Is Digital Forensics too dependent on point and click tools?

Should the Federal Government regulate Digital Forensics?

Does Digital Forensics fall under the umbrella of Technology or Science?

Digital Forensic Certification Bodies Should be Accredited by the Forensic Specialities Accreditation Board (FSAB)

Follow by Email

Sunday, April 10, 2011

One Big Happy Family?

I have spent most of my academic career dealing with the problem of how do we combine the different digital forensic communities under one umbrella. I have observed, written, and advocated that we become a homogeneous group. The arguments followed that the different communities/constitutents (i.e., law enforcement, military, private sector/business and academia) shared a common goal and since the evidence that is digital in nature was our purview it was logical that we could identify our common ground and be able to develop standards, certifications, and professional ethics that were universal.

I now think I got it totally wrong. While the communities share some commonalities, the goals, motives, requirements are so vastly different and I will argue, diverging more each year, that to think we can have a community agnostic anything is false. I will use the private sector and e-discovery as a quick example. E-discovery is maturing and developing standards and processes that are unique to civil proceedings and the requirements of civil litigation. There is no necessity to make whole drive forensic images (and in some cases it is strictly forbidden by the discovery order). This is foreign to law enforcement and at odds with the basic tenet of imaging everything – in case we need it at a later date.

Futile efforts to develop a universal code of professional ethics further illiustrates the heterogeneity of the communities. In almost every case, articulated codes of ethics have run imto issues were it would be unethical for private sector practitiioner to follow, or practitiioner who worked for the defense as opposed to the prosecution. An example of such a clause is full disclosure of all findings ( I will leave it to the reader to think up examples that would run contrary to expected conduct of the practitioner examples I indicated).

We may be better served by developing certifications, standards, and codes of ethics that are community specific. I would never thought I would even be considering this, and many of my students would be very shocked by my makiing such an assertion. However, one cannot ignore the realities that seem to continually jump up and slap one in the face.

While this is just a thought experiment for me at the moment, it has some profound implications for the future of our scientific discipline and therefore needs to be seriously  considered and discussed.


  1. This comment has been removed by the author.

  2. I agree. Developing a universal code of ethics or set of standards is not only impractical but it would be difficult because the applications of digital forensics can vary. Digital forensics could be utilized for rudimentary file recovery by joe shmo whose partition table was corrupted. It could be used by law enforcement for the prosecution of an individual who is believed to be associated with a criminal activity. It can be used by the military for intelligence gathering or as a targeting mechanism for cyber warfare. Private organizations may use digital forensics to prosecute malicious employees or ascertain the identity of individuals stealing intellectual property. Even though it is highly likely that many of the same tools would be utilized across the afore mentioned scenarios, the goals of those individuals and the means about which these goals are met can vary. It seems to me that the idea of a uniform set of standards and or code of ethics is simply an attempt by the digital forensics community to affect the greatest number of a heterogeneous group of people with the least amount of effort.

  3. Hi,
    Interesting post. My research is centered along these lines moreso with your original thought of bringing everyone together. I must say however though I am at the initial stages of my research I do wonder if you are correct in thinking differently now "We may be better served by developing certifications, standards, and codes of ethics that are community specific". as the communities seem not only to totally ignore each other but are 'bent' on doing their own thing. Hmmn Food for thought.

  4. I myself am a student of Computer Forensics. I must admit that I am not a pro yet! Do you mind i I ask what did you study? Are you a trained forensic engineer or something?

  5. Your university is truly amazing, please visit our website