"Just to name a few of the basic ones the difference between IDE, PATA and SATA, the difference between MB and MiB, interpreting the FAT access time"
IMHO, I've yet to see a case some down to these differences. I don't know that I would discredit anyone for the above, or for a few errors in a book. Everyone who has written a large number of reports has errors, most private examiners carry insurance just for this. Usually the errors, have no bearing on the overall outcome of the case, and really can only be used to say this person made an error in their report.
There are organizations like that already.
To me and others I have spoken with (in person) it boils down to how can Billy Joe Bob or John Doe say that they are the ones who get to decide what 100 questions get used, (usually because they start the organization or join up when it first starts and get a directors position) The posed solution is that when you take the test you submit 10 questions for the bank of questions and then the computer will randomly select 100 from that bank.
Like conducting an exam on a drive and submitting a report on that exam to have "reviewed" by someone. That person now has the authority to tell me if I am a certified examiner by their organization based on what they think of my report.
How about a 100 question exam of basic knowledge; a statement of adhering to ethical standards; and a criminal background check. Violation of ethics or being convicted of a felony would be disqualification of performing forensics. The written exam consisting of basics such as;
-Evidence control
-Legal knowledge (court information as example)
-And bare bones forensic information
A criminal background check will likely solve hardly anything, it may keep someone from applying (which may be the goal) but they are usually not thorough and only check areas which you tell them to check. I.E. I used to live in CA, check there, as opposed to a search on all of their previous residences, local checks there, and a fingerprint check.
The felony part, While I don't have a record, I'd be against that. I know an officer (a very very good officer) who has a felony against them, he lost his right to carry, but he is still a detective. I think you have to be very specific on the charges you say someone could or couldn't be a member of your organization with, unless you agree with EVERY Felony being a Felony.
As an example one licensing requirement of an organization not related to forensics says no felonies if they involve violence, dishonesty, or the use of a deadly weapon. Please don't try the every crime has a mode of dishonesty. Notice it leaves out drinking and drugs offenses. Pick up a DWI or OWVI and lose your career? Not fair at all.
How about a 100 question exam of basic knowledge; a statement of adhering to ethical standards; and a criminal background check. Violation of ethics or being convicted of a felony would be disqualification of performing forensics. The written exam consisting of basics such as;
-Evidence control
-Legal knowledge (court information as example)
-And bare bones forensic information
How about each state regulate their examiners? There is the Louisiana State Bar Association for attorneys conducting business in Louisiana. Why would forensic examiners be any different to be regulated?
And for the student issue (previous posting), personally, I don't agree with the internet being used by students in ANY program to send out forum posts or email listing posts to ask questions for their HOMEWORK. But I accept that this is the way it is and will be because of the internet. I mean, really, since when did educational institutions accept that students now how access to thousands (millions!) of people from their computer to do their homework? Shameful.
Licensed doesn't mean competent especially when you are talking about home repair contractors. Licensing can also have unintended effects such as keeping otherwise competent people out of the market. You just have to look at some of the state private investigator regulations to understand how this works.
That is exactly the situation in Texas. The requirements of becoming a Texas PI have little to nothing to do with digital forensics. The Texas PI and PI Manager tests do not cover any digital forensics related content, and they do not require any focused or specific digital forensics training. I have no problems with licensing if it is linked to training and qualifications, but to have a governing body that does not make the distinction between a regular PI and someone trained in digital forensics, nor acknowledges training as necessary to conduct digital forensics is shortsighted and reckless. I am not sure why digital forensics is not covered by the Texas Forensic Science Commission. At best, it's an ill-implemented method of ensuring quality, and at worst it's a barrier to entry for competent and trained people who do not meet the requirements to be a PI unless they want to work for someone else.
Texas is doing it wrong of course. I think the point of licensing is to reduce the amount of incompetent professionals and hold those currently in that (regulated) profession to standards or face removal from that business. As it stand, there is no method of removing those in the field in most states for any cause.
Even so, if it was noticed that I am inexperienced, and that I was indeed working on a "real" case, what is the ethical implication for your fellow forum members? Barring any obvious questions, or any questions that I could google quickly for an answer, I would expect my fellow forum members to guide me in the right direction. If you are worried that an inexperienced examiner is searching here for answers to an IRL case, I think you should do your best to impart your wisdom and expertise to aid their situation.
