I didn't actually vote, as I don't think that any of the options cover what I believe to be the case, as I _don't_ think that it is achievable.
Well, fair enough, although when I mentioned my comments to you I was not actually referring about you voting but generally the way voting was going. It is really only negativity generated due to uncertainty and understanding suggesting this matter isn't possible.
My experience and assessment of this matter is that it is highly achieveable and is something that mobile telephone examiners should not be deprived because of concerns about economics etc. I say that because I saw no one moaning about shelling vast sums of cash and taxpayers cash when it came to buying EnCase and all the et ceteras. That does appear strange because it looks another standard is being attempted to be applied to mobile phones when all the stops were pulled out for computer forensics.
Option 1, but I don't think that it is possible to do it, however if it is possible, it needs to be done in such a way that Option 4 isn't an issue, e.g. that the certification process doesn't cost too much or take too long, or exclude small businesses producing small products, or mean that an examiner who presents his own code in court is discounted because it isn't "certified" software.
Azrael where did this quote come from? Is this your quote?
Certification/Validation will only become a problem where a producer of a tool seeks to hide what the tool is doing. That doesn't appear to me to affect small businesses etc.
My experience and assessment of this matter is that it is highly achieveable and is something that mobile telephone examiners should not be deprived because of concerns about economics etc. I say that because I saw no one moaning about shelling vast sums of cash and taxpayers cash when it came to buying EnCase and all the et ceteras. That does appear strange because it looks another standard is being attempted to be applied to mobile phones when all the stops were pulled out for computer forensics.
My experience is the opposite - certification happens for ordinary computer forensics software for one version, on one OS version and patch level, on one platform with specific hardware - when it is off that, all bets are off and the certification is no longer really valid. Certified computer forensics software has still been shown to be buggy, inaccurate and problematic - thinking of no particular manufacturer.
I think that if more people knew what exactly they were buying at the time, there would have been more complaint, not that I recall a huge amount of consultation ! Expensive certified software that can still be shown to be wrong isn't a wise use of my tax money …
Azrael where did this quote come from? Is this your quote?
Sorry, bad formatting on my part - I wanted it in a box, and I thought that if I didn't attribute the quote I wouldn't get the Bold "Quote" text. It is mine, and is my voting option 😉
Certification/Validation will only become a problem where a producer of a tool seeks to hide what the tool is doing. That doesn't appear to me to affect small businesses etc.
So the certification process is going to be provided for free ? Who by ? How long will it take ? How much paperwork is going to be involved ?
As a small business, all of these things have an impact on me financially - something that the larger business can absorb in hope of future earning. Taking something like the
I have loooked at EAL, CCRA and common criteria and ISO17020 and ISO17025 and all are useful expressions of some form of assessment for conformity, but they do not deliver a solution based upon a 'criteria' in order that conformity can be checked. The absence of a solution is the same for ISO9000, for which it is better designed to deal with assessment at the stage conformity is desired by a company/organisation etc.
This thread has had over 1476 views yet only 31 votes have been recorded. I do urge all mobile phone examiners to vote.
Greg,
Re your comment "This thread has had over 1476 views yet only 31 votes have been recorded. I do urge all mobile phone examiners to vote."
Can I politely suggest that you add a sixth option to your POLL which offers voters a wider opportunity to give their views. It may also help to reflect some of the comments being posted here.
Your five poll options are - 3 options that are for certfied tools, and 2 against but the reasons against appear somewhat trivial and unprofessional to say the least?
Perhaps another option which says "I don't think it's possible to validate/certify all mobile phone forensic tools at this stage due to the complexities of the technology" would be fairer to all.
I think you may capture a few more votes - mine for example.
Mike
I have just seen this document (remember that it is still in press so not a final version) that discusses the forensic use of mobile phone flasher boxes. It is not a free paper as it comes from the Digital Investigation Journal.
It discusses in detail possible verification methods and suitable testing procedures. Very interesting reading.
A link can be found here http//
Regards
Greg,
Re your comment "This thread has had over 1476 views yet only 31 votes have been recorded. I do urge all mobile phone examiners to vote."
Can I politely suggest that you add a sixth option to your POLL which offers voters a wider opportunity to give their views. It may also help to reflect some of the comments being posted here.
Your five poll options are - 3 options that are for certfied tools, and 2 against but the reasons against appear somewhat trivial and unprofessional to say the least?
Perhaps another option which says "I don't think it's possible to validate/certify all mobile phone forensic tools at this stage due to the complexities of the technology" would be fairer to all.
I think you may capture a few more votes - mine for example.
Mike
I don't think the Poll questions are trivial or unprofessional. There comes a time and place when you simply have to ask people to answer truthfully and honestly about whether they want a forensic product or not, without asking ambiguous questions. Your approach suggests putting people off with ambiguity (simply leaving it up in the air) without justification what exactly a tool is doing to an exhibit.
Also your response Mike, as someone who sells XRY (thus you have a vested interest), may just as equally get people thinking why does the person who sold XRY to us, looks at us in the face and says believe me this is the product you should buy, now not have the confidence in his product to meet a Certified/Validated requirement? Is there an admission you wish to make Mike?
Well, I suggested something similar in my first post to this thread and i don't represent any vendor of cellphone forensic products.
The "ambiguity" insofar as I am concerned, is what would constitute a legitimate process for certification or validation for cellphone forensics?
You can't be for or against something unless you know what it is and whether or not it can be done.
It is kind of like asking if you are in favor or against "cold fusion". I'd be for it if it were possible.
Well, I suggested something similar in my first post to this thread and i don't represent any vendor of cellphone forensic products.
The "ambiguity" insofar as I am concerned, is what would constitute a legitimate process for certification or validation for cellphone forensics?
You can't be for or against something unless you know what it is and whether or not it can be done.
It is kind of like asking if you are in favor or against "cold fusion". I'd be for it if it were possible.
seanmcl are you saying you need to be convinced about the need to have a Certified/Validated tool which you use as forensic practitioner?
Or might you be deviating from the Poll and actually saying forensic tool cannot come about until you are consulted on what makes up the processes involved Certified/Validated?
Do remember the Poll merely seeks a show of hands that people believe they should be using Certified/Validated tools.
It is possible to have a Certified/Validated scheme in our field of distinction.
Greg,
Your response is interesting? I really do not wish to be ambiguous – I was actually trying to be direct by indicating that it may not be as straight forward as any of us would like it to be.
Far from having any admissions that I wish to make - the truth is I would welcome this if we could achieve it. What I was trying to explain (and clearly not doing a very good job at it, if I have to make two posts) is that the reality of the situation is far harder.
As a vendor I would love to be able to stamp a 'Certified' badge on my products, in fact I have been trying to find a way to achieve that unsuccessfully so far.
There are five releases of .XRY per annum (other providers are available). Some are for new features but the majority of these software releases are for increased phone support, we have to do this in order to simply keep pace with the market place.
Despite numerous meetings with different parties - there is no certification body able to check, validate and keep up to date with this release rate either in the UK or anywhere else for that matter. NIST for example in the USA - tested v3.6 of XRY and we had released v3.8 by the time the report was actually published. This invalidates any Certification before it is even issued.
I am sure that most other vendors like Micro Systemation are all for Validation. The issue is one of practicality as to how it is done – so if someone here can offer a solution and explain to me how it would work then I will jump at the chance. The Forensic Regulator is actively seeking input on how to better improve these processes for validation and certification and I am sure they would welcome your input if you had a suggestion.
In the absence of that information, my conclusion at present is that it is not practical at the moment for vendors to achieve this validation – hence the request for an additional poll option?
I do not believe that is ambiguous or avoiding the issue in any way – it is simply my view.
Mike
Greg,
I have to go with Mike and Sean on this one. The poll questions are written such that you agree with choice 1 or 2 or your professionalism is brought into question. As it stands, I do not believe that certification/validation can be done by the vendors because there will always be questions about their motivation( as evidenced by your response to Mike). Until there can be a govorning body that has the resources to validate all of these tools at the speed in which they are brought out for use, I do not belive that there can be such a thing.
Eric Wahlberg