Notifications

Clear all

Methodology Sticky Topics - are they dead?

svetlik · 2009-01-27T03:43:32Z

I admit that after some time when I did not follow this subject, I did not read this entire forum closely. But it is clear from the topics that the forum has begun to take completely different direction than the original intention was. So the initial idea is dead?Probably yes. But why? Why was not able to standardize the reports or to create a general methodology for forensic examination? It seems that the only default document is still ACPO Guide or similar ones, which are able to define only the basic 3 (or 4?) principles. Is it not possible to create something better (as was to the intended project DECAF)?I think the basic problem of why such initiatives have failed is the lack of basic definitions of what we want to describe, to standardize. If there is only a very general definition of the term "digital forensic" (here I do not want to argue the accuracy of various definitions), we cannot towards anything other than the very general principles (like ACPO's). I think it would be appropriate to go into the theory one step upper and try to first understand what actually "digital forensic" IS. Until then we can discuss HOW. The need of revocate of the "old" definition of digital forensic appears for some time (just as an example http//forensicir.blogspot.com/2007/05/digital-forensic-science.html). Just to illustrate what I mean, I am presenting here often quoted definition (DFRWS) "The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations." I am no theorist, but this definition seems to be a very general definition of general forensic science, only the object is defined as “the digital evidence derived from digital sources”. I am convinced that this basis is correct, but by far insufficient for such tasks, which were initially raised this forum (i.e., standardization of reports and examining the methodology). "Digital forensic" perhaps already surpassed their "children's disease” and it is time to reflect on what a forensic science it actually is.What do you say?Important note I do not speak English well and do not use the right UK dictionary, so sorry…

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Jamie 16 years ago

17 Posts

5 Users

0 Reactions

1,390 Views

RSS

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

03/05/2009 3:41 am

patrick,

I completely agree; however, I do think that there is some benefit to maintaining documentation of some kind with respect to the different areas of analysis available. For example, I have considerable documentation available with respect to what areas can be examined specifically on Windows XP systems. It appears that this documentation will be good at least until 2014, and possibly beyond. Now, with respect to Vista, some things dropped off that list, while others were added.

The benefit of this kind of documentation is two-fold…I can't guarantee that I will remember everything all the time, and this is an excellent resource for new and junior examiners.

ReplyQuote

svetlik

(@svetlik)

Active Member

Joined: 19 years ago

Posts: 7

Topic starter 22/06/2009 6:44 pm

My original question was "what a digital forensic science actually is?" It seems it is time to say that "Digital Forensics" is not a real forenics science, it's something like if we were talking about "Forensic Biology". It also does not exist (or I am wrong?). We have to divide a big pie into smaller pieces (like fingerprints, DNA, blood, pathology, psychlogy, …..), and then we can talk more specifically.

We have to go to purely theoretical issues, such as to the definition of "digital traces", whether it is physical in nature, whether it's just a "reflection of" the material world in the "digital world" (and what the "digital world" is?). Such reasoning may be concluded that almost everything in material world is reflected in the "digital world". And, as in the material world we have a large number of forensic disciplines, even "digital world" will probably have a number of similar (or different, or totally new) forensic disciplines. Today, we use terms like "computer forensic", "network forensic", "live forensic", "mobile forensic" … The basis of all is digital information, but the specific methods and procedures are different.

This topic has been widely discussed in the DFF Prague 2007 Conference and I am giong to discover some aspects of this theory in my dissertation.

But it could be too theoretical or too daredevil?

ReplyQuote

svetlik

(@svetlik)

Active Member

Joined: 19 years ago

Posts: 7

Topic starter 23/06/2009 12:41 pm

… and concerning of processes, documentation, etc…
Some thoughts about how to build and manage digital forensic laboratory and some general concept and description of MIS we use, you can find here . It was 4 years ago I had a paper about it. Nowadays I work at (same concept, but) new representation, where overall know-how could be stored, not only methodes and tools, but processes and workflow with combination of checklists, customisation, etc… As soon as I will have something solid for publication, I will send it.

Marian

ReplyQuote

Jamie

(@jamie)

Moderator

Joined: 5 years ago

Posts: 1288

23/06/2009 2:55 pm

Thanks Marian, look forward to reading it.

Unfortunately at the moment I get "You are banned from this site due to a unknown user-agent" when trying to reach the dff-parague.com site so can't catch up with your previous work.

Jamie

ReplyQuote

svetlik

(@svetlik)

Active Member

Joined: 19 years ago

Posts: 7

Topic starter 23/06/2009 3:30 pm

Sorry, Jamie, I will try to correct it asap… -(

ReplyQuote

svetlik

(@svetlik)

Active Member

Joined: 19 years ago

Posts: 7

Topic starter 23/06/2009 3:53 pm

Was done, can try dff-prague.com again. Marian

ReplyQuote

Jamie

(@jamie)

Moderator

Joined: 5 years ago

Posts: 1288

23/06/2009 4:00 pm

Many thanks!

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
251 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed