±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35615
New Yesterday: 0 Visitors: 159

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

UK FSR Digital forensics method validation: draft guidance

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3 
  

trewmte
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 31, 14 00:14

- neddy


Thanks Neddy.

I didn't find the details of the names who make up the digital evidence group but only saw minutes of meetings. Do you have a weblink for the names and companies who make the digital evidence group. I want to trace who the likely candidates are who produced the content about cell site analysis and mobile phones.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

dan0841
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 31, 14 01:53

- trewmte


Do you have a weblink for the names and companies who make the digital evidence group. I want to trace who the likely candidates are who produced the content about cell site analysis and mobile phones.


I can't see a link to the list of names.

But if you mean in the original validation document there are a list of participants on page 102 of the document which was posted by the OP. They appear to relate to the appendix authors.  
 
  

athulin
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidance

Post Posted: Oct 31, 14 03:11

- dc1743
FWIW I think UK practitioners are sleep walking into a bureaucratic disaster in the years ahead.


You migh need to explain why. 'Guidance and advice' it says ... to my mind that means just that -- if it was strict requirements or mandatory processes it would be another thing. But I suspect they try to start in right corner.

Overall, I'm positively surprised: at last someone's trying to put the 'science' into 'digital forensic science'.

It probably means a minor hell for unaffiliated solo artists -- if they want to follow the guidance, they have to do a lot of fairly basic work, which probably can't be justified economically.

On the other hand, that may mean that DF societies or similar interest groups may take up methods and validation as a kind of 'special interst group' work kind of thing, and build up a body of work that could be referenced by members. (LE would be such an organization to itself, probably.)

And that might lead to another kind of specialization in digital forensics becoming less special -- one I thought would be restricted to LE (well, I can always hope ...) and very major players for at least a decade or so -- that of the validation expert.

Looks like this might be a reaction to that 2009 report on the state of forensics in the US. Are similar things happening elsewhere?  
 
  

mark_adp
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 31, 14 11:02

As far as I can tell, this 'guidance and advice' follows very closely inline with ISO 17025 requirements on validation and testing of tools and procedures?  
 
  

trewmte
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Oct 31, 14 12:26

- dan0841
I can't see a link to the list of names.

But if you mean in the original validation document there are a list of participants on page 102 of the document which was posted by the OP. They appear to relate to the appendix authors.


Thanks dan0841. I did see those names but they aren't attributed to each specific content. It is not clear whether any of the panel used their own company details or used details from others.

Additionally, the content itself is unattributed to foundation stone principles. For instance

- mark_adp
As far as I can tell, this 'guidance and advice' follows very closely inline with ISO 17025 requirements on validation and testing of tools and procedures?


"As far as I can tell" - guessing shouldn't be necessary in a government document but actually known that the scope of a particular statement is anchored to a particular principle/clause.


The above are observations only and in fairness, the dictionary term "draft document" is referred to 'as a work in progress'.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

neddy
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Nov 01, 14 02:31

I do not think that regulation of digital forensics is a bad thing, I welcome it. I do however think that it should become a reality as a result of expertise and innovation by the practitioners and not by forces engaged in the art of politik.

At the moment, it appears that politik is the driver behind the attempts to solidify such an accreditation entity and I am of the opinion that this will deliver a system that is pretty meaningless at great cost.

We work in a very fluid environment and I am sure that we can find a better fit solution to give reassurance to those that require it without reliance on a framework that is best suited to less diverse areas. I am reasonably familiar with ISO17025 and can agree with many of its principles; my problem with it is that it's advocates are easily undermined when asked to justify it's implementation in a laboratory with many diverse methods and the 'naysayer' just as easily undermined when they argue it's unsuitability in said environs because the principle is all we know. This dichotomy seems to indicate that it is a flawed framework for digital forensics and may well go a long way in explaining why very little advancement has been made in its implementation in the last five years.

This is all very well I suppose and we can wait for this life cycle to reach it's zenith or we can encourage all serious digital forensic practitioners to remind themselves that we are the individuals that will leave a legacy for those that follow and that we should do all we can to make it a good one.

So what does all that mean?

I think we need to accept that there is more we can do in digital forensics to raise the bar in terms of quality systems, validation of methods, competency and the application of the fundamentals of scientific endeavor. We should accept that this is our job right now and that it can only be achieved from the ground up.

So what can we do?

I think that every lab should engage by setting up a few simple computers that have diverse operating systems and encourage staff to use, install and abuse them in every possible (legal) way and at the same time log, in a scientific manner, every detail of their activity. Forensic images should be made at regular points and supplied along with the logs to staff to examine, validate and observe the consequences of the activity. Staff should be encouraged in this and I would hope that the information derived from these experiments could help us in getting to a meaningful level of validation that may make the ISO17025 pill easier to swallow.

As with all discussions I have had on ISO17025; I always feel like I have given the impression that I disagree with a part of it only to have then followed up by proposing an alternative that is entirely compatible with that part!

That my friends is how devilish it is!
_________________
Neddy
Forensic Computer Analyst (LE)
BSc (Hons)
!(-.-)!~~ 
 
  

jaclaz
Senior Member
 

Re: UK FSR Digital forensics method validation: draft guidan

Post Posted: Nov 07, 14 17:39

- mark_adp
As far as I can tell, this 'guidance and advice' follows very closely inline with ISO 17025 requirements on validation and testing of tools and procedures?


Yep Smile .
If you check point 2.3.1 of the "draft", it states:
2.3 Reservation
2.3.1 Every effort has been made to provide useful and accurate guidance of the requirements contained in the Codes of Practice and Conduct for Forensic Science Providers and Practitioners in the Criminal Justice System (the Codes). However, if the guidance supplied here
inadvertently implies a lesser requirement than the Codes or
ISO/IEC17025:2005 require, then the standard rather than the guidance will prevail.


As always, please call me "hairy reasoner" as much as you want, but I cannot but read the "giudance" as EITHER Shocked :
1) you forensic investigators are so [email protected] dumb that you need someone to explain to you how to implement ISO 17025 and we are trying to do this but take NO responsibility whatever, we only managed to produce more than 100 pages filled with truisms, very elementary concepts, vague examples, theoretical and utterly inapplicable in practice[*] procedures (such as "peer review") and the like
OR:
2) the guys that wrote ISO 17025 did a terrible work as the "standard" is not understandable without further (this document) guidance

In any case you should apply ISO 17025 to your activities.

As said elsewhere, besides the all-in-all lack of anything of actual practical use, the draft is another confirmation of the (IMHO flawed) idea of making an artisan work an industrial production line:
www.forensicfocus.com/...4/#6557034

jaclaz


[*] more specifically in practice any and all "development" or "discoveries" or "new procedures" will become exclusively possible to "large laboratories" or "Big" software firms, if you want to be compliant with ISO 17025 and the guidance document, or however it will take so much time to validate any new thing that by the time it will be validated it will most probably be already obsolete as the device/hardware or software to which it applies won't be anymore in use.
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 3 of 3
Page Previous  1, 2, 3