Notifications
Clear all

NPCC guidelines?  

  RSS
GumStickStorage
(@gumstickstorage)
New Member

Hello all, quick question.

I know there's an ACPO Guidelines but that was published six years ago. ACPO as we know is now NPCC, so is there an NPCC equivalent to digital evidence guidelines?

I found this, thinking that it would provide me the document but I just got a bad link.

I don't know if it's just my poor researching but I am on a bit of a deadline and the NPCC haven't responded to my freedom of information request. So I'm wondering if any of you know where I could find it and if it's the equivalent of ACPO 2012.

Thanks

Quote
Posted : 13/12/2019 4:27 pm
jaclaz
(@jaclaz)
Community Legend

Hello all, quick question.

I know there's an ACPO Guidelines but that was published six years ago. ACPO as we know is now NPCC, so is there an NPCC equivalent to digital evidence guidelines?

I found this, thinking that it would provide me the document but I just got a bad link.

I don't know if it's just my poor researching but I am on a bit of a deadline and the NPCC haven't responded to my freedom of information request. So I'm wondering if any of you know where I could find it and if it's the equivalent of ACPO 2012.

Thanks

Via Wayback Machine

https://web.archive.org/web/20180827003809/http//www.npcc.police.uk/documents/reports/Digital%20Investigation%20and%20Intelligence%20Policing%20capabilities%20for%20a%20digital%20age%20April%202015.pdf

But I don't think it is what you are wishing it is.

Nice pictures, though.

As a side-side note, the document at the URL to that Freedom of Information Act response has "Digital" as "Digial" (so the same people that expect certain quality certifications, can produce documents with typos in the title)
189 15 Digial Forensic Investigation CRIME.pdf

jaclaz

ReplyQuote
Posted : 13/12/2019 6:59 pm
GumStickStorage
(@gumstickstorage)
New Member

Thanks for pointing out my mistake.

I just read the document but it doesn't really have anything similar to the informing ACPO guidelines. My supervisor kept on telling me that there is an updated version of ACPO; I assume he's referring to the FSR documents.

ReplyQuote
Posted : 14/12/2019 7:09 pm
jaclaz
(@jaclaz)
Community Legend

Thanks for pointing out my mistake.

I just read the document but it doesn't really have anything similar to the informing ACPO guidelines. My supervisor kept on telling me that there is an updated version of ACPO; I assume he's referring to the FSR documents.

You didn't commit any mistake, seemingly? ?

You didn't think to try with archive.org/Wayback Machine, but that is not a mistake it is just - understandably - inexperience.

The good guys that replied to your request, besides the typo, sent you to a wild goose chase, the document they linked to is at first sight more a PR pamphlet and some wishful thinking than anything else.

I have no idea how it works there, but here, if my supervisor would have kept telling me vaguely about a document, I would have adopted a gamer's approach "Screenshot or it didn't happen". 😯

And this should tell you something about the reasons why I came out very early from UNI and never had any career in diplomacy wink .

But you can have this info (updated September 2019)
https://www.app.college.police.uk/

Digital investigation and intelligence
In the absence of APP, access is provided to the latest training modules.

(bolding is mine)

jaclaz

ReplyQuote
Posted : 15/12/2019 9:37 am
trewmte
(@trewmte)
Community Legend

I know there's an ACPO Guidelines but that was published six years ago.

Indeed, and a point underpinning your research. Moreover, it is noted in the Cloud Forensics community that ACPO Guidelines in 2015 were out of date.

ACPO as we know is now NPCC, so is there an NPCC equivalent to digital evidence guidelines?

Anyone can hold onto and espouse ACPO Guideline 'Principles' if they want to. Might look good in a report or witness statement stating "" "" "" "'ACPO Guideline 'Principles'".

It is inescapable, thus unavoidable, as it currently stands FSR Rules and supported with guidance remain the de facto (unless that changes) approach in most cases. Additional guidance for the approach to the wider field in digital evidence can be found in CrimPR, CPS Guidelines and so on.

NPCC haven't responded to my freedom of information request. So I'm wondering if any of you know where I could find it and if it's the equivalent of ACPO 2012.

What are the permitted timescales to respond to an FoI application?

NPCC, I would suggest, wont saddle themselves with creating a new best practice guide because there are numerous divisions/department/forces within the police doing something (but I could be wrong). NPCC aim is to transform forensics; there is then the forensic capability network (FCN); Police Scotland are doing something else; and so on.

NPCC did produce a template for police forces in 2019 regarding digital device examination and PIN/password access but it contained no reference to 'principles', 'ACPO' (but then again they wouldn't, would they), 'guidelines', 'best practice', 'FSR rules', etc.

ReplyQuote
Posted : 15/12/2019 11:45 am
Rich2005
(@rich2005)
Senior Member

The fundamental problem is that, whilst the ACPO guidelines were trying to raise the standard of digital forensics, by giving sensible guidelines/suggestions for an overall approach, without being problematically rigid, ISO17025 is trying to give the APPEARANCE of raising standards in Digital Forensics, whilst more likely actually overall being a detriment to the field, for a variety of reasons (previously discussed so no need to bore everyone again).
There desperately needs to be some leadership and investment in improving digital forensics in this country.
Let's face it, despite the obvious bias, I'd say it's clearly the largest, and most important source of forensic evidence these days, as the scope of cases it covers, and is regularly used in, is almost everything, unlike DNA for example.
It's symptomatic of this country that the approach is essentially to increase red-tape and prevent people spending most of their time doing their jobs (as many police officers will know all too well).
As this is essentially a political problem, we need to use a political buzzphrase, and "get back to basics". This means setting out the key challenges (or problems) in digital forensics and then coming up with credible paths to solving them (or improving them).
As I've argued before, I think if you listed the key challenges/problems in digital forensics, and realistically weighed up how much ISO17025 would improve things, I'd say it wouldn't get a score of more than 2/10 on any measure (being generous here) and arguably would make things worse, if one measure was the effectiveness of a department/unit/company spending their time/money on it.

(apologies for another rant - it just really irritates me - as you can tell)

ReplyQuote
Posted : 16/12/2019 10:37 am
GumStickStorage
(@gumstickstorage)
New Member

It is inescapable, thus unavoidable, as it currently stands FSR Rules and supported with guidance remain the de facto (unless that changes) approach in most cases. Additional guidance for the approach to the wider field in digital evidence can be found in CrimPR, CPS Guidelines and so on.

Sounds like FSR would be the better choice as it's apparently mandatory now in the UK. I say that because just by skimming through the actual codes, there's a lot of reference to the ISO standards. Helpful for that section, but not really for my ACPO issue. Although this may inspire me to write about why ACPO is no longer the main choice for digital forensics?

What are the permitted timescales to respond to an FoI application?

I just searched that question and it's apparently around 20 days and I just asked them on the 12th, so I may not be getting that until the new year. I asked here in hope that someone would have a copy.

NPCC, I would suggest, wont saddle themselves with creating a new best practice guide because there are numerous divisions/department/forces within the police doing something (but I could be wrong). NPCC aim is to transform forensics; there is then the forensic capability network (FCN); Police Scotland are doing something else; and so on.

I'm a little upset by that because just by reading ACPO, it was a well-written guideline and still gets praise today despite its progressively obsolete state (implying people are moving to up-to-date guidelines which makes more sense). However as stated earlier, it can generate a form of inspiration. Perhaps I can attempt to make proposed amendments to the guidelines so it satisfies the upcoming decade too.

The fundamental problem is that, whilst the ACPO guidelines were trying to raise the standard of digital forensics, by giving sensible guidelines/suggestions for an overall approach, without being problematically rigid, ISO17025 is trying to give the APPEARANCE of raising standards in Digital Forensics, whilst more likely actually overall being a detriment to the field, for a variety of reasons (previously discussed so no need to bore everyone again).

As usual your 'rants' are very valuable. )

ReplyQuote
Posted : 16/12/2019 6:12 pm
JimC
 JimC
(@jimc)
Member

ACPO was replaced by the NPCC in 2015. In late 2016, I used the FoI to ask the NPCC about the ACPO guidelines. The key questions/responses were as follows

1. Are you currently responsible for the "Good Practice Guide for Digital Evidence" document. This was previously published by ACPO.

RESPONSE The NPCC is responsible for the ‘Good Practice Guide for Digital Evidence’.

2. If you are responsible for this document, are you currently planning any revisions to this document?

RESPONSE The NPCC holds information to suggest this document will be updated.

As far as I am aware, the above situation has not changed since 2016 and the NPCC have not published any updated guidelines. As part of the same exercise, I asked The College of Policing the same questions. They replied that they were not responsible for this area.

Jim

www.binarymarkup.com

ReplyQuote
Posted : 16/12/2019 8:58 pm
trewmte
(@trewmte)
Community Legend

NPCC, I would suggest, wont saddle themselves with creating a new best practice guide because there are numerous divisions/department/forces within the police doing something (but I could be wrong). NPCC aim is to transform forensics; there is then the forensic capability network (FCN); Police Scotland are doing something else; and so on.

I'm a little upset by that because just by reading ACPO, it was a well-written guideline and still gets praise today despite its progressively obsolete state (implying people are moving to up-to-date guidelines which makes more sense). However as stated earlier, it can generate a form of inspiration. Perhaps I can attempt to make proposed amendments to the guidelines so it satisfies the upcoming decade too.

Historically, when people travelled by horse and trap the de facto controller device was a 'buggy-whip'. Everyone needed one. When the automobile turned up where was the need for, or relevance of, the buggy-whip? Things change. The principles of safe travel by horse and trap continued to be considered relevant to automobile but only as principles of limited safety value but had to be updated to reflect reality. That reality relevant to today's technology comes in the form of Guidance

ISO has developed a set of global digital forensics standards
■ ISO/IEC 270372012 Guide for collecting, identifying, and preserving electronic evidence
■ ISO/IEC 270412015 Guide for incident investigations
■ ISO/IEC 27042 2015 Guide for digital evidence analysis
■ ISO/IEC 270432015 Incident investigation principles and processes
■ ISO/IEC 27050-12016 Overview and principles for eDiscovery

The principles in these standards are 'neutral' of other guidelines (e.g. ACPO, NIST, SWGDE, etc). This approach is not new.

So just tweaking ACPO Guidelines ("Good Practice Guide for Digital Evidence") might not be enough.

ReplyQuote
Posted : 17/12/2019 12:04 pm
Share: