Forums
Main Category
General (Technical,...
ISO 17025 - digital...
 
Notifications
Clear all

ISO 17025 - digital forensics struggle

 
Page 1 / 4
General (Technical, Procedural, Software, Hardware etc.)
Last Post by pbeardmore 9 years ago
35 Posts
8 Users
0 Reactions
6,458 Views
RSS
 trewmte
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
Topic starter 12/03/2016 1:26 pm  

Parliamentary briefing note says practitioners may struggle for 2017 deadline for all to have ISO accreditation

Digital forensics is not as good as it needs to be among law enforcement agencies, with frontline police officers lacking relevant skills and doubts about a 2017 target for all practitioners to be accredited, according to a research note produced for Parliament.

http//www.ukauthority.com/news/6046/post-points-to-digital-forensics-struggle?

I have also raised extra details with Interpol and other LE areas

One point to note with ISO 17025 is the updated version of this standard includes changed requirements on "calibration" (not yet announced) that law enforcement and private sector may either find hard to implement or would alter what is already in place. In both cases we see the maintenance costs spiral.

Another point regarding ISO 17025 it permits one person to have more than one function, so one person as auditor can organize, conduct and report the findings of internal audit of QMS that that person developed and implemented. This is not permitted by clause 8.2.2 ISO 90012008 and therefore impacts adversely on single-person business or lab to gain accreditation.


   
Quote
kacos
 kacos
(@kacos)
Trusted Member
Joined: 10 years ago
Posts: 93
12/03/2016 4:57 pm  

New forensic science service planned by the Home Office, four years after it controversially abolished its predecessor.

Interestingly a similar discussion on accreditation has opened on the other side of the pond too
The Initial Draft Recommendation for the Accreditation of Digital and Multimedia Forensic Science Service Providers is available for review and comment.

While significant progress has been made in the accreditation of public and private forensic science service providers to ISO/IEC 17025, ISO/IEC 17020, and, ISO 15189 and supplemental forensic science standards by an accrediting body that is a signatory to the International Laboratory Accreditation Cooperation (ILAC) Mutual Recognition Arrangement (MRA), this voluntary accreditation has not resulted in universal accreditation. To improve the overall quality of forensic science, all entities performing forensic science testing, even on a part-time basis, must be included in universal accreditation.


   
ReplyQuote
 trewmte
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
Topic starter 12/03/2016 6:33 pm  

New forensic science service planned by the Home Office, four years after it controversially abolished its predecessor.

The timing of this Home Office approach is quite amusing really since there has been a call since last August (2015) for the development of National Digital Science and Justice Office (NDSJO) - http//trewmte.blogspot.co.uk/2015/08/national-digital-science-and-justice.html

The NDSJO would obviously not be inside the Home Office but NDSJO would though oversee the digital evidence which therefore wouldn't require or even need the Forensics Science Service to be re-established from its previous failure.

Interestingly a similar discussion on accreditation has opened on the other side of the pond too The Initial Draft Recommendation for the Accreditation of Digital and Multimedia Forensic Science Service Providers is available for review and comment.

While significant progress has been made in the accreditation of public and private forensic science service providers to ISO/IEC 17025, ISO/IEC 17020, and, ISO 15189 and supplemental forensic science standards by an accrediting body that is a signatory to the International Laboratory Accreditation Cooperation (ILAC) Mutual Recognition Arrangement (MRA), this voluntary accreditation has not resulted in universal accreditation. To improve the overall quality of forensic science, all entities performing forensic science testing, even on a part-time basis, must be included in universal accreditation.

I have read this Draft and it would require certain provisions from the standards to be removed to enable access to all.


   
ReplyQuote
Chris_Ed
 Chris_Ed
(@chris_ed)
Reputable Member
Joined: 16 years ago
Posts: 314
14/03/2016 1:26 pm  

Digital forensics is not as good as it needs to be among law enforcement agencies..

See, this sort of thing makes me angry. Cut funding to the police, introduce a requirement to meet a very expensive, overly-complex and probably pointless ISO standard, then complain when forces have issues meeting it. I WONDER WHERE THE PROBLEM LIES.


   
ReplyQuote
Chris_Ed
 Chris_Ed
(@chris_ed)
Reputable Member
Joined: 16 years ago
Posts: 314
14/03/2016 1:35 pm  

Also I enjoy the approach that forensic units struggling with ISO is a problem with the units, not a problem with the standard.

*insert a gigantic roll-eyes emoticon here*


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
14/03/2016 1:52 pm  

… a requirement to meet a very expensive, overly-complex and probably pointless ISO standard, …

In the context I would replace "probably" with "undoubtedly". (

jaclaz


   
ReplyQuote
kacos
 kacos
(@kacos)
Trusted Member
Joined: 10 years ago
Posts: 93
14/03/2016 7:52 pm  

Also I enjoy the approach that forensic units struggling with ISO is a problem with the units, not a problem with the standard.

