Some Challenges to Preparing for Accreditation in Digital Forensics
To attain ASCLD/LAB – International accreditation, a laboratory must achieve 100% compliance with every applicable clause in the accreditation requirements. The requirements do not provide guidance as to which of the 422 clauses are applicable or what objective evidence is necessary to demonstrate conformance. Often overlooked is the fact that just about every sentence or lists of items in the accreditation requirements are ratable clauses to which the laboratory must demonstrate conformance or indicate that the clause is “not applicable.” Some non-applicable clauses are obvious, such as those relating to other forensic disciplines. Many others are not so obvious. Frequently, a word or phrase in a clause leads to a misunderstanding, a misinterpretation, or an oversight. For instance, ISO/IEC 17025:2005 Clause 5.5.2 states the following:
Equipment and its software used for testing, calibration and sampling shall be capable of achieving the accuracy required and shall comply with specifications relevant to the tests and/or calibrations concerned. Calibration programs shall be established for key quantities or values of the instruments where these properties have a significant effect on the results. Before being placed into service, equipment (including that used for sampling) shall be calibrated or checked to establish that it meets the laboratory’s specification requirements and complies with the relevant standard specifications. It shall be checked and/or calibrated before use.
The clause is commonly interpreted as follows: “Equipment used for testing must be capable of achieving accuracy. No calibrations are conducted in the Computer Forensics sub-discipline, therefore no calibration programs need to be established. Equipment does not need to be calibrated before being put into service. Equipment does not need to be calibrated before use.”
Software that operates equipment and software used during examinations (acquisition software, data analysis software, etc.) is covered by the first clause. This is often overlooked, resulting in a non-conformance. The second clause is not applicable. Since clauses three and four make reference to calibration, many will interpret that they also are not applicable. Although the equipment and its software (i.e. forensic computers, write blockers, acquisition software, etc.) are not calibrated, both those clauses are applicable. Equipment and its software can be checked before being placed into service and before being used for examinations using appropriate standards and controls. Failure to do so would be a misunderstanding of the requirements and lead to additional non-conformances.
From: ISO/IEC 17025:2005 Accreditation of the Digital Forensics Discipline by John J. Barbara