ISO 17025 for Digital Forensics – Yay or Nay?

Thats a very interesting link, thanks

Wording of the Bill needs more time to go through but first thoughts are that it's a bit of a mess and raises more questions,

https://publications.parliament.uk/pa/bills/cbill/2017-2019/0180/en/18180en.pdf

Hi,

There's also no reference to ISO17025 in it, just Codes of Conduct.

Steve

No, they would not bind 17025 into statute. It can be included within the Code of Practice. I am a little bemused by the draft bill as a Private Members 10 min rule bill is a strange route. They very very rarely get onto the statute books are are more normally used by backbench MPs to raise awarness of an issue that they particularly care about. Forensic regulation does not really fit in with that.
Chris Green sits on the Science and Tech Committee so thats clearly where this has come from although his role within Gov is transport. According to Wiki

"He attended school in Liverpool before completing a Higher National Diploma qualification in Physics.

Prior to being elected, Green worked as an engineer in the Mass Spectrometry industry for 20 years."

So he should know a bit from a byte?

It could be a "toe in the water" to see how people react to the content of the Bill and then the Gov could consider their own Bill at a later date. Interesting that the regulator has quoted as requiring £100,000 for the upgrade to a statutory body. Tiny ammount and not realistic IMHO.

Regulator will investigate when " activity if the Regulator has reason to believe that a person may carrying on a forensic science activity in a way that creates a substantial risk of adversely affecting any investigation, or impeding or prejudicing the course of justice in any proceedings"

Pretty light touch compared to 100% enforcement. Perhaps it's a good compromise?

Peter Sommer has now released his paper on this topic
http//pmsommer.com/Accrediting%20digital%20forensics.pdf

Peter Sommer has now released his paper on this topic
http//pmsommer.com/Accrediting%20digital%20forensics.pdf

Excellent ) , thanks for the link.

And to provide some background info on the Author to those not familiar with the name

https://www.forensicfocus.com/c/aid=185/interviews/2017/professor-peter-sommer/

jaclaz

My thoughts

1) Imposing an onerous standard would put individual consultants and small firms out of business.
2) Digital evidence does not need to be maintained in controlled conditions in the way that biological evidence does. A typical office environment with a secure storage area is fine for handling or storing a computer or a hard drive. Other types of evidence may require refrigeration, sterile environments, etc.
3) Digital evidence can be verified as-needed to ensure that it has not changed. A blood sample, by contrast, cannot.
4) Digital evidence cannot be accidentally contaminated as easily as other forms of evidence. For example I could add my fingerprint to an item by simply touching it without gloves; I could add my DNA to an item by sneezing nearby; or I could transfer cat or dog fur from my shirt to a piece of evidence by simply handling the item without precautions.
5) The requirements for preserving digital evidence have changed in recent years and may continue to change, especially with regard to mobile devices.
6) I think we're better off letting the court/opposing counsel review our methods and being prepared to defend our processes. Established guidelines would be helpful and a competent investigator/examiner should be capable of defending differences between their process and the guidelines.
7) Acquisition of evidence is a fairly standard process but the analysis is more dependent on the application of the examiner's expertise. If another examiner and I imaged the same hard drive, we should (barring any malfunction) get the same result. If we examined that hard drive to answer a question, we would probably approach the analysis with different tools and techniques and might even reach different conclusions (e.g. because I found something he didn't, or because he imagined other possibilities I had not considered,).

All in all, I think requiring ISO 17025 is bad for the field. It's not very helpful and will hurt independent examiners and small firms.

All in all, I think requiring ISO 17025 is bad for the field. It's not very helpful and will hurt independent examiners and small firms.

Exactly ) I would add
… while NOT bettering the "quality" or "accuracy" of the output.

I mean, if it would have hurted independent examiners and small firms BUT making the quality of the output sensibly better, then it would have been a valid argument of discussion (weighting the "damages" to a subset of the people in the field against a definite advantage in the quality and accuracy of the results), but like this it is only a (costly) non-solution to a not-fully-defined problem (assuming that the problem exists).

jaclaz

It had to start happening 😯 .

Today's post
https://www.forensicfocus.com/Forums/viewtopic/t=16780/

https://atsv7.wcn.co.uk/search_engine/jobs.cgi?SID=amNvZGU9MTczNjAwNiZ2dF90ZW1wbGF0ZT0xNDM5Jm93bmVyPTUwNjMwMDkmb3duZXJ0eXBlPWZhaXImYnJhbmRfaWQ9MCZwb3N0aW5nX2NvZGU9NjA2

The purpose of the role is to deliver an effective and efficient, high quality digital service to Northamptonshire Police, the community and the Criminal Justice System (plus other forces within the East Midlands region as required) through the management and development of staff, methods, processes and continued ISO17025 accreditation. This covers all technical aspects and quality of laboratory activities for digital forensics including computers, mobile devices, electronic storage devices and CCTV.

jaclaz

It had to start happening 😯 .

Today's post
https://www.forensicfocus.com/Forums/viewtopic/t=16780/

https://atsv7.wcn.co.uk/search_engine/jobs.cgi?SID=amNvZGU9MTczNjAwNiZ2dF90ZW1wbGF0ZT0xNDM5Jm93bmVyPTUwNjMwMDkmb3duZXJ0eXBlPWZhaXImYnJhbmRfaWQ9MCZwb3N0aW5nX2NvZGU9NjA2

The purpose of the role is to deliver an effective and efficient, high quality digital service to Northamptonshire Police, the community and the Criminal Justice System (plus other forces within the East Midlands region as required) through the management and development of staff, methods, processes and continued ISO17025 accreditation. This covers all technical aspects and quality of laboratory activities for digital forensics including computers, mobile devices, electronic storage devices and CCTV.

jaclaz

Truth be told, I'm shocked that this has taken this long. I'm aware of several other police forces which already have both quality and technical managers, and they've been in post for quite some time now.

Truth be told, I'm shocked that this has taken this long. I'm aware of several other police forces which already have both quality and technical managers, and they've been in post for quite some time now.

Sure, but possibly they were/are internal experts trained for the ISO17025 compliance and possibly doing a whole lot of other things within the unit), here we are talking about someone hired (seemingly) exclusively or almost exclusively for this compliance requirement.

jaclaz