ISO/IEC 17025 refers to the "General requirements for the competence of testing and calibration laboratories". UK Forensic Science Regulator's Codes of Practice and Conduct recommends ISO 27025 and ILAC-G19 (Modules in a Forensic Science Process). It does not mention ISO 270432015 (Incident investigation principles and processes) since it was not available then. This DFI post debates ISO/IEC 17025 and this blog post discusses the differences between validation and verification. This pwc 2013 Report, while researching the UK cyber security standards (some apply to digital forensics too) is a good indicator of the overall mess that standards fail to address.

There are many ISO standards applicable to Digital Forensics (took at the table below - source here), some published and some not (yet)

Applicability of standards to investigation process classes and activities

(Note that the first line contains the Process Classes, better know as the 4 main DF investigation processes as defined by ISO 270432015)

All these have been the result of various papers discussing the need to standardize DF processes such as the one from M.Grobler. While this may be difficult due to the vast differentiation of digital sources, budget and purpose of the DF examinations conducted (ie LE/business/internal etc), I think it's a good start. However forcing all labs to be ISO 17025 certified is in my opinion premature to say the least. More work needs to be done to take into account the real world problems DF Labs & Investigators face. Let's not forget that most of the published so called standards (NIST, ISO etc) are recommendations or best practices (for a reason they can not be applied by everyone).

Edit Forgot to mention that both ISO 17025 and ILAC-G19 are generic for Forensic Labs and not Digital Forensic Lab specific ..

my 2c


   
ReplyQuote
 trewmte
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
Topic starter 14/03/2016 11:59 pm  

Digital forensics is not as good as it needs to be among law enforcement agencies..

See, this sort of thing makes me angry. Cut funding to the police, introduce a requirement to meet a very expensive, overly-complex and probably pointless ISO standard, then complain when forces have issues meeting it. I WONDER WHERE THE PROBLEM LIES.

Chris, your views echo many that I have heard to date.

Kacos, an excellent and detailed response, thank you. I have just been going through a UKAS recent document [issue date 03/03/2016] running a PILOT ASSESSMENT CONDITIONS FOR ACCREDITATION OF CELL SITE ANALYSIS (CSA)

https://www.ukas.com/download/development_pilot_programmes/Cell%20Site%20Analysis%20Project%20-%20ISO17025%20Accreditation%20of%20Cell%20Site%20Analysis%20-%20An%20overview.pdf

I have looked at ILAC G1908/2014 again [ http//ilac.org/news/ilac-g19082014-published/ ]and the above subject matter is not covered by Annex A or any other Annex for that matter.


   
ReplyQuote
minime2k9
 minime2k9
(@minime2k9)
Honorable Member
Joined: 14 years ago
Posts: 481
15/03/2016 2:07 pm  

Also I enjoy the approach that forensic units struggling with ISO is a problem with the units, not a problem with the standard.

*insert a gigantic roll-eyes emoticon here*

Why on earth they are making every Digital Forensics department up and down the country create their own ISO framework is beyond me.

Surely this could have been done at a national level and then individual units could add 'local' sections to cover the different ways of working.

I also think it makes it sound like only Law Enforcement has a problem with 'standards', the private sector is arguably much worse depending on which company you deal with.


   
ReplyQuote
kacos
 kacos
(@kacos)
Trusted Member
Joined: 10 years ago
Posts: 93
15/03/2016 3:41 pm  

.. I have just been going through a UKAS recent document [issue date 03/03/2016] running a PILOT ASSESSMENT CONDITIONS FOR ACCREDITATION OF CELL SITE ANALYSIS (CSA)

https://www.ukas.com/download/development_pilot_programmes/Cell%20Site%20Analysis%20Project%20-%20ISO17025%20Accreditation%20of%20Cell%20Site%20Analysis%20-%20An%20overview.pdf

I have looked at ILAC G1908/2014 again [ http//ilac.org/news/ilac-g19082014-published/ ]and the above subject matter is not covered by Annex A or any other Annex for that matter.

Greg, take a look at this document Codes of Practice and Conduct Appendix Digital Forensics – Cell site analysis.pdf - it's still a draft, available here.

The UKAS pdf doc mentions

It is a firm requirement that all
providers shall gain accreditation to ISO/IEC 170202012 and/or ISO/IEC
170252005, as appropriate, for their scope of work. In addition to the main codes the Forensic Science Regulator has generated an Appendix for Cell Site Analysis which has compulsory requirements. This Appendix is currently in its consultation phase (FSR-C-214).

and from what I understand it leaves it up to you to decide which applies to you. Do these look relevant to Digital Forensic Labs?

17020 Conformity assessment — Requirements for the operation of various types of bodies performing inspection
17025 General requirements for the competence of testing and calibration laboratories

The blog post by n-gate mentions

In the ISO/IEC 27037, 27041, 27042 and 27043 group of standards for incident investigations there is a requirement to show that methods are valid. This parallels the same requirement in ISO 17025 which is applied, in a law-enforcement context, to forensic sciences.

so why not get iso 27037/41/42/43 than 17025? They are certainly more relevant even though I haven't studied them. Is UKAS aware of these?

Costas


   
ReplyQuote
Page 1 / 4
Forum Jump:
  Previous Topic
Next Topic  
Share: