What would be considered appropriate standards and controls for a Computer Forensics examiner to use? To date, a number of methods or practices have been developed, all relying upon MD5 hashing. Each is described below along with a discussion of its applicability. Other methods and practices may exist.
The use of standards and controls in scientific experiments is a fundamental axiom of the scientific method. An important consideration is the nature of the scientific experiment itself as it may require the use of multiple standards and controls. Likewise, this axiom holds true in forensic science.
Computer forensics is a field that is changing as fast as software can be written—and that’s fast.
Appropriate standards and controls must always be specified in the analytical procedure and their use documented in the case notes.
To say there are many issues faced by today’s digital forensics community would be an understatement. Lack of funding, cross-jurisdictional legal struggles, and a lack of qualified professionals are just a small sample of the main body of issues.
There are examiners working today in some agencies that do not have documented technical standard operating procedures ( SOPs) for the analysis of digital media. Most likely, this is because there are no Quality Assurance Practices (QAP) being followed and no Quality Assurance Systems (QAS) in those agencies to provide oversight.
Quality Assurance Practices are essential to ensure the overall quality of services that a Computer Forensics unit provides. Two of the fundamentals of quality assurance are a documented Quality Assurance Manual (QAM) and an individual designated as the Quality Manager (QM).
Recently, during the issuance of a search warrant, police officers seized a laptop computer, two DVDs, and a digital camera with a memory card. Since any of the seized items could possibly have contained probative evidence, all were submitted for forensic analysis.
Previous columns discussed implementing an overall Quality Assurance Program (QAP) for a Computer Forensics Section. Two essentials of an effective QAP are the Quality Manager (QM) and a documented Quality Assurance Manual (QAM).
No matter what anybody tells you, words and ideas can change the world.~from Dead Poet's Society
Just as ballistic experts can trace bullet casings back to the gun that fired the shell, university researchers have devised a way to trace specific digital photographs back to the exact digital camera that took the photo.
Previous columns discussed starting a Computer Forensics unit. This column begins a discussion of Quality Assurance Practices that the unit must follow to generate quality results.
There's good news and bad news: lower processing costs and diminishing film availability have driven forensic science toward digital photography.
All software tools and hardware devices must undergo some sort of performance verification/validation testing in the examiner’s laboratory PRIOR to using them for forensic analysis.
Today we have an entire category of crime that did not exist prior to recent technological developments. Collectively referred to as “Cybercrime,” it includes the use of computers, digital devices, digital media, and the Internet for illegal purposes.
Part 2 continues discussion of some software tools that are available for examiner use.
This column will focus upon some (emphasis on some) of the software tools that are available for examiner use.
In the previous column, Craig was put in charge of starting a Digital Forensics Section. His laboratory director, George, informed him that there was limited funding available to allocate to the section and he needed to be as fiscally responsible as possible.
Craig is sitting in his office enjoying a cup of coffee when his telephone rings. He answers and on the line is his boss, George, the laboratory director. George informs Craig that he wants to provide Digital Forensic analysis services within the next six months. Craig begins to get an uneasy feeling about where this discussion might be heading.
We now continue with suggested practices to attain compliance with select essential standards and criteria. Emphasis is placed upon the Computer Forensics sub-discipline. All criteria cited are derived from the 2003 ASCLD/LAB Legacy Manual.