Yeah I can see where you are coming from and there is an argument for this approach.
I do feel that although a certain 'scientific' methodology should be used for CF, specifying a degree as essential would perhaps discourage those with other specialisations such as technology in business fraud. This type of investigation requires a very different approach, both cognitively and technically, from investigating illegal images.
I will be interested to see if the F3 conference in the UK considers this issue this year.
Thanks for your comments.
Nick
<——Steps tentatively into the arena.
Lot's of good debate on this subject.
My own tuppenth (for our non-UK cousins - tuppenth offering), I started in the Forensic Field in 1999, after years of experience as a detective, who utilised various IT Police Tools and because of a lack of manual dexterity had to attend Unix and Windows Sys Admin Courses to fix my own problems - the geeks weren't impressed with having to talk me through things ALL the time, particularly as they only spoke 'geek' and I only spoke 'copper'.
Anyway the man who's role I took was a highly educated and extremely computer literate individual, and when it came time for him to move on he insisted that a 'detective' and not a computer geek, like himself, replace him.
The reasoning was very much along the lines of some of the posts on this thread, which I fully agree with, was, 'what good is it to understand computers yet not know a fraud from an assault'.
Accordingly I was appointed to the role and given a 6 month hand-over, which included attending Proprietory Maufacturers Courses, essential to rebut a defence claim of incorrect utilisation of the product(s) involved in any investigation. And the Forensic Computing Foundation Course - a Degree level course enabling the successful participant to be an acknowledged 'Competant Witness'.
As a mature man who hadn't any formal education since leaving school in 1975 with 1 meagre 'O' Level, I was very impressed with my resullt - many thanks to the computer geek, who spoke 'copper', who had 2 computer related degree's prior to the course, who spent hours teaching a PC from Cambridge and DI from Humberside and me, how to answer Academic questions correctly.
To this day I still believe you have to be a copper first and foremost, accordingly I go down the route of 'experience over qualifications', yet agree that accreditation is an integral part of the role.
With all of the different types of accreditation currently out in the big bad world I can understand the confusion that abounds on the subject.
Having attended the International Hi-Tech Crime & Forensics Conference in Heathrow, England in 1999, where the international delegates agreed upon common practices, which became the ACPO guidelines previousy mentioned, and were intended to be taken up by each participating country, I have to ask "Were those practices agreed upon by each nation/state (US Law flabberghasts me)" ?
If so, the way I see it is that providing those guidelines are adhered to and the Forensic Practitioner is 'qualified' to use which-ever 'tool(s)' used there shouldn't be any need for further 'Accreditation', which in my view is just a 'gravy train' for those expounding the virtues of further accreditation.
As a footnote I'm a bitter and twisted non-expert witness because with the exception of one case my evidence was accepted (years of experience of providing written evidence properly I suspect) and that was because the judge found my evidence to be "Too damning" 😕
On a humerous note after sucessfully completing one of the 'Tools' courses, I came back to work and immediately 'broke' the Forensic Work-Station. It only cost £7,000 to fix 😳
I don't know whether I agree with you. And, as you're in the LE and CF profession and I'm not I realise that my position maybe a little untenable but I'll try and explain. I could be completely wrong, but most of the members of this forum don't possess the experience to which you refer, namely experience of being 'a copper first and foremost', (except Andy of course). So the argument of experience over qualifications isn't about being a copper for several years, but rather of having experience of actually conducting computer forensic examinations and experience of computers themselves.
Ostensibly your argument of 'what good is it to understand computers yet not know a fraud from an assault' sounds like a good one, but if you're following sound, accepted analysis methodology and you are competent with the fundamentals of computer forensics and your investigative tools, then you should be able to find anything, whether it relates to child pornography or fraud. I concede that one is a little more subtle than the other, but that's were specialisation and previous forensic experience comes in.
One could just as easily invert your argument – what good is it to know fraud from assault if you don't know computers.
Hi FR,
Thanks for your reply, particularly the last sentence, now I have to try to justify myself oops
The first thing I will say is that I do not deem it apprpriate to state specific cases/individuals, as specific inadequacies have been dealt with in one way or another, when it comes to jmy ustifications.
My view is that if you don't fully understand the crime you're dealing with, how would you be able to put your indepth knowledge of forensics to full use.
As they say a computer is only as good as the person putting the data into it, and should that person, being experienced in forensic methodology and tools not know what they are looking for, how can the tools find it?
As a simple example, child pornography as mentioned by you.
Do you, as a matter of course, examine chat logs, search engine activity, e-mail(s)/PM(s) etc, rather than just producing the indecent images (proving distribution and intent - rather than just possessing/making) etc ? - there are "experts" out there that don't!! (and that includes LE)
Obviously you've got experience and probably do, however, when I was pensioned off on medical grounds my post was taken by 2 people, one a highly computer literate individual (trained policeman who had only been employed on IT duties for 12 years), the other a detective, and they attended the relevant courses, yet had to depend upon each others experiences to fully appreciate the complexities of both disciplines and find all relevant evidence on their target machines.
I do not decry the impact of IT first - examiner second, having several colleagues who have been involved in CF since it's inception and who have gained the necessary investigative abilities, in fact I turned to those individuals in my early days when I came across any IT problems that I encountered.
But I feel that having a degree in computer science does not make a good forensic examiner, despite the fact that both disciplines require a methodical approach to achieve competence.
As an example on the courses I attended there were computer guru's who just didn't have a clue what to look for evidence wise, so had great difficulty throughout the training and had poor results - if this uneducated copper can surpass their grades they must have been poor - particulalry as when I first touched a computer my course report said I'd "…make a good document manager, once he's learned to equate the keyboard with his previous experience of Major Incident Room card index systems" ;).
