your team members) to get and maintain your accreditation. Develop a plan for implementing an auditing 17025 including training of all staff. Once you feel you have addressed all the requirements - get your documents checked for compliance by 17025 assessors. Some areas (2) of 17025 do not all to digital forensics such as Measurement of uncertainty. Conduct internal audits as per the 17025 standard addressing all areas. Remember that if your process says you do something - you must be able to prove that it is done via your documentation and forms,etc. Take a careful look at validation of tools and methods to ensure that you have a detailed plan implemented to test every tool you intend to use and can prove that it has been tested. (use the NIST testing and Validation of Computer Forensic tools guidelines as a reference). Do not underestimate how 'pedantic' 17025 assessors can be about 'proper' validation of forensic tools and methods!

Good luck
#include <std.disclaimer.H> 

Senior Member

Re: ISO 17025

Post Posted: Wed Feb 01, 2012 4:55 am


I hope I'm not overstepping the mark with my own employers (for speaking my mind), but we're going for 17025 and I think it's a mistake.

Some of the issues revolve around these accreditations not translating well from traditional forensics into digital forensics. This is more of a teething issue but also a good reason to wait.

A long-term factor includes the overheads of gaining and maintaining accreditation. We are a large unit and I really don't see how small units/companies could pursue this accrediation and still do any work. This might mean only larger units will have accreditation but does that mean they are better? I wouldn't say that 17025 means better. It just means they are better documented.

The last issue I'd like to raise at this time is the changing face of digital forensics. Digital forensics is a 'man-made' science. It doesn't follow normal scientific laws and as such it changes so frequently. There's a danger we might see new procedures having to be written and agreed almost weekly, if we don't get the 'wording' right. We need to make sure procedures are more loosely worded in order to avoid this problem but validation of all the tools we use will continue to be required.

Previously we could have used an untried tool to strip data out but we would have to verify it manually. Now we won't be able to use any non-validated tools at all, even if they are accepted and widely used tools elsewhere. The danger here is a tool that is validated overall but isn't good at that particular task will be all we are allowed to use and it might do an inferior job than the tool we would like to have used.

So far I wouldn't say we're doing anything substantially different, we're just completing and signing forms on a case by case basis to say we did everything.

I think take-up of 17025 will be partly based on people feeling it is now expected of them. The more people that get it the more people will feel they also have to have it. I hope this wouldn't spell the end of small units/companies who simply don't have the manpower to do it.

Management have decided they want it and so we're in the process already. To some extent we are being the Guinea Pigs for UKAS.

Oh well time to go back to my hutch and hang out with the rabbits.


Steve Falkner, Forensic Computer Examiner, London, UK 

Senior Member

Re: ISO 17025

Post Posted: Wed Feb 01, 2012 5:33 am

I think Steve is bang on the money. I think there are still issues to be hammered out and 17025 was never designed for this particualr scenario.

I think some have gone down this road purely as a marketing tool as some clients who know little about this area will think that they are getting a better service (this may be true) but some of the best IT forensic brains in the UK do not work for 17025 firms but that does not, for me, undermine their skill, experience,knowledge etc.

It is possible to improve quality within an organisation to take the salient points from the ISO and implement them where appropriate without going down the full ISI/UKAS route. Not only from the forum, but I get the distinct feeling the the UK forensic industry is not 100% convinced about this route. Either the regulator has to do better to sell it (especially to the smaller firms) or use the stick of formal powers which will take another couple of years at least to come in.  

Senior Member

Re: ISO 17025

Post Posted: Wed Feb 01, 2012 5:44 am

Some interesting points made there Steve. I share your concerns.

It seems to me that there is too much focus on tool validation. Validating the methods or results, not the individual tools, would seem to solve several of the issues you raise concerns over. Is this something your team have considered? If so what was the verdict?

Computer forensic science is indeed a changing discipline, but then so is every other science. Granted the more traditional sciences may not change quite as quickly as our field, but there exist methods to assess and then accept or reject new discoveries, as appropriate.

Using SOPs to set everything in stone seems overkill to me. Setting minimum standards rather than fixed ones would leave you more room to adapt to new situations, and still guarantee the quality and integrity of your final product.

Ben Findlay. BSc (Hons) MSc MCSFS MIScT
Senior Lecturer
Computer and Digital Forensics
School of Science and Engineering
Teesside University 

Senior Member

Reply to topicReply to topic

Share and Like this forum topic to get more replies

Page 1 of 4
Go to page 1, 2, 3, 4  Next