UK FSR Digital fore...
 
Notifications
Clear all

UK FSR Digital forensics method validation: draft guidance

21 Posts
10 Users
0 Likes
1,538 Views
(@dc1743)
Posts: 48
Eminent Member
Topic starter
 

I have posted this elsewhere but I think this forums members may be interested in this.

The UK Forensic Science Regulator has issued the linked document for consultation.

https://www.gov.uk/government/consultations/digital-forensics-method-validation-draft-guidance

For UK practitioners, big or small, the implications are considerable. If you don't agree with what is proposed you need to respond by the end the month.

FWIW I think UK practitioners are sleep walking into a bureaucratic disaster in the years ahead.

Regards,

 
Posted : 28/10/2014 2:05 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I have posted this elsewhere but I think this forums members may be interested in this.
The UK Forensic Science Regulator has issued the linked document for consultation.

Very, very interesting. )

FWIW I think UK practitioners are sleep walking into a bureaucratic disaster in the years ahead.

Yep ), and IMHO as well all providers of related software and hardware tools will have a rather tough time. 😯

jaclaz

 
Posted : 28/10/2014 4:46 pm
(@jonathan)
Posts: 878
Prominent Member
 

Do you know who wrote this paper? It could have really done with the services of a copy editor.

 
Posted : 28/10/2014 6:38 pm
(@dan0841)
Posts: 91
Trusted Member
 

It does appear to be creating an absolute monster. It appears to treat a digital investigation like some sort of process production line in the private sector. Investigations are dynamic and often a wide range of tools and manual techniques are used.

I totally agree with maintaining the absolute highest standards and validating results but this appears to be such a bureaucratic and wasteful way to achieve it.

The vast vast array of tools, o/s, file systems and artefacts makes it all but impossible to blanket test before using tools. Think of the vast array of browser updates, chat program updates, phone apps, o/s changes etc etc. Surely the validation and testing should be done on a case by case basis during the investigation and before evidence is produced?

Either that or have a centralised body to do it as efficiently as possiblly. Even this has problems. Having seen the NIST document comparing 2 particular version of 2 popular mobile phone forensic tools I can appreciate the difficulty and challenge of the task.

To me it feels like the sort of document written by an academic with very little investigation experience.

 
Posted : 29/10/2014 12:14 am
(@ludlowboy)
Posts: 71
Trusted Member
 

Not everyone in the same laboratory validates every tool used in that laboratory.

Normally a new tool is validated by one member of staff and and then used by other members of the same team.

Whilst this approach is less demanding of resources it could be made even less demanding if we shared our results between laboratories and individual practitioners.

By making validations available to the the scrutiny of the whole forensic community we would each feel more confident with the results of our own validations.

Would it be possible to post validations on this forum where the work would benefit the whole of the forum / forensic community?

 
Posted : 29/10/2014 12:40 am
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

There are so many problems with it that it's difficult to know where to start. But possibly my favourite part is the comparison between computers vs phones. Apparently phones are varied enough that the process can be purposefully vague - but computer analysis has to strictly adhere to procedure. Wonderful!

 
Posted : 29/10/2014 12:01 pm
(@dc1743)
Posts: 48
Eminent Member
Topic starter
 

There are so many problems with it that it's difficult to know where to start. But possibly my favourite part is the comparison between computers vs phones. Apparently phones are varied enough that the process can be purposefully vague - but computer analysis has to strictly adhere to procedure. Wonderful!

Totally agree with you - but the key thing now is for these observations to be recorded in the response document and sent back to the home office. The deadline is tomorrow.

Best regards,

 
Posted : 29/10/2014 3:03 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Totally agree with you - but the key thing now is for these observations to be recorded in the response document and sent back to the home office. The deadline is tomorrow.

I don't know 😯 , to be picky (as I notoriously am) that is a given deadline for submission of comments, but the whole procedure (as often happens with this kind of drafts/regulations) is - at least to me - completely "opaque".

There was - seemingly - a "competitive tendering process" 😯 (When/Who/What/Where?) that was *somehow* awarded to the "academic with very little investigation experience" (as in dan0841's nice description, the one that clearly - in my opinion - didn't actually write anything but made one of his/her student jolt down it instead wink ) and there are no hints anywhere about the process that is expected to be carried to move from the draft to the actual final document, and it's enforcement.

I would expect that a document with such a potential disruptive effect on court cases and on the profession of digital forensic investigators would go through several "loops" of revisions/drafts, with successive edits, comments, corrections and adjustments implemented before being released.

Otherwise (and I may be of course very wrong about this) it seems to me a lot like the typical "suggestion box" with integrated shredder. (

jaclaz

 
Posted : 29/10/2014 5:01 pm
(@dc1743)
Posts: 48
Eminent Member
Topic starter
 

I don't know 😯 , to be picky (as I notoriously am) that is a given deadline for submission of comments, but the whole procedure (as often happens with this kind of drafts/regulations) is - at least to me - completely "opaque".

There was - seemingly - a "competitive tendering process" 😯 (When/Who/What/Where?) that was *somehow* awarded to the "academic with very little investigation experience" (as in dan0841's nice description, the one that clearly - in my opinion - didn't actually write anything but made one of his/her student jolt down it instead wink ) and there are no hints anywhere about the process that is expected to be carried to move from the draft to the actual final document, and it's enforcement.

I would expect that a document with such a potential disruptive effect on court cases and on the profession of digital forensic investigators would go through several "loops" of revisions/drafts, with successive edits, comments, corrections and adjustments implemented before being released.

Otherwise (and I may be of course very wrong about this) it seems to me a lot like the typical "suggestion box" with integrated shredder. (

jaclaz

Maybe but UKAS is already advertising the assessors job

http//www.ukas.com/Careers/Technical_Assessor_Vacancies/Assessors_Digital_Forensic.asp

The document envisages method validation for imaging by next year 2015 and for everything else I understand the planned implementation date is 2017.

Regards,

 
Posted : 29/10/2014 10:46 pm
(@dan0841)
Posts: 91
Trusted Member
 

There was - seemingly - a "competitive tendering process" 😯 (When/Who/What/Where?) that was *somehow* awarded to the "academic with very little investigation experience" (as in dan0841's nice description, the one that clearly - in my opinion - didn't actually write anything but made one of his/her student jolt down it instead wink )
jaclaz

Sorry - I didn't mean it in that way! The point I was trying to make was that in an academic environment there are many things that are taught (or were to me as a student) that are not necessarily practical, cost-effective or realistic in a real world environment.

In an ideal world it would be amazing to be able to pick up scientific peer-reviewed documents which validate most aspects of most of the main forensic tools (Including all versions and iterations). However, given the range of tools, the range of O/S, File Systems, forensic artefacts it seems a very difficult and potentially unacheivable ideal.

I would expect that a document with such a potential disruptive effect on court cases and on the profession of digital forensic investigators would go through several "loops" of revisions/drafts, with successive edits, comments, corrections and adjustments implemented before being released.

Otherwise (and I may be of course very wrong about this) it seems to me a lot like the typical "suggestion box" with integrated shredder.
jaclaz

I hope it does get a lot more thought and revisions! D

 
Posted : 30/10/2014 1:13 am
Page 1 / 3
Share: