±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35615
New Yesterday: 0 Visitors: 136

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

UK FSR Digital forensics method validation: draft guidance

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3  Next 
  

jaclaz
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 29, 14 18:01

- dc1743

Totally agree with you - but the key thing now is for these observations to be recorded in the response document and sent back to the home office. The deadline is tomorrow.

I don't know Shocked , to be picky (as I notoriously am) that is a given deadline for submission of comments, but the whole procedure (as often happens with this kind of drafts/regulations) is - at least to me - completely "opaque".

There was - seemingly - a "competitive tendering process" Shocked (When/Who/What/Where?) that was *somehow* awarded to the "academic with very little investigation experience" (as in dan0841's nice description, the one that clearly - in my opinion - didn't actually write anything but made one of his/her student jolt down it instead Wink ) and there are no hints anywhere about the process that is expected to be carried to move from the draft to the actual final document, and it's enforcement.

I would expect that a document with such a potential disruptive effect on court cases and on the profession of digital forensic investigators would go through several "loops" of revisions/drafts, with successive edits, comments, corrections and adjustments implemented before being released.

Otherwise (and I may be of course very wrong about this) it seems to me a lot like the typical "suggestion box" with integrated shredder. Sad


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

dc1743
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 29, 14 23:46

- jaclaz

I don't know Shocked , to be picky (as I notoriously am) that is a given deadline for submission of comments, but the whole procedure (as often happens with this kind of drafts/regulations) is - at least to me - completely "opaque".

There was - seemingly - a "competitive tendering process" Shocked (When/Who/What/Where?) that was *somehow* awarded to the "academic with very little investigation experience" (as in dan0841's nice description, the one that clearly - in my opinion - didn't actually write anything but made one of his/her student jolt down it instead Wink ) and there are no hints anywhere about the process that is expected to be carried to move from the draft to the actual final document, and it's enforcement.

I would expect that a document with such a potential disruptive effect on court cases and on the profession of digital forensic investigators would go through several "loops" of revisions/drafts, with successive edits, comments, corrections and adjustments implemented before being released.

Otherwise (and I may be of course very wrong about this) it seems to me a lot like the typical "suggestion box" with integrated shredder. Sad


jaclaz


Maybe but UKAS is already advertising the assessors job

http://www.ukas.com/Careers/Technical_Assessor_Vacancies/Assessors_Digital_Forensic.asp

The document envisages method validation for imaging by next year 2015 and for everything else I understand the planned implementation date is 2017.

Regards,  
 
  

dan0841
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 30, 14 02:13

- jaclaz

There was - seemingly - a "competitive tendering process" Shocked (When/Who/What/Where?) that was *somehow* awarded to the "academic with very little investigation experience" (as in dan0841's nice description, the one that clearly - in my opinion - didn't actually write anything but made one of his/her student jolt down it instead Wink )
jaclaz


Sorry - I didn't mean it in that way! The point I was trying to make was that in an academic environment there are many things that are taught (or were to me as a student) that are not necessarily practical, cost-effective or realistic in a real world environment.

In an ideal world it would be amazing to be able to pick up scientific peer-reviewed documents which validate most aspects of most of the main forensic tools (Including all versions and iterations). However, given the range of tools, the range of O/S, File Systems, forensic artefacts it seems a very difficult and potentially unacheivable ideal.

- jaclaz

I would expect that a document with such a potential disruptive effect on court cases and on the profession of digital forensic investigators would go through several "loops" of revisions/drafts, with successive edits, comments, corrections and adjustments implemented before being released.

Otherwise (and I may be of course very wrong about this) it seems to me a lot like the typical "suggestion box" with integrated shredder.
jaclaz


I hope it does get a lot more thought and revisions! Very Happy  
 
  

trewmte
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 30, 14 12:19

Below are observations.

The document is only a draft so understandable the consultation document (metaphorically) speaks in a language at times undesirable to the technical specifics of the field of science or forensics it is referring. Always difficult to create a concept using language that if too widely ranged waters down the concept to mushy nothing-ness or too tight and it can narrow the scope making the concept unreasobale to produce any observed possible outcomes.

I must say I do like the fact the document language strives to make sure those producing evidence having recorded test results after an event has happened (e.g. cell site analysis) the respondent's report should avoid old evidential cliches e.g. 'the evidence is consistent with the defendant's mobile phone being at ....' and similar types of opinionated.

It would have been helpful to have identified those people involved in submitting the content as opposed to only knowing the collated content submitted in the draft was produced by the FSR. This would have been helpful to know to see whether the document has a swing in favour of public sector bias for their aims and ambitions or a free, undominated market where no one particular, or no handful of, orgainsation(s) or private company(ies) are influencing production line (bang it on, bang it out) evidence.

The document could have usefully stated that "accuracy of original evidence" is paramount and thus those producing the original evidence would themselves be subject to standards for compliance. The politics of the matters (but I could be wrong on this) suggests avoid historic references or inferring to e.g. repealed S69 PACE (the computer working properly at the material time) removing obligations on the network operators etc (a presumption of everything is ok) - thus no fornsic standard imposed - but requiring a similar approach to the old repealed s69 PACE for the examiner's equipment producing results using information from the original source to prove it is working properly at the material. I am not against the latter, but a forensic standard produce requires a quality in an unbroken (end-to-end) chain of evidence. It is hoped that the FSR defines the importance of the accuracy of information from original sources and underpins the important that those producing original evidence should meet that standard. I mentioned politics because s69 PACE was bemoaned as causing too high a standard on those producing evidence and too expensive for corporate or private companies.

There was at one time a principle operated in English law that e.g. an [SIC]operator could not profit from crime. The analogy of the millions of calls made by drug dealers and other crimes who paid the full profit price of those calls to the operator. The principle suggests the operator could only deducted that amount for the cost of running the calls and not keep the profit. The trade-off used to be provision of call records etc and a standard applied in their production as evidence. That was blown out of the water by repelaing at least one attempt at a safety net (the repealed S69 PACE). Things change in life, we all understand this. Until the Forensics arena gets to grips with quality in an unbroken chain of evidence there will a guarded approach to over-commit to new standards as the Forensic person or groups will not want to be savaged by unrecoverable running costs. To not take a stance can play into the hands of a Forensic oligarchy controlling the arena and that dreaded political utopia we are told about of 'living of the crumbs falling from the oligarchy's table'.

A well intentioned document and lots of positives, but it would benefit from the Forensics arena en masse setting out known pitfuls where the quality in the evidence is poor at the outset yet the examiner's report implies the original source material was accurate at the outset.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

neddy
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 30, 14 15:55

- trewmte


It would have been helpful to have identified those people involved in submitting the content as opposed to only knowing the collated content submitted in the draft was produced by the FSR. This would have been helpful to know to see whether the document has a swing in favour of public sector bias for their aims and ambitions or a free, undominated market where no one particular, or no handful of, orgainsation(s) or private company(ies) are influencing production line (bang it on, bang it out) evidence.


Some info here www.gov.uk/government/...governance
_________________
Neddy
Forensic Computer Analyst (LE)
BSc (Hons)
!(-.-)!~~ 
 
  

dan0841
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 30, 14 17:59

- neddy
- trewmte


It would have been helpful to have identified those people involved in submitting the content as opposed to only knowing the collated content submitted in the draft was produced by the FSR. This would have been helpful to know to see whether the document has a swing in favour of public sector bias for their aims and ambitions or a free, undominated market where no one particular, or no handful of, orgainsation(s) or private company(ies) are influencing production line (bang it on, bang it out) evidence.


Some info here www.gov.uk/government/...governance


A number of very respected names on the digital group.  
 
  

Chris_Ed
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 30, 14 19:00

Then why are they making such a pig's ear of it?

Edit: is it not an enormous, glaring conflict of interest to have a software vendor on the panel? I wonder if Magnet were asked to send a representative? Or Guidance?

Edit 2: Oh, I suppose this is why NetAnalysis v2 has words like "validating procedure" everywhere. And why the unworkable example in the documentation was for web browsing.  
 

Page 2 of 3
Page Previous  1, 2, 3  Next