However, spare a thought for those law enforcement facilities that have been successful in gaining accreditation under iso17025 - what does that say about their achievements? What have they been doing to pass assessment for their digital forensics facility? Why are they not speaking out about excesses and over-complication?
The issue with LE is that those who attend high level meetings about Digital Investigations are ex CSI's/Fingerprint/DNA bods who have been there long enough to make it management. Most of them struggle with the basics of technology, let alone the complexities of digital investigations, and therefore do not understand why it is not suitable for this work.
I once had a conversation about validation where it was suggested that validating recovery of picture files was similar to detecting blood on a T-Shirt… and they were serious.
Many in the LE community are very vocal about how bad these standards are, but someone in management is either invested in getting 17025 to show they did it and advance their career or lacking the bottle to stand up and say this is wrong and then doing the absolute minimum to scrape through the accreditation.
Where they do hold it, it is usually for something ridiculously specific, like extraction of picture and video files from NTFS. Having seen the procedures and validation for some of those units holding accreditation, I would honestly say its not worth the paper its written on and definitely does not contribute to quality.
I'm fairly sure as well that the Met has no accreditation in place at the moment, it tends to be smaller forces with smaller case loads.
In fairness though, 17205 is just about applicable to imaging of devices but nothing else.
The issue with LE is that those who attend high level meetings about Digital Investigations are ex CSI's/Fingerprint/DNA bods who have been there long enough to make it management. Most of them struggle with the basics of technology, let alone the complexities of digital investigations, and therefore do not understand why it is not suitable for this work.
I once had a conversation about validation where it was suggested that validating recovery of picture files was similar to detecting blood on a T-Shirt… and they were serious.
Many in the LE community are very vocal about how bad these standards are, but someone in management is either invested in getting 17025 to show they did it and advance their career or lacking the bottle to stand up and say this is wrong and then doing the absolute minimum to scrape through the accreditation.
Where they do hold it, it is usually for something ridiculously specific, like extraction of picture and video files from NTFS. Having seen the procedures and validation for some of those units holding accreditation, I would honestly say its not worth the paper its written on and definitely does not contribute to quality.
I'm fairly sure as well that the Met has no accreditation in place at the moment, it tends to be smaller forces with smaller case loads.
In fairness though, 17205 is just about applicable to imaging of devices but nothing else.
Thanks for the feed back. minime2k9 can you think of a Standard national or international (not guidelines) that would be applicable to digital forensics?
I ask this because the uphill struggle to bring in any alternative concerns iso17025 having a foothold already in legislation via Statutory Instruments (SI)
SI 2018 No. 1276 POLICE The Accreditation of Forensic Service Providers Regulations 2018 and which is as a consequence of the UK signing up to ACTS ADOPTED UNDER TITLE VI OF THE EU TREATY - COUNCIL FRAMEWORK DECISION 2009/905/JHA of 30 November 2009 on Accreditation of forensic service providers carrying out laboratory activities, which is highlighted in the FSR Report of 15th March 2019.
http//
https://
https://
What also will be of interest is where does iso17025 fit into the new Forensic Capability Network (FCN) operated by Dorset Police? This concerns the reform team observing there will be no return to a Forensic Science Service. Instead FCN will use spare capacity among different police forces in pursuit of driving up quality standards of commercial providers and avoid high profile scandals. From a search on Dorset Police FCN website page it reveals no results about iso17025 at all.
https://
I was talking to a colleague about this earlier this week.
He had just spoken to a police person who used to send stuff to us who said that now we are gone they send the computers off and the data comes back on a disk.
They looked at the disk and then sent it to the CPS.
Then the CPS said "what does it mean?" and they replied "We don't know"
He had just spoken to a police person who used to send stuff to us who said that now we are gone they send the computers off…
So this would be the iso17025 end of the wedge.
…and the data comes back on a disk…
They looked at the disk
This doesn't require iso17025 to look and interpret data and therefore law enforcement could still engage your services to interpret the data, but instead..
and then sent it to the CPS.
Then the CPS said "what does it mean?" and they replied "We don't know"
But they could have known if they engaged your expert services. This demonstrates the services provided by the other organisation/police force raises questions about (i) actually getting at the right data and (ii) whether it was interpreted correctly.
The commercial scenario suggests so what you haven't got the contract to pull the data (at least you don't have all the overheads etc); but iso17025 doesn't stop/prevent you providing expert interpretation services to law enforcement nor law enforcement engaging your services. It could be they are missing vital evidence without your help or worse still important data hasn't been retrieved from the target device at all?
…and the data comes back on a disk…
They looked at the disk
This doesn't require iso17025 to look and interpret data and therefore law enforcement could still engage your services to interpret the data, but instead..
