Technology and digital evidence are at the forefront of nearly every criminal, civil, and corporate investigation in the world. For the past thirty years digital evidence such as computers, cellular phones, tablets, servers, GPS devices, gaming consoles, storage devices, and network infrastructure devices have been forensically analyzed and presented in legal proceedings. In many cases digital evidence has been the “smoking gun” leading to successful convictions, lawsuits, employment terminations, and exonerations.
Although digital forensics has been recognized as a legitimate forensic science and has been utilized in the criminal justice system for the same length of time that DNA has, the discipline is anything but disciplined. Within the United States, any law enforcement agency, business, or individual can open a forensic “laboratory” and begin providing services without having to demonstrate even foundational knowledge, skills, or abilities. To further evidence this, within the law enforcement community alone there are only 67 digital forensic laboratories accredited to the ISO 17025:2005 standards for the nearly 18,000 law enforcement agencies in the country.
The lack of requirements for digital forensic practitioners to be certified in their discipline, be accountable to industry best practices and standards, or work out of accredited laboratories places the credibility of this forensic science in jeopardy. This paper will discuss the risks and impacts associated with unskilled practitioners who perform digital forensic analysis. Also included will be an examination of some legal cases that highlight the risks identified within the paper. Research and practical experience will be drawn upon to provide the reader with proposed solutions to improve the quality of the digital forensic discipline. Topics such as forensic analyst training, proficiency testing, certification, best practices, policies and procedures, and laboratory standards and accreditation will be discussed.
The good news is that much of the work has already been done to identify digital forensic best practices and laboratory standards. This paper will provide a framework for digital forensic practitioners and managers to comply with best practices, standards, guidelines, and analyst certification and training within the discipline as well as minimum requirements that should be met before digital forensic evidence is allowed to be introduced into a legal proceeding.
Keywords: digital forensics, computer forensics, digital evidence, forensic laboratory accreditation, forensic certifications, digital forensic best practices
To download the forensic policies and procedures manuals referenced in the thesis paper, see below:
- Video Forensics Training Manual
- Video Forensics Technical Manual
- Mobile Device Forensics Training Manual
- Mobile Device Forensics Technical Manual
- Digital Forensics / Incident Response Administrative Manual
- Digital Forensic Lab Quality Assurance Manual
- Computer Forensics Training Manual
- CIRT Forensic Validation Manual
- CIRT Forensic Technical Manual
To download the forms referenced in the thesis paper, see below:
- Post Mortem Windows Forensic Checklist
- Policy Manual Acknowledgement Form
- Incoming Evidence Form
- Expert Testimony Evaluation Form
- Evidence Disposition Form
- Evidence Chain of Custody Letter
- Evidence Chain of Custody Form
- Digital Forensic Report Template
- Contraband Acknowledgement Form
- Consent to Sanitize Digital Media Form