But, unlike the profession of lawyers, M.D.'s, etc. the computer forensic is a field where ALL things are (or should be) BINARY or 0/1, Black/White, NO shades of gray allowed.
On this we must disagree. Computers and operating systems are dynamic entities capable of self-modification as well as modification from external processes which are poorly understood. Certainly at the level of what streams through the processor we are talking about 1s and 0s, but that is about as useful as saying that humans are nothing more than carbon, calcium, sulphur, nitrogen, etc. The latter can't help you to understand why two men break into a house and murder the mother and children leaving the husband to die in the fire.
Speaking as someone who has practiced both forensics and medicine, they are not that dissimilar, which is why knowledge is no substitute for experience and judgement.
Since I, basically, agree with the rest of your post, I was surprised to see the above as part of it.
Oh, and, by the way, medical credentialling in the United States was not done for the purposes of protecting the consumer but simply to create a barrier to entry into the profession. As part of this "reform" health care costs increased (since doctors needed to be trained in medical schools rather than apprenticeships), and, for decades, women and minorities were effectively barred from the practice of medicine.
On this we must disagree.
Good, we agree to disagree. D
You might have noticed the "are (or should be)".
What I meant was that, as I see it, the BIG difference is that normally in computer forensics things are, even when UNdocumented, as unfortunately happens often in medicine too, usually repeatable, something that NOT so often happens in medical practice (once the horse is dead, due to a bad cure, there is no way to try another method, with an imaged disk drive, this is usually possible wink ).
Obviously experience and intelligence and knowledge are needed in both professions, but - of course within limits - computer forensics gives more certainties when compared with diagnoses and cures.
I see computer forensics more similar to civil (structural) engineering and construction (casually my specific field of professional interests), with a particular accent on structural failures.
If a building or bridge falls down, you can usually find the reasons why it happened and, in the worst cases, you can always re-build it (totally or partially) and experiment applying to it the same kind of structural loads and stresses to verify your hypothesis.
Oh, and, by the way, medical credentialling in the United States was not done for the purposes of protecting the consumer but simply to create a barrier to entry into the profession. As part of this "reform" health care costs increased (since doctors needed to be trained in medical schools rather than apprenticeships), and, for decades, women and minorities were effectively barred from the practice of medicine.
Yep, exactly one of my points.
jaclaz
You set up BACE (British Academy of Computer Experts - I think) about 12-15 years ago I can’t remember what the standards everyone else had to achieve to become members but I assume that there were some standards/tests etc. that you had thought about and implemented (you made me a fellow and a cfsiceng based on just knowing me and my work – which was flattering – so I can’t answer this question). What were your thought processes back then and have they changed now? What happened to BACE?
I am pleased to see after 12 years the British Association of Criminal Experts (BACE) is still getting recognition. BACE is still around but some early members are not members and I believe that includes you Paul. When I, Colin and Robin asked members to pay a small members fee to fund the Association we were unfortunate at that time as we received little to no response when requests went out in 1998. You may recall with BACE a free quality newspaper was published called Forensic Expert News (FEN). The purpose of BACE if you recall was to link together Experts from various deciplines. This came about as the Expert Associations at that time were largely made up of civil engineers, architects, insurance, doctors etc etc. Mobile telephones, telecommunications and computers were not really represented by those Expert groups.
BACE Membership operated in two ways (a) recognition of the members professional status in the community and (b) recognition of the members discipline. The Expert Membership recognition (a) related to the fact that being an expert required following professional codes of conduct. Discipline Member recognition (b) was a category status but not a test of competency as BACE was unable to do that at that time. The Discipline categories eg CFsicEng etc were used to distinguish between discipline sub-categories.
Following the BACE meeting 10 years ago those free of charge on the Register were removed from the Register as they didn't respond or want to pay to the requests made to them. Had you still been a member Paul you could have enjoyed adding CFsicEng to your CV. I suspect though after 10 years this is why you haven't heard anything and really why you haven't even mentioned this matter over the last decade.
BACE was fairly successful at the time, and certainly up to 2009 (and maybe even still today) I managed to get Discipline categories status recognised at national level in the expert profession and that is ten years after you were no longer with BACE.
What lessons do I think this teaches? Perhaps it could mean there is an identity crisis as to what some may think they are living up to in the computer forensics world; how they perceive their professional status; Associations cannot run on financial thin air and a lack of man-power and input; it may not be a good thing for professionals to gain status by using free of charge routes to do that.
I secured the future of BACE and it is ticking over today supporting another Association.
I think your perception that it is unclear regarding where to go next in computer forensics is about right. I also would say the value of your stock may have increased Paul following your comments, as they echo my views I have expressed openly over the years, that forensics is not a game or to be used to manipulate to win a case. People lives are at stake. I agree with those principles entirely.
I think your perception that it is unclear regarding where to go next in computer forensics is about right.
I think part of challenge is aligning the field of law with the (ever changing fast-pace) field of computing technology.
Some cases to reflect upon http//
Following the BACE meeting 10 years ago those free of charge on the Register were removed from the Register as they didn't respond or want to pay to the requests made to them. Had you still been a member Paul you could have enjoyed adding CFsicEng to your CV. I suspect though after 10 years this is why you haven't heard anything and really why you haven't even mentioned this matter over the last decade.
I never continued with BACE pretty much for the same reasons I posted above - certainly it was not fee related, I was in charge of a pretty large budget at the time and if I thought it added value it would have been a no brainer.
You made me a CFsicEng so I "enjoyed" having that title but it got me thinking back then, certified by whom, certified for what? My attitude then and now is that a certification should mean something and should not just be handed out.
This is not a knock BACE post as I thought it was long dead and buried (a Google for CFsicEng only brings up this thread – impressive indexing by Google), but it is relevant in that it indicates that the situation is no further forward although we are 12 years down the line.
Despite reading the posts above I am struggling to see what certification would bring to us. As I said earlier some sort of peer review seems on the face of it to be the way forward, although there are huge problems associated with this and it would probably exclude those of us that do mainly commercial work – which I expect will be the bulk of forensics soon). What we don’t need is the addition of some huge gold plated, box ticking, procedure based ISOxxxx standard forced down our throats that will simply push up the cost of doing the work and give no one, particularly the LSC and other government agencies using (or providing) forensic services one whit of added value and at huge extra cost (to customers and the tax payer) particular in the current climate.
I can see your viewpoint Paul, but what happened 12 years ago doesn't measure up to today or can be placed in the same context as today. What happened back then when an inexperienced newby came up on the radar or a troublesome consultant didn't want to play by the rules it came out in the wash pretty quickly. Also, most of us knew each other back then. It was a very much smaller knit community, whereas today computer forencsics is not manageable.
Also, in fairness, when thinking about BACE, members back then none of you would have been willing to sit a test. Indeed, members who did join BACE in the early days some had already come from Prof Tony Sammes course. Would it have been right for BACE to look at RMCS certificates and say these individuals didn't know what they were talking about, test them? All the people BACE asked to join were very well known and publicised CV setting out knowledge and experience. How realistically back then Paul could you have been asked to sit a test? You were at FlightServer (Authentec pre-Vogon).
I am stumped, because whilst I see the rationale of your thinking about what is happening today and it is fair to say the dilemma you raise is an astute observation, the suggestion though that testing was necessary back 12 years ago isn't right and wasn't right for its time and place.
Just two points. One about BACE; it now supports the Professional Standards Council (PSC) in the MTEB. The other about CFsicEng if you looked in the back of the UK Register of Expert Witnesses you will find the qualification has been recorded over the years. I had to jump through hoops of tests to get those qualifications recognised and to make sure members were not let down. Tch! and that's the thanks I get.
Lastly, given the CRFP demise and the loopholes expressed earlier with the Forensic Regulator could you and your colleagues not produce an Association and you publicly declare your aims and objectives so that we can all share in your vision?
Would it not make more sense to validate the results of a producer against a set of standards, than validate the producer of the results against a set of standards?
Ultimately the customer cares little of the producer as long as the results/product is up to or exceeds par.
jhup
In the UK, CFRP was the validator of the results (it evaluated the work produced by forensic scientists and not their organisation). Unfortunately, it was killed off in 2009.
It certainly had its faults like anything else but I believe the basis of it was good. The process of assessing an application was a good one (and often misunderstood). However, it did rely heavily on having assessors being technically competent. However, any form of auditing or assessment generally relies upon this.
In the event a report/file was considered technically inaccurate/not following procedures, that assessor could rightly advise that the individual was not competent and should not be included on the register. Additionally, it was my understanding that if a court/customer/other scientist had concerns about an individual, these could be raised with CRFP whom would address them. The result could be that the individual lost their RFP status.
Kind regards
Sam Raincock
But, unlike the profession of lawyers, M.D.'s, etc. the computer forensic is a field where ALL things are (or should be) BINARY or 0/1, Black/White, NO shades of gray allowed.
On this we must disagree. Computers and operating systems are dynamic entities capable of self-modification as well as modification from external processes which are poorly understood. Certainly at the level of what streams through the processor we are talking about 1s and 0s, but that is about as useful as saying that humans are nothing more than carbon, calcium, sulphur, nitrogen, etc.
I believe he was saying that the work product of computer forensics is 0 or 1, yes or no.
And if that is what he was saying, I continue to disagree.
It is a rarity when the question to be answered by forensic analysis has a clearcut yes or no answer.
Is there CP on the computer? Answer yes.
How did it get there?
Now the answer you provide can be challenged. Not so much the answer, but the process you undertook to arrive at that answer.
While there are smoking guns and hard facts to be found when conducting forensic analysis, quite often the conclusion must be inferred from a larger set of forensic artifacts that ‘paint the picture’ of activity. It is this inference that is as weak or as strong as the thought process that produced it.