Fairly certain data extraction and analysis is covered by what the FSR deems should be under 17025.
…and the data comes back on a disk…
They looked at the disk
This doesn't require iso17025 to look and interpret data and therefore law enforcement could still engage your services to interpret the data, but instead..
Fairly certain data extraction and analysis is covered by what the FSR deems should be under 17025.
The FSR Guidance does refer to analysis but nothing for digital forensics. Moreover, the Guidance refers to experience and expertise in the subject matter, not testing or calibration. How will an expert, Doctor or Professor not involved in the examination of the device itself become iso17025 assessed - which again is a standard for lab work not opinion work?
The FSR Guidance does refer to analysis but nothing for digital forensics. Moreover, the Guidance refers to experience and expertise in the subject matter, not testing or calibration. How will an expert, Doctor or Professor not involved in the examination of the device itself become iso17025 assessed - which again is a standard for lab work not opinion work?
Table on page 4 - Standards/requirements for forensic science activity (2 of 6) - Extraction and analysis of data from digital media
All the doctor/professor area sits outside the remit of the codes
The Codes are for all forensic units supplying forensic science services to the CJS. Forensic science is taken to include the sciences performed by the police service, the public and private sector forensic science forensic units and, to a lesser extent, academia. They are intended to be able to cover sciences with scene and/or laboratory-based elements and therefore are not intended for disciplines such as forensic accountancy or psychiatry. Although the Codes could be extended to forensic medicine, they have not been drafted with that in mind.
20 The Codes currently cover the forensic units that includes the
a. initial forensic science activity at the scene;
b. scene examination strategy;
c. recovery, preservation, transport and storage of exhibits;
d. screening tests for use in the field;
e. assessment, selection, examination, sampling, testing and/or analysis of
exhibits;
f. testing activities using laboratory-based methods;
g. recording of actions taken;
h. assessment/review of examination and test results;
i. reporting and presentation of results and
j. interpretations and opinions.
He had just spoken to a police person who used to send stuff to us who said that now we are gone they send the computers off…
So this would be the iso17025 end of the wedge.
…and the data comes back on a disk…
They looked at the disk
This doesn't require iso17025 to look and interpret data and therefore law enforcement could still engage your services to interpret the data, but instead..
and then sent it to the CPS.
Then the CPS said "what does it mean?" and they replied "We don't know"
But they could have known if they engaged your expert services. This demonstrates the services provided by the other organisation/police force raises questions about (i) actually getting at the right data and (ii) whether it was interpreted correctly.
The commercial scenario suggests so what you haven't got the contract to pull the data (at least you don't have all the overheads etc); but iso17025 doesn't stop/prevent you providing expert interpretation services to law enforcement nor law enforcement engaging your services. It could be they are missing vital evidence without your help or worse still important data hasn't been retrieved from the target device at all?
We offered the analysis service to one of the units we used to assist but the chief said
"Why should I pay for 2 forensic service providers? I am only going to pay once"
Instead FCN will use spare capacity among different police forces in pursuit of driving up quality standards of commercial providers and avoid high profile scandals. From a search on Dorset Police FCN website page it reveals no results about iso17025 at all.
And this is the nub of it.
It's a mis-directed witch hunt, regarding issues that ISO17025 doesn't remotely solve in any way, and stemmed from over-hyped scandals that make the press, that are completely unrelated to quality systems, and everything to do with untrained officers and issues regarding disclosure.
So what do they do….blame it all on "unregulated" digital forensics and impose a silly standard that makes things worse in a variety of ways. It's counter-productive but those at the top of the tree will bang on about things being better now despite it being clearly untrue (because doing otherwise would make them look bad and solving the real issues isn't the aim).
Instead FCN will use spare capacity among different police forces in pursuit of driving up quality standards of commercial providers and avoid high profile scandals. From a search on Dorset Police FCN website page it reveals no results about iso17025 at all.
And this is the nub of it.
It's a mis-directed witch hunt, regarding issues that ISO17025 doesn't remotely solve in any way, and stemmed from over-hyped scandals that make the press, that are completely unrelated to quality systems, and everything to do with untrained officers and issues regarding disclosure.
So what do they do….blame it all on "unregulated" digital forensics and impose a silly standard that makes things worse in a variety of ways. It's counter-productive but those at the top of the tree will bang on about things being better now despite it being clearly untrue (because doing otherwise would make them look bad and solving the real issues isn't the aim).
I agree - there is a completely fake story going about that because the government closed the Forensic Science Service and went to private and unregulated companies that computer and digital forensics has become unregulated and full of incompetence leading to failures in the CJS
Its completely untrue - many of us were working with the Police for many years before the closure of the FSS.
I can think of rather a lot of independent practitioners who did groundbreaking work and worked on very high profile cases who were not part of the FSS.