Is Digital Forensics too dependent on point and click tools?

Should the Federal Government regulate Digital Forensics?

Does Digital Forensics fall under the umbrella of Technology or Science?

Digital Forensic Certification Bodies Should be Accredited by the Forensic Specialities Accreditation Board (FSAB)

Sunday, February 7, 2010

The Coming Storm - Cloud Computing and Digital Investigations

By now we all heard how cloud computing will revolutionize the Internet and be the next best thing to happen to online businesses, consumers, education and the world at large. But we haven't heard much of what investigative concerns the so-called cloud brings with it. As most of us realize, the concept of cloud computing is nothing new. Technically we have been living with this "cloud" since the inception of the Internet and the World Wide Web. What this new cloud concept seems to add to the equation, is the ability to have various levels of distributed storage and application services.

While there are numerous security concerns being discussed by various cyber security "Czars," there seems to be little if any discussion about how the cloud will affect digital forensic investigations. Just off the top of my head I can think of several concerns that are generic to the concept of cloud computing to say nothing of specific concerns related to specific implementations or hardware and software applications.

Some basic questions are related to:

a) Jurisdiction - which sovereign nation or nations has/have authority?

b) Ownership - who actually owns the data in question?

c) Expectations of privacy - what will be the standard for reasonable expectations of privacy in the cloud?

d) Location of evidence - where do we even begin to look for data that may be classified as evidence for the investigation?

e) International cooperation - will countries housing/storing the data be willing to cooperate during an investigation?

f) Localized evidence - what artifacts will be left on the client machine?

To me these seem like obvious questions/concerns that we need to think about, debate and start working toward some answers. As I stated in the opening paragraph, the cloud is being touted as the greatest thing since "sliced bread," whether this is actually the case or not.

We as investigators will soon find ourselves truly immersed in the world of "virtual" evidence; a very sobering thought. One can only imagine how a judiciary who has trouble wrapping its mind around the concept of e-mail, will be able to keep up with the various technical solutions that make up the concept of cloud computing.

It behooves the digital forensics community to weigh in on discussions related to cloud computing and provide input as to what this latest technology savior will eventually become.

Wednesday, January 13, 2010

Reactions to the NAS report on the State of Forensic Sciences

As we get ready for the upcoming American Academy of Forensic Sciences conference in Seattle February 2010, I am struck by a rather interesting debate that is coming to a head in both the forensic sciences and legal communities. As many are aware, the national academies of sciences report to Congress on the state of forensic sciences really shook the forensic sciences discipline and legal community at its very core. Most commentators have focused on the negative components of the report, but few if any have really looked at the positives and or the gaps in knowledge of those drafting the report.

During a recent discussion with several colleagues who are at the forefront of international and national standards and credentialing, we were struck at the lack of mention both in the report and the follow-up conversations by the different government and quasi-government agencies, of any of the ongoing work by the numerous forensic sciences bodies that were initiated long before the report was tabled.

I think I will leave the discussion regarding the knowledge gaps that appeared in the report for another day. A corollary issue is the heated debate over the role government has in the regulating of forensic sciences. Some post-report camps wholeheartedly support the notion that state, local, tribal and federal governments should be more closely involved in the regulation, standardization and funding of the forensic sciences. A second camp is diametrically opposed to this recommendation. The gist of this camp's argument is that by including government in a regulatory and standardization role, we will end up with an even more fragmented forensic community. It would appear that these folks endorse more of the free market economy approach and believe the scientific community will correct itself albeit under the direction of the legal justice system.

To be honest I have mixed feelings about this issue. Being both a forensic scientist and member of international and national bodies attempting to draft a universal code of ethics, nationally recognized credentials and standards etc., I see little if any real positive development by the scientific community if left to its own devices. Part of this lack of development, or probably more appropriately dysfunctional development, is the result of the interference by the vendor community and other private-sector interests who in fact often have goals contrary to the altruistic goal of developing "good science." Yet I have also seen how completely dysfunctional and self-serving government interference can be in the leadership of the forensic sciences.

Still others would argue that government interference in this domain is no different from what has been historically done. While I agree with this assertion, just because it has been done historically, doesn't mean that it has been successful or should be continued in the future. I believe a more pragmatic solution falls within the realm of what could be termed a "centrist approach". By this I mean a combination of government oversight as it relates to funding and nationally/internationally standardizing the forensic sciences and the introduction of a non-governmental agency who has ultimate oversight of the scientific community; free from influence and interference from both the government and the private sector. I fully realize that such an idea is rather utopian.

The last thing the forensic sciences community needs at this juncture is to become fragmented and bogged down in petty disputes and knee-jerk reactions to an as of yet un-acted upon NAS report. Given the current and near-term economic conditions, it is doubtful that any of the major recommendations of the report (e.g., the creation of the National Institute for Forensic Sciences) will come to fruition. I personally believe that if we look at the bigger picture we soon realize that the "moral of the story" here is that if the forensic sciences community does not get its collective house in order, we will have far less than perfect solutions thrust upon us from external bodies that more than likely will only been given a limited or, agenda biased, view of the domain in question.

If history is any indication, we will likely find ourselves in a situation where the NAS report, while garnering media attention currently, will soon be forgotten, archived, and never acted upon, as has been the fate of other forensic sciences reports that have preceding this one. Only time will tell, but regardless, this should make for a very interesting meeting in Seattle.