Everyone at some point has run into AN issue which they needed help on, probably more than on one occasion. If you are a lurker, then you see the people who come on here and have you work the entire case for them. What's the problem with that? If they are prosecution, then maybe they don't fully understand the evidence before them and the charges they brought are premature. If they are defense, then as it's been said many times It's someone's life at stake here, this isn't learn while you earn, you have a person facing having their freedoms taken from them, voting taken from them, lifetime restrictions placed on them, and they come to a forum to get an answer which as has been stated by others they likely take the first answer they get and plug that into a report and don't test that answer to see it's feasibility or validity.
This evolves very quickly, you said that, and you are 100% correct, the people who cause threads like this are the people who abuse the system and are under-trained or get into this field thinking that a laptop and free copy of the old Helix will suffice for them. You see it all the time, where can I get a free alternative, I am starting out, I don't have money for encase and FTK, which is better. Those posts to me are fine, but what is the most common answer (the most common answer is WE HAVE THEM BOTH) and best is relative to the examiner.
I speak at a Law School and to CF classes and let them know, hey when you get out, if you are thinking about starting your own company raise your hand. most hands go up. Then you break out a sheet on what it costs over 3 years to keep an office running and people start to think well maybe I need to go with another company first. That's great, but know your stuff first, if a case comes your way and you can't do it, it's not the time to say I'll show them and get this done, pass it on to someone else and watch what they do and be ready for the next case which comes up.
One last thing on this topic, recently in Chicago in a conference room I was doing some imaging and then analysis and opposing counsel had this expert there. The guy was 23 years old and identified himself and said he was a "junior examiner" after going to the company site and seeing the rate sheet, you could get a junior examiner for … an hour, a senior examiner was 100 more an hour. This kid was in way over his head, 15 pc's several smart phones, a server, he didn't even have the right tools with him, let alone know how to image the phones or the server. To tie into Harry's OP what should I have done there? Going off some of the posts in this thread, I should have helped him do what he needed and he would have been grateful, but I have a job which I was hired to do, I was hired to win a case based on my role analyzing electronic based data. So what's the play here, go back to counsel who hired me and say immediately if this goes to trial attack this kid, he didn't have a clue on what he was doing, and didn't even get a proper working image of the server or several of the key phones? Or let it slide?
Eric,
I agree that licensing will not solve everything and is no guarantee that a licence hoder is an expert, however, on the flip side the lack of a licence is a definite sign that the person should not be practising as a forensic analyst. Indeed, to take it a stage further, the withdrawal of a licence from those judged to be unprofessional in conduct or competency would help to ensure that licence holders kept their knowledge current and their practice ethical and proper.
Which in turn brings up the question - Quis custodiet ipsos custodes? If we as a body do not go some way to implementing some form of regulation in a manner where we have some logical, reasoned debate about what is and what is not acceptable proof of knowledge, skills, and competence we may find such a system imposed on us.
Let me take that argument a stage further. For some time a software company called Microsoft has been issuing certifications to people who pass various exams including the Microsoft Certified System Engineer certification. There is a small country bordering the United States of America called Canada, some of you may have heard of it. A few years ago The Professional Engineers of Ontario in Canada decided that obtaining a certification from a commercial company was not sufficient justification to call yourself and Engineer and they did something about it - http//
Unfortunately software companies are still issuing certifications with the titles Engineer, Analyst, Professional attached to them, and it is not too much of a stretch to imagine that the one with the most clout might set the standard for certification for licensing as Forensic Professionals, just as CISCO have done in networking, ORACLE have done in database. (You can already hear the pitch "Excuse me Mr Prime Minister/President but we here at Girl Guide Software have been issuing professional qualifications for some years and our software is probably the most widely used in the industry so we could just incorporate the licensing into our certification programme without charging you an excessive amount to administer the scheme") I for one think this would not be a good thing and for this reason think that we need to very soon have a grown-up, adult discussiuon about how we are going to implement some form of self-governance.
As regards students asking questions I don't think that they are who Harry was referring to with his original question. I think it shows at least some initiative that they have sought out a forum where practitioners post to try and increase their knowledge. I agree with some of the other posters that they should not expect us to solve their problems, but we all had to learn at some time, and the least we can do as professionals is help point them in the direction where they can find the answers for themselves, after all some professional, at some point in all our pasts, has done something similar for us.
With all the banter and disagreements in beliefs of what things should be, perhaps we should just let things fly in the wind. No regulation, no certifications, no licensing, just a free for all in this field which will eventually turn into a non-professional career. Basically, anyone that wants to do forensics, can.
And the students…lets do their homework for them so they can hurry up and also get into the field!
And that was sarcasm folks…. wink