Computer forensics is a type of technology that is very sensitive in that it is bound to changes at any moment. The forensic crime laboratories provide a good phenomenon for the computer forensic training, analysis as well as the education. Dow et al (1993) defines computer forensics implying computers and the subsequent analysis of their hard drives where data the computer stores data inform of ones and zeroes. This data is referred to as digital data. However, in our case we specialize more on the computers even though there are other devices that also store data as well in form of digital data. These are devices like cameras, personal assistant devices like phones iPads among others. They contain SD cards that store this data in a subsequent manner and in form of ones and zeroes. All these devices have one common thing in their method of data storage. This therefore leads us to conclude that the computer forensics is the use of specific scientific techniques in the recovery, preservation and analysis of digital data that can be of use in the legal matters (NIJ, &, NRC, 2012)
Regulation And Accreditation
The computer forensic laboratories are subject to accrediting by the American Society of Crime Laboratories Directors or by the Laboratory Accrediting Board. This act begun way back in 1982. The computer forensic laboratories therefore have to meet the set standards for it to be used as a training and other roles. These standards are easily adoptable to any lab independent of the size. A stand-alone computer forensics laboratory must document and shows compliance to at least 102 standards before so that accrediting can be granted to it. It is also necessary to have both the realistic and practical solutions in order to apply these standards (Gilbert & Shenoi, 2009, pp. 17–36)
When dealing with the computer forensics several legal orders must be followed to ensure standardization of the information and smooth flow of issues. Remember the data collected in these laboratories are not touchable and cannot be seen. Hence they need to be bounded by some scientific standards. Some of the legal issues that the laboratory people should follow especially when collecting and analyzing forensic data. The laboratories must document the training programs. This is to ensure that every person who goes through the program will have same knowledge. Again, it enables the laboratory to keep track of the proceedings of the program (Casey, &, Gerasimos 2008, pp. 93–98).
Quality Of Accreditation
The quality should also ensure that the laboratory is accredited. The ISO/IEC 17025: 2005 is an international quality standard that the accreditation bodies use in the accreditation of both the testing and calibration laboratories. In our case the forensic laboratories fall under the testing category of the standard. The standard has two main sectors which are the section 4 that covers the management requirements and section 5 which covers technical requirements. 131 potentially applied clauses are in section 4. This section is all about the managements requirements in their operational activities and the efficiency of the Quality Management Office. On the other hand the technical standards are the employees’ competence, equipment, quality assurance measures, reporting test results, sampling and sting methodology. Accreditation provides a methodology of improving the quality of the laboratory and improved quality (Mohay, 2003, pp. 395)
Other legal requirements are based on data collection of the laboratory information. These requirements are massive, multifaceted and they vary from one country to another. One of the commonly shared rules is on the log files. The rule states that they must be permissible as evidence if they are collected during business. Another rule is that the logs, which may be considered as hearsay, are as well admissible if they are collected in the course of business activities that are regularly occurring (Ross, &, Gow, 1999).
Employee Skills And Competence
The laboratories must thoroughly examine the examiners before allowing them to issue the examinations. This will enable them to acquire examiners with good skills and hence the laboratory will attain the good standards as they aspire. In this activity, the Quality Management System must ensure that they carry out a competence testing of the examiners (YiZhen, &, YangJing, 2008, pp. 1–8).
Lab Policies And Procedures File
The other legal requirement is documentation of the policies and procedures that the laboratory uses in identifying, collecting, preserving, and protecting the evidence from being lost, contaminated or deleteriously undergoing changes. By doing this, they will be able to provide evidence in case one of the policies is fails in any data that is in the laboratory. Sometimes the laboratory owners may find themselves in the court being accused falsely of the data that they could be holding in the laboratories. They therefore should provide these documents as evidence that they have followed all the policies in owning this data.
The forensic laboratory management should also document the performance tested technical procedures. This is to validate that the performance contracts were conducted as per the procedures and policies stated. Kruse, &, Heiser, (2002, p. 392) states that this also shows some act of good management
Filling System, And Fitting
The laboratory management should also ensure that the log files can prove that no one has tampered with them. In that case the digital signatures should be used to identify and verify the authenticity of the logs. The laboratory management should also ensure that the logs are stored in a devoted logging server and encrypting logging files.
User Requirements Analysis
Another data collection legal requirement is the user’s requirement of the collection of evidence privacy. The laboratory management should ensure the implementation of the logon banner. This banner enables the user to acquire no right in privacy when using the corporate networks. Under this legal requirement the Cert Advisory CA-1992-19 suggested the quoted text below to be tailored in the laboratories precise needs under the control of legal counsel:
This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel. In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials (Ross, &, Gow, 1999).
The above quotation has been retrieved from Epic Analysis of New Justice Department Draft Guidelines on Searching and Seizing Computers (1995). The employees should also ensure that they sign into the laboratory requirements when they are starting to work with these laboratories in the case of data collection.
:Repairs, fitting and replacements
:Labor cost , and salaries
:Management emoluments and allowances
:Technical fittings, and lab equipments
Balance brought down
National Institute of Justice, &, National Research Council, (2012). Strengthening Forensic Science in the United States: A Path Forward Paperback. BiblioGov
Banisar, Dave. (19950. “EPIC Analysis of New Justice Department Draft Guidelines on Searching and Seizing Computers.” dojseizure-guidelines
Casey, Eoghan; Stellatos, Gerasimos J. (2008). "The impact of full disk encryption on digital forensics". Operating Systems Review 42 (3): 93–98.
Ross, S. and Gow, A. (1999). Digital archaeology? Rescuing Neglected or Damaged Data Resources. Bristol & London: British Library and Joint Information Systems Committee.
YiZhen Huang and YangJing Long (2008). "Demosaicking recognition with applications in digital photo authentication based on a quadratic pixel correlation model".Proc. IEEE Conference on Computer Vision and Pattern Recognition: 1–8
George M. Mohay (2003). Computer and intrusion forensics. Artech House. p. 395
Peterson, Gilbert & Shenoi, Sujeet (2009). "Digital Forensic Research: The Good, the Bad and the Unaddressed". Advances in Digital Forensics V (Springer Boston) 306: 17–36
Warren G. Kruse, Jay G. Heiser (2002). Computer forensics: incident response essentials. Addison-Wesley. p. 392