Friday, September 24, 2004

"Certified" Digital Forensics Labs

One helpful speaker at the HTCIA conference was Timothy Kosiba of the FBI Computer Analysis and Response Team (CART). (Some people say "CART Team." These are probably the same people who say "NIC Card," forgotting "NIC" means "Network Interface Card.") Mr. Kosiba explained the rising importance of forensic lab accreditation by the American Society of Crime Laboratory Directors / Laboratory Accreditation Board (ASCLD/LAB). Apparently the CART parent organization, the FBI Lab, only attained ASCLD/LAB accreditation four years ago, in the wake of the OJ Simpson trial.

What might ASCLD/LAB accrediation entail? A few excerpts from the Proposed Revisions to 2001 Accreditation Manual provides a few hints, as the ASCLD/LAB documents are not available for free:

"2.11 Digital Evidence

Principle

Examiners must have mastery of the theories, procedures, and techniques necessary to produce reliable results and conclusions.

Standards and Criteria

Digital evidence examiners should have a baccalaureate degree with science courses.

Examiners must have a good understanding of the principles, uses, and limitations of the hardware, software, and the methods and procedures as applied to the tasks performed.

Examiners must have education and training/experience commensurate with the examinations and testimony provided. Independent case examinations must not be undertaken until extensive instruction from a qualified examiner has been completed.

Examiners must have successfully completed a competency test.

A proficiency test must be successfully completed by each examinder at least annually."

There are a few other items in the .pdf, so I recommend reading it or requesting the original documents from ASCLD/LAB itself.

Mr. Kosiba also mentioned the Scientific Working Group on Digital Evidence (SWGDE) and the European Network of Forensic Science Institutes (ENFSI) as sources of standards.

No comments: