±Forensic Focus Partners
New Today: 8
New Yesterday: 2
±Forensic Focus Partner Links
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
US Legislations to regulate forensic science
What I tracked down seems old, yet stuff is now bubbling up. (328 pages)
There are some legislation to move this under the US Federal government (here and here).
I am furious with the whole thing. The last thing I need is some mucky-muck government lackey telling me, I need to be proficient in DRDOS 3.31 because their committee decided so.
Our industry needs to come up with a consistent self regulation, or we are in deep trouble. Of course, we are so fractured, self-interested, the likelihood that we can band together is low.
I also venture to say that those who will take the lead, will be sorely lacking real-world experience, are outdated, or simply lack altruistic reason to get involved.
I know much of the writing is about fingerprint, hair, DNA, etc. and not digital forensics. I think however much we may object we cannot have it both ways. We cannot be under forensic science, yet not be regulated, if the government regulates. Government is like a glacier. It maybe slow, but mows down everything without exception. We would be regulated with all the other forensics.
From the US perspective, can some of you provide to links of recent bills (senate or house) relating to Forensics being regulated?
Do you think this is just hot air? What is the likelihood of federal government further regulating forensics, specifically digital forensic science?
- Senior Member
Personally I think your concerns are right on target. We all know of cases where a guilty party was wrongly convicted due to faulty forensic evidence. I’m sure you are referencing computers, but let me throw something else out there.
I may take a beating on this as historical cell phone tracking may not be looked at as a forensic science, but I’ll argue that it is, to some degree at least. Currently there is no nationally recognized standard in the training needed to say a device was in a specified area at a specified time.
The degree of mapping competency one walks away with can vary greatly from one vendor to the next. If you want to talk about regulation this seems like an area that is quite vulnerable. The FBI seems to be the major players in this, but unless someone is a task force officer I think it would be fairly difficult to receive training from them on this subject.
I'm not a cellular technology expert, but I did stay at a Holiday Inn Express last night.
- Senior Member
IMHO we need to get away from the computer forensics. Were computer investigators, not private investigators, but computer investigators or ediscovery investigators.
The "forensic" is supposed to make it sound scientific, glamorous, an the sometimes illusion of much higher degrees of learning than a lot of us have. I'm not a Dr.
I've met computer forensic people who are Dr's, not with anything having to do with CF work, but they are Dr's.
The community is heavily fractured and I've noticed lots of start ups go under because of varying reasons.
Get a certificate and 3 letters after your name with a yearly fee and write a paper
Take a test and agree to not do any defense work and you're a member (even if they allowed defense people there would be so much resentment that you enter the room and it's palpable.
Answer some questions about technology which has been out of date for 10 years and you get some initials after your name.
I know of 2 people I've met in person that 100% should be on any board that has to do with deciding who can and can't have a membership in a group. My idea which I thought was good is that you have a board of 20 people, each applicant is rated by every board member and you need xyz points for membership. You're rated on the 2 scenarios you're given which have to do with the call out all the way through court, and you 100% have to do a moot court if you are going to do this work.
Why order a taco when you can ask it politely?
Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. "
- Senior Member
I would love to see a list of reasons those start-ups went belly up as I am planning to kick off something soon.
What are you saying regarding the board? That we should start our own national licensing body?
I like the idea, but we would need 20 really heavy weight individuals. Remember we would compete with all the other certification organizations...
- Senior Member
Also, we'd need federal legislation in the US for national licensing to be worth anything, and since states already regulate most/all licensing schemes, I don't know if it would hold muster to a challenge from any state against a federal system.
Tony Patrick, B. Inf Tech, CFCE
- Senior Member
Rule 702 F. R. E., states, the expert may testify only "if (1) the testimony is based upon sufficient facts or data, (2) the testimony is the product of reliable principles and methods, and (3) the witness has applied the principles and methods reliably to the facts of the case.".
Now, this covers a wide spectrum for sure, however, after the Casey Anthony debacle we can see how important it is be accurate and be a “product of reliable principles and methods”.
I personally think the certifications are a catalyst to put one on the path of this profession we call Computer Forensics, and until the division among our peers (ourselves) ceases to exist, we should make certain that we do in fact apply reliable principles and methods and validate, validate, validate. This also include the documentation that coincides with what we have done, along with the ability to explain our means and methods in lay terms.
We may have many courses and acronyms to choose from, but for now, there is a general work flow we all follow and the standard the courts have set for our profession. And the qualifications will certainly be questioned during the Daubert hearing. (Ref. http://en.wikipedia.org/wiki/Daubert_standard)
I also think the following article in DFI News covers a lot of what should be expected of a forensic expert. (Ref. www.dfinews.com/articl...?page=0,1)
This is strictly my opinion, but until we become somewhat cohesive in our profession, this is pretty much all we have to go on.
The first argument against state licensing is; Why is digital forensics singled out over other "forensic" discipines for licensing? What is good for the goose should be good for the gander. Licensing without qualifications is pointless and that has been the issue with licensing in every state so far. Have a PI license? You can practice as a digital forensic examiner. Not a PI and you can't qualify to be one? Then you are excluded from practicing what you are qualified to do. Not exactly a way to "protect the public interest".
The CDFS is working hard to create a standards body, and they have made good progress. In any endeavor of this type, it is going to take tons of work and several years to get to some sort of "standard" that is recoginized as the authority outside of just our circles.
In fact, it is going to take a lot of work and time to get one body to be recognized as the authority within our circles, which is a prerequisite to having it be the go to standard outside of our industry.
Certifications are not a bad thing, but they are not yet the "standard" that can be pointed to as a minimum level of qualifications. They do help in qualifying in court as an expert but have no bearing on testifying as a fact witness.
We need our equivalent of a Bar Association that will be eventually recognized by legal authorities as the standard of entry for practicing our discipline. However, if that were the case, then no one can be excluded based on their job, but would have to qualify. Prosecutors have to be licensed attorneys. So LE would not have an exception if it is to carry any kind of weight.
Internal computer forensic examiners would also have to meet the qualifications to practice, just like internal counsel has to be licensed as an attorney.
So the question is, do you grandfather everyone in to such a standards certification or would every one have to go through the process? Or is there a threshold that some would meet based on experience, training, and certifications that would be granfathered in? The DFCB has done a good job with establishing that kind of criteria.
The practical state of our profession is that there is no barrier to entry. Anyone can say they do computer forensics and get clients and do work, no matter what their background or qualifications are. It is truly a caveat emptor situation, but is that is true in most industries.
In time the market will shake out those that do private practice and mess things up, as attorneys tend to tell all their friends about experts, good and bad. If you decide to go out into the world and practice as a consultant, then your reputation is everything and at the end of the day, it is the only thing.
Larry E. Daniel DFCP, EnCE, BCE, ACE, CTNS
Guardian Digital Forensics - Firm
Ex Forensis - Blog
Digital Forensics for Legal Professionals - Book
- Senior Member