Is There a Need for Industry Control?

I agree; although I feel the need for control it also concerns me that a small private company like ours could be penalised under some systems. We are not a Vogon but I believe fill a particular hole in the market, carrying out investigations for mid-range cases and helping with Corporate fraud where they can't afford the big company prices. We do a good job (although taking a coffee break as I'm a little confused with a case right now!) and control that required massive investment of time or money would be difficult for us.

Nick

couldn't agree more Nick. We are in a similar position ourselves and already have to pay for a number of accreditations etc to make sure we tick the right boxes. I think at the moment the small/medium size firms have an advantage by having lower overheads and more of a personal approach but the costs of a regulated market place is something that some body, don't know who yet, would have to address. I would like to see something along the lines of a central, free, government/police register which would operate in the same way the security clearance system works at present. Not too dissimilar with whats going on in the physical security market.

I am one of the examples of the outsider looking in. I have developed a very strong interest in infosec over the last few years and took the time to become a CISSP about a year and a half ago. Despite being an experienced developer and project manager, my attempts to break into the biz have gone completely unrewarded, despite the many places I have read lamenting the lack of security professionals with exactly such experience. I have an interest in forensics as well, but have never bothered to even investigate the hurdles to overcome to gain entry into the field due to my past lack of response. I understand that newbies should be expected to have some kind of apprenticeship before they start to speak as expert witnesses at trial, but if I have to take an entry level job at this point in my life to get into the business, I guess I will remain as nothing more than an occasional poster to such forums. If, on the other hand, there were some sort of accreditation (like the CISSP, though it has done nothing for me) whereby someone from the outside can establish credentials sufficient to be taken seriously, then using my spare time to study and practice for such an accreditation could breath new life into my forensic interests.

Yes, some interesting points. What would be the real benefit of a new standard of accreditation? An aid to getting that first foot in the door? A recognised commitment to lifelong learning and professionalism? Protection of the industry profile against cowboy operators? All of the above and more, I suspect.

Regardless of whether a new scheme is desirable or not, how important is it that any scheme is used/recognised worldwide rather than just in one particular country? I'm thinking here of what I understand to be the current push towards a new UK scheme for computer security professionals…some seem to support it, others are less enthusiastic due to the prominence of other certification methods already out there (e.g. CISSP). Does the role of relevant legislation in forensic investigations make it more desirable to have a country-specific scheme or is "good practice" such that one scheme could (perhaps should) cover all practitioners?

Jamie

I thought that efforts had been made in this area by the creation of the
Certified Computer Examiner(CCE)® certification The International Society of Forensic Computer Examiners , http://www.isfce.com/ , yet I have not seen mention of this organization yet…

from http://www.isfce.com/

The purpose of this certification is to:

Professionalize and further the science of computer forensics
Provide a fair, uncompromised process for certifying the competency of forensic computer examiners
Set high forensic and ethical standards for forensic computer examiners
Conduct research and development into new and emerging technologies and methods in the science of computer forensics

In order to complete the CCE certification process, the applicant must:

Have no criminal record**

Meet minimum experience, training requirements or have verifiable self study in forensic computer examinations
Abide by the ISFCE Code of Ethics and Professional Responsibility Standards
Pass an online examination
Successfully perform actual forensic examinations on three test media
In order to maintain the CCE certification, certified individuals must adhere to the CCE code of ethics and professional responsibility standards and pass proficiency examinations every two years.

The initial CCE certification process will encompass:
http://www.certified-computer-examiner.com/

Acquisition, marking, handing and storage of evidence procedures
Chain of custody
Essential "core" forensic computer examination procedures
The "Rules of Evidence" as they relate to computer examinations

Basic PC hardware construction and theory
Very basic networking theory
Basic data recovery techniques
Authenticating MS Word documents and accessing and interpreting metadata
Basic CDR recording processes and accessing data on CDR media
Basic password recovery techniques
Basic Internet issues

That's a very fair point. I wonder if it's also quite a good representation of the difficulty in putting together a worldwide certification. Looking at the ISCFE website I note

The International Society of Computer Forensic Examiners is a private Florida corporation affiliated with Key Computer Service, Inc. Although the ISFCE is a for-profit corporation, our goal is not to gain profits, but to provide a quality certification at a minimum cost. We are dedicated to providing a universally recognized, unblemished certification that is available to all who can qualify, for a reasonable cost.

With a couple of exceptions, it looks as though the certification board is composed almost entirely from US members and the partnerships listed are either all US or Canadian.

None of the above is intended as criticism of the firm or its efforts in putting together the certification, but I wonder how far a US dominated, for-profit private corporation's certification will play with British or other European investigators? Comments welcome.

Jamie

Jamie,

As a "victim" of many vendor based certification plans I looked hard and far for a certifcation group that had as a core principle that it was "vendor neutral". The CCE was the only one that I found.

My first though is that certifcation that that is accepted world wide, for purposs of "expert witness" testimony would be good thing. Data is so darn portable now a days.. you don't know what machine or what it could be one.

With so many firms with offices in different countries, it follows that a unversially accepted certifcation might be good idea.

As to THE ISCFE being affiliated with Key Computer Service, I suspect this is more do with the how to get things done in terms of legal issue, logistics of shipping HD's for exams, maintance of on-line testing, etc then for any other reason. Someone has to do the grunt work….<sigh>

I think i need to do some fact checking on the CCE and its acceptance world wide and as why the board is us based. It might just be that those are only folks who stepped up the plate to volunteer their time, or just how the darn thing grew…

Regards,

David R. Hibbeln

Seems this issue has been discussed by others…

Position Paper for International Professional Certification of Digital Evidence V 3.2

http://ncfs.ucf.edu/Certification%20Position%20Paper%20V%203.2%20%207-3-03.pdf

Regards,
DRH

Some excellent comments made and I thank the contributors. It was also good to see some links to papers and acreditations I had not seen before. It will be interesting to see how this topic pans out over the next few months.

Keep posting your thoughts or links to anywhere not yet considered.

Nick

Dear All,

This link may be of interest to you regarding the issue of accreditation.

http://www.crfp.org.uk/contents/whowe.asp

I believe Computer Forensic practitioners will be added shortly.

Cheers