Friday, April 10, 2009

Digital Forensics Professionals - Where are we going?

Digital forensics has its foundation in data recovery. That is the first step in every digital forensics examination. Back in the old days, before forensics software was created, data recovery was done using laborious manual processes and used tools like Norton's Disk Doctor, Norton's PC Tools, and other types of DOS based command line tools. Peter Norton was one of the founding fathers of disk tools.

Computer forensics, like most forensic sciences, came out of the need for law enforcement to have better investigative and evidence gathering techniques. Because of this, many advances in technique, process and technology have occurred over the last twenty years.

Computer forensics built upon the data recovery process by adding the processes and procedures needed to use recovered data in a legal setting: The creation of standards for the acquisition and preservation of evidence, application of the chain of custody and investigative and reporting tools and techniques.

As those of us in the industry are aware, digital forensics follows the technology in an ever advancing world of new operating systems, new Internet browsers, new and different types of storage devices and digital systems.

Digital forensics also must stay abreast of the war between those who would do harm to others using digital technology and those who would prevent them from doing so.

As one of the few forensic disciplines that is driven at the pace of Moore's Law, the efforts to stay abreast of the advancing technology requires a tremendous effort by hundreds of dedicated computer scientists in the industry.

It is through the efforts of the many unknown and the few well known such as Brian Carrier, Harlan Carvey, Gary Kessler, Eoghan Casey and others that the industry is able to continue to advance at the pace it does. There are so many in the computer and software community who contribute both on the technology side and the process side of digital forensics, that while not becoming famous for their efforts, contribute mightily to the industry. It is this attitude of never being satisfied that what the industry has is good enough that makes Digital Forensics both a rewarding and challenging endeavor.

The Struggle for Identity

While the industry is doing a Herculean job to maintain pace with technology, it is not advancing as it should in other areas. This has created an identity crisis that must be dealt with soon for the industry to mature into what it should be; A recognized and standardized area of forensic science.

This leaves us in a position where states are trying to license us as private investigators, there are no truly cohesive standards for digital forensic professionals and while there are certifications galore, none of them really mean that much.

Why are we in this spot?

We are letting others decide who we are instead of deciding for ourselves as an industry. We are depending on the American Bar Association's statements to bolster our arguments. We do not have a national organization to lobby for all of us. We should be self regulating, not regulated by others.

What should we do?

First of all, we have to all embrace the concept that we are neutral experts. Not advocates for one side or the other. We should not be divided into opposing camps, some in law enforcement, some in private practice. While some work solely for the prosecution, and some assist defense attorneys, none of that should matter.

The first thing we need is a national organization that supports and advocates for all digital forensic professionals. Not just for one group or another.

For purposes of this post, I'll make up the name. "American Association of Digital Forensics Professionals"

What would be the purpose of such an organization?

1. Set a national standard applicable to all DFPs.
2. Create a certification that is recognized nationally, is based on reality and is applicable to real world cases.
3. Lobby national and state governments to make sure the profession is properly represented.
4. Provide some self regulating through the censorship of professionals who violate ethical or professional practices.
5. Provide the public with the assurance that someone who has managed to become a member of the AADFP has been vetted properly.
6. Provide a meaningful conduit for reporting to the Association instances of misconduct, that can be investigated and mitigated.
7. Create and sponsor continuing education.
8. Provide a clearinghouse for the collection and dissemination of industry relevant information.
9. Promote the industry as a genuine forensic science.
10. Participate in government and industry summits where forensic science is discussed and decisions made that effect our industry.
11. Provide educational materials and opportunities to up and coming high school and college students interested in entering the field.
12. Publish information for use by the legal community to assist them in better understanding the role and capabilities of digital forensics in litigation.
13. Set professional standards for all members.
14. Adopt and enforce a statement of ethical practice.

It is my opinion that if the industry had such an organization in place, and it was properly funded and performing as outlined above, most of the state boards that are considering PI licenses could be convinced that state level regulation is unneeded.

We need to come together as an industry and begin to present a united front and speak as one voice.

Until we move in this direction, it is my opinion that we will continue to have the issues we have today with random legislation and attacks by the PI community on our ability to provide professional services.

If we want to be able to argue that we are professional forensic scientists and not just computer people with some forensic and legal skills, we need to set the standards high and abide by them. Otherwise, there is not enough to distinguish us from the computer guy down the street or the PI who buys some forensic software product.

No comments:

Post a Comment

I have moderated my comments due to spam.