Sunday, March 1, 2009

Part 2 - Computer Forensics Certifications, Are they really worth it.

Apparently my post hit a nerve.  So I thought I would explore this a little more and get to the heart of the matter about certifications in this field.

And I am sure that I am going to get some more comments, because I am going to state the truth as I see it.

Certifications as it stands today, don't mean anything.

Ok, I said it.  Now I have to back it up. Here goes.

Holding a certification would only mean something if it was required for you to practice in the field.  The fact that you can practice "forensics" with no more than a how-dee-do to your credit leaves the field open to "button jockeys".

This ain't IT folks.  No offense to the huge number of computer support people out there, I spent many years doing IT work and still do some of it for selected clients.

But at the end of the day, if Mary isn't getting her email for a few hours, no one is going to prison or going to die because of it.

That is the difference.  When you start tossing around the word forensics, you are entering a totally different arena where what you do has an impact on people's lives.

And certifications, as they stand today, do nothing to standardize the field, because the certifications are not standardized.

I consider myself to be a "kick ass" defense expert.  Is there a certification for that? Yes, there is.  It's call references. And I have a lot of them.  Including some from cases where my work directly kept someone from going to death row.

DanMiami says, "Again, there is NO EXCUSE for a true expert in this industry to NOT have certifications in what they think they are experts in."

I have to reply that there is no real driving reason to get certifications.  Having one will not enable someone to explain the inner workings of how file carving works, or data recovery or how to recover an MS Exchange EDB.

As long as you can buy a book and attend a short boot camp to get a certification with no prior experience, their value is pretty low to me.

And that is the truth about it.  Right now, certifications are as valuable as the individual who gets them thinks that are.

A certification, a professional does not make.

Someone else pointed out an article from the National Academies of Sciences where they state, "Certification and Accreditation Should Be Mandatory
Many professionals in the forensic science community and the medical examiner system have worked for years to achieve excellence in their fields, aiming to follow high ethical norms, develop sound professional standards, and ensure accurate results in their practice.  But there are great disparities among existing forensic science operations in federal, state, and local law enforcement agencies.  The disparities appear in funding, access to analytical instruments, and availability of skilled and well-trained personnel; and in certification, accreditation, and oversight.  This has left the forensic science system fragmented and the quality of practice uneven.  Except in a few states, forensic laboratories are not required to meet high standards for quality assurance, nor are practitioners required to be certified.  These shortcomings pose a threat to the quality and credibility of forensic science practice and its service to the justice system, concluded the committee.
Certification should be mandatory for forensic science professionals, the report says.  Among the steps required for certification should be written examinations, supervised practice, proficiency testing, and adherence to a code of ethics.  Accreditation for laboratories should be required as well.  Labs should establish quality-control procedures designed to ensure that best practices are followed, confirm the continued validity and reliability of procedures, and identify mistakes, fraud, and bias, the report says."

I couldn't agree more.

Most of the vendor neutral certifications require you to sign a "Code of Ethics."  The question is, who enforces that or even oversees it?  No one, that I can find.

As far as I am concerned, for certification to really mean something, and I believe that it should, it should be the minimum bar you must hurdle to practice in the field.

It should be standardized like the CPA exam, the Medical Boards, the Bar Exam or the Professional Engineer requirements  that you must meet to get a license to practice.

You don't see people running around putting their stamp on engineering plans after they run through a boot camp for a week.

Having a real, standardized, practical certification that is recognized by all states, and is a requirement to practice,  should be the goal of every professional in this field.

And I am not talking about us getting Private Investigators licenses.  That is just a dumb idea that unleashes people with fake credentials on an unsuspecting public.

So while having a CCE or EnCE or whatever behind your name does mean something from the standpoint that you got the certification.  It does not accomplish much in the way of improving the field.

As a matter of fact, in every case I have worked, I have never encountered a law enforcement examiner with a certification of any kind.  

Does that mean they are "button jockeys"?  Not from what I saw.  And I certainly would not call them that since they have a gun and I don't.

I personally know some "button jockeys" out there and it pisses me off that people are paying them good money for a job they cannot do.  So, tell me, what professional board or oversight committee do I report them to?

That my friends, is THE problem.

No comments:

Post a Comment

I have moderated my comments due to spam.