Is Digital Forensics too dependent on point and click tools?

Should the Federal Government regulate Digital Forensics?

Does Digital Forensics fall under the umbrella of Technology or Science?

Digital Forensic Certification Bodies Should be Accredited by the Forensic Specialities Accreditation Board (FSAB)

Sunday, April 10, 2011

One Big Happy Family?

I have spent most of my academic career dealing with the problem of how do we combine the different digital forensic communities under one umbrella. I have observed, written, and advocated that we become a homogeneous group. The arguments followed that the different communities/constitutents (i.e., law enforcement, military, private sector/business and academia) shared a common goal and since the evidence that is digital in nature was our purview it was logical that we could identify our common ground and be able to develop standards, certifications, and professional ethics that were universal.

I now think I got it totally wrong. While the communities share some commonalities, the goals, motives, requirements are so vastly different and I will argue, diverging more each year, that to think we can have a community agnostic anything is false. I will use the private sector and e-discovery as a quick example. E-discovery is maturing and developing standards and processes that are unique to civil proceedings and the requirements of civil litigation. There is no necessity to make whole drive forensic images (and in some cases it is strictly forbidden by the discovery order). This is foreign to law enforcement and at odds with the basic tenet of imaging everything – in case we need it at a later date.

Futile efforts to develop a universal code of professional ethics further illiustrates the heterogeneity of the communities. In almost every case, articulated codes of ethics have run imto issues were it would be unethical for private sector practitiioner to follow, or practitiioner who worked for the defense as opposed to the prosecution. An example of such a clause is full disclosure of all findings ( I will leave it to the reader to think up examples that would run contrary to expected conduct of the practitioner examples I indicated).

We may be better served by developing certifications, standards, and codes of ethics that are community specific. I would never thought I would even be considering this, and many of my students would be very shocked by my makiing such an assertion. However, one cannot ignore the realities that seem to continually jump up and slap one in the face.

While this is just a thought experiment for me at the moment, it has some profound implications for the future of our scientific discipline and therefore needs to be seriously  considered and discussed.