One common misconception of an examiner’s analytical responsibilities is that he or she is to only analyze submitted evidence to the extent of the investigative request. This is far from the truth. Indeed, if this is all that an examiner does, then most probably, technical support personnel can be trained to do the task. The role of an examiner is aptly defined and described in the preamble to the Code of Ethics of the California Association of Criminalists:

“It is the duty of any person practicing the profession of criminalistics to serve the interests of justice to the best of his ability at all times. In fulfilling this duty, he will use all of the scientific means at his command to ascertain all of the significant physical facts relative to the matters under investigation. Having made factual determinations, the criminalist must then interpret and evaluate his findings. In this he will be guided by experience and knowledge which, coupled with a serious consideration of his analytical findings and the application of sound judgment, may enable him to arrive at opinions and conclusions pertaining to the matters under study. These findings of fact and his conclusions and opinions should then be reported, with all the accuracy and skill of which the criminalist is capable, to the end that all may fully understand and be able to place the findings in their proper relationship to the problem at issue. In carrying out these functions, the criminalist will be guided by those practices and procedures which are generally recognized within the profession to be consistent with a high level of professional ethics. The motives, methods, and actions of the criminalist shall at all times be above reproach, in good taste and consistent with proper moral conduct.”

The second sentence states that the examiner is to use “…all of the scientific means at his command to ascertain all of the significant physical facts relative to the matters under investigation.” This can generally be ascribed to the examiner following the scientific method, performing whatever testing is necessary to try to resolve the issue at hand, and adhering to a code of professional conduct and/or a code of ethical practice. Acceptable behaviors for research scientists were described in 1942 by R.K. Merton as “universalism, communalism, disinterestedness, and organized skepticism.”¹ They also apply to forensic examiners. Although some would argue it is difficult to agree upon specific behaviors for a code of professional ethics, others would agree that a consensus could probably be reached regarding those for a code of professional conduct. Regardless, some sort of code needs to be in place to lend guidance to examiners.

ETHICAL PRACTICES IN DIGITAL FORENSICS
The following scenario will put into perspective the need for such a code for Digital Forensics examiners:

An examiner in a digital forensics unit is also a sworn investigator. He receives a complaint from a woman who saw child pornography on her husband’s computer. He goes to the victim’s house, has her sign a “Consent to Search” form, and seizes the computer. After acquiring the hard drive, he recovers twenty-five pornographic pictures from unallocated space which depict children engaged in sexual acts. From the “User Account,” he recovers several hundred pornographic pictures and movies, all of which depict adults engaged in various sexual acts. He exports all the pictures and movies to a DVD and turns it over to the prosecutor for court purposes. Subsequently, he arrests the subject and charges him with possession of child pornography.