I wont bore you with other instances of dealings I've had with CF practitioners who couldn't investigate properly, but there have been too many, from each end of the fraternity, but more guru''s than coppers!!
Now getting back to the actual thread, providing a CF investigator/examiner - being PC there 😉 - has passed the propriety courses and a formal academic course on CF, then proved that they can actually apply those teachings to real life investigations, similar to NVQ's, there should be no need to have any other 'accreditation'.
It is, to me, a very expensive way of proving you can do the job, attending some sort of proprietory accreditation course, gaining the product supplier more profit, when you consider that we all (maybe not all, but those I know personally in the field) use several tools, which would cost a great deal of time and money to get accredited on each tool.
Whereas I agree that Industry Control is needed, academia should be the accreditors, not businesses, and they should have generic testing, rather than product specfic, if they don't go down the NVQ route.
As another footnote. I was so impressed with my achievement of attaining a 6th of a MSc, on a 2 week course, I wanted to pursue a full degree, however, I worked for a living, often 18 hours a day and sometimes more, so didn't have the time to do anything else.
When my brain is fully back on-line, if I am still unfit to work (I have a serious spinal complaint that wasn't helped when in hospital having my brain dealt with) I will try and get the relevant degree on-line.
Then I'll not only have experience, but that piece of paper that so many people seem to need.
And maybe get back into the field I love.
Regards
Dave
PS. Any queries you have please mail them to me, so that I remember that I am a member of this forum ?
Dave,
I deleted your previous short post as it seems to have screwed up this thread's formatting. Not sure why, probably some minor bug in the script. Apologies for any inconvenience.
Cheers,
Jamie
Hi Dave, thanks for the debate.
My view is that if you don't fully understand the crime you're dealing with, how would you be able to put your indepth knowledge of forensics to full use.
A deleted file wont be harder to recover just because it’s related to fraud and I specialize in software theft or CP. As I said earlier you would adopt and follow a sound methodology to find or recover files and, if unsure as to their value to the investigation, use the experience and skill sets of others, as you said you did, until your own knowledge/experience was sound enough to stand on its own.
Do you, as a matter of course, examine chat logs, search engine activity, e-mail(s)/PM(s) etc, rather than just producing the indecent images (proving distribution and intent - rather than just possessing/making) etc ? - there are "experts" out there that don't!! (and that includes LE)
It would depend on the brief and the specific requirements of the case, but surely this is a reference to forensic examination methodology. Conducting the search that you describe would most likely derive from a comprehensive grasp of the technical basics, as you’re more likely to search PMs and try to find specific search engine queries etc because you have the technical knowledge that lets you know you can retrieve artefacts there.
But I feel that having a degree in computer science does not make a good forensic examiner, despite the fact that both disciplines require a methodical approach to achieve competence.
I disagree. I do concede that the law and judiciary system is highly convoluted, but I’m of the opinion that its ‘easier’ to pick up the nuances of investigation, such as escalating possession into intent, than it is to learn IT to the necessary level to become a credible, competent FE.
Another point I would like to make in response to not fully understanding the crime is concerning the breadth of experience police officers possess. Correct me if I’m wrong but police officers specialise do they not? An officer experienced in fraud wont necessarily have had any exposure to vice, drugs or murder, so would that make them a poor FE in those areas?
Also what of the police officer turned FE who has been off the beat so to speak for a couple of years, does his lack of contemporary investigative knowledge render him any less capable of conducting an examination?
And what of computer specific criminology? DDoS attacks, phishing scams, credit card/identity/proprietary software theft. All of these crimes will have computers to examine, assuming successful tracking and apprehension etc, but its unlikely, as these occur in cyberspace, that any police officer would have the prior ‘hands on’ experience of the type to which you refer.
With the landscape of computer criminology forever shifting, with technology evolving and becoming ever more complicated and criminals switched on in their adoption of new techniques and exploitation of new inadequacies, I would suggest that the FE of the future would be better placed to keep their head above the rising tide if they have a solid IT education and background to rely on.
I agree that attending a formal academic course is a necessity and I strongly agree that proprietary accreditation is expensive and only a profit making exercise for the ‘band wagon’ following vendors. Especially when you consider that any of the main software tools could, at any time, fall from favour or have the market share usurped by someone else, thereby reducing the value of their certificates.
Also Cardex – wonderful!
An interesting article, highlights this very issue.
http//
This link is an article (replicated in Private Eye magazine) about the person who instigated the highly inaccurate and misleading Sunday Times (and PC Pro) Operation Ore (bashing) news item.
The person refered to, has an interesting website at http//
Andy
I certainly would not want to get into the 'Jim Bates' argument and I'm concerned that his ranting may backfire on the industry but it does add fuel to the fire that some recognition should exist.
What about this as an idea-
For existing practioners, a Body could be set up including, for example, the CPS, NHTCU, Academia, F3? etc who could peer review a selection of 3 cases a person had investigated. This along with 2 or 3 references from law firms could provide a 'stamp' of approval which other law firms or the courts could take into account.
A little like the british medical assocation, a practitioner could be removed if found guilty of misconduct.
This could be funded by a reasonable annual fee.
Agree with it or flame it, what do you think. How about F3, or a spin off, to run it in the UK?
Nick
CRFP is due to commence in November, it has the backing of many of the leading FC practitioners in the UK. I am aware of the criteria for acceptance onto the register, its quite rigorous (in three distinct areas). There might be one or two minor hiccups along the way, but I think it will be the way to go.
Yeah, just found the site, that could be interesting.
Nick