4.2 A brief history of digital forensics
Until the late 1990s, what became known as digital forensics was commonly termed ‘computer forensics’. The first computer forensic technicians were law enforcement officers who were also computer hobbyists. In the USA in 1984 work began in the FBI Computer Analysis and Response Team (CART). One year later, in the UK, the Metropolitan Police set up a computer crime unit under John Austen within what was then called the Fraud Squad.
A major change took place at the beginning of the 1990s. Investigators and technical support operatives within the UK law enforcement agencies, along with outside specialists, realised that digital forensics (as with other fields) required standard techniques, protocols and procedures. Apart from informal guidelines, these formalisms did not exist but urgently needed to be developed. A series of conferences, initially convened by the Serious Fraud Office and the Inland Revenue, took place at the Police Staff College at Bramshill in 1994 and 1995, during which the modern British digital forensic methodology was established.
In the UK in 1998 the Association of Chief Police Officers (ACPO) produced the first version of its Good Practice Guide for Digital Evidence (Association of Chief Police Officers, 2012). The ACPO guidelines detail the main principles applicable to all digital forensics for law enforcement in the UK.
As the science of digital forensics has matured these guidelines and best practice have slowly evolved into standards and the field has come under the auspices of the Forensic Science Regulator [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] in the UK.
Activity 10
Part 1
Search the internet for no more than five minutes for the series of ISO standards relating to digital forensics and list each of the standards you think applies.
Discussion
You may have found the ISO27001 information security website in your search results. This lists various standards relevant to digital forensics some of which are draft:
- ISO/ IEC 27037:2012 Guidelines for identification, collection, acquisition and preservation of digital evidence
- ISO/ IEC 27041 Assurance for digital evidence investigation methods
- ISO/ IEC 27042 Guidelines for the analysis and interpretation of digital evidence
- ISO/ IEC 27043 Incident investigation principles and processes.
You may have looked at the ISO website for these too. You can browse standards by the relevant technical committee (ISO/ IEC JTC1 – Joint Technical Committee) and this shows both published and draft standards. (The abbreviation ISO/IEC/DIS stands for International Organization for Standardization/International Electrotechnical Commission/Draft International Standard.)
British Standards has a standards development site which you can search and has a link to their Draft standards review site.
Part 2
Search the internet for the current UK Forensic Science Regulator’s Codes of Practice and Conduct (Forensic Science Regulator, 2011). Read Section 21 and say why a digital forensic scientist might have difficulty complying with this item.
Answer
A forensic scientist may have difficulty complying with Section 21 of the Forensic Science Regulator’s Codes of Practice and Conduct because software rarely (if ever) comes with a certification from the manufacturer as to its validity (or for that matter, fitness for purpose to do anything).