Security

Digital forensics resembles the Wild West when it comes to regulation

If digital evidence is important enough to convict a person, shouldn't the evidence be regulated in a manner similar to DNA? A digital forensics expert weighs in.

wildwestistock000068900541trekandshoot.jpg
Image: iStock/trekandshoot

We want to believe all possible care is taken by responsible parties to ensure the validity of evidence introduced in a court of law. For example DNA evidence is identified, recovered, and processed according to exacting, standardized procedures.

Dr. John J. Sloan III, professor of criminal justice and sociology at The University of Alabama at Birmingham (UAB), is not so sure that can be said about court-bound digital forensic evidence. Sloan admits he is not a digital forensics practitioner; however, Sloan's list of credentials make his opinion valuable. He co-founded and co-directs a graduate program in digital forensics, co-founded a digital forensics research center, and taught courses on professional ethics for criminal justice and digital forensics students at UAB for 10 years.

"These experiences helped me to identify a glaring issue in the field of digital forensics: a lack of professional and ethical standards governing practitioners," wrote Sloan in this commentary at The Conversation. "And as digital forensics gains prominence in the legal landscape, the lack of agreed-upon standards is a big problem."

What is digital forensics?

Sloan defined digital forensics as the identification, recovery, analysis, and presentation in court of relevant information taken from electronic devices such as computers and cell phones. This FBI definition affirmed Sloan's interpretation, adding that digital forensic evidence must be:

  • Technologically robust to ensure that all probative information is recovered.
  • Legally defensible to ensure that nothing in the original evidence was altered and that no data was added to or deleted from the original.

During a phone conversation, Sloan told me digital evidence already plays a significant role in court cases, leading to convictions and prison time on criminal charges and the assessment of financial damages in civil cases. Sloan added, "Digital forensic technicians — whether government-employed or private contractors — who testify in court about digital evidence can be the difference between justice served and justice denied."

How digital forensics resembles the Wild West

Sloan suggested that the digital forensics landscape resembles the Wild West. I asked Sloan why. His response:

"Increasingly, people who recover and process digital evidence seldom have adequate training in computer science, information systems, or digital forensics. And, there's no agreed-upon standard protocol for retrieving or analyzing digital evidence — unlike with DNA evidence.

"This means many who process digital evidence do not understand the software and how evidence is recovered. What they're most interested in is how easily the evidence can be analyzed, how quickly the analyzing software can generate a report, and whether the report is easy to understand.

"Furthermore, when forensics technicians find software that is 'user-friendly,' they often share that information with colleagues who then are likely to purchase the same software. Rarely are questions about the validity or reliability of the forensic tool asked. If questions are asked, it is usually to the vendors who will provide answers based on their research."

Sloan offered this report to Congress (PDF) as collaboration for his comment about not having standards, "Investigators in the newest forensic discipline, digital evidence, also need to remain current in a fast-changing field," from page 22 of the report. "The discipline is now accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board, but currently there are no nationally recognized standards or certification for digital-forensic practitioners."

Real-life example

We need look no further than the Casey Anthony case for an example. This article from The New York Times provides insight on how a software tool provided false evidence, which experts in the article say was a major part of the prosecutor's case.

What's the answer?

Sloan believes the answer consists of the following:

Sloan has been instrumental in raising awareness about this issue. "Last May, I co-organized a two-day workshop on professional ethics and digital forensics that was funded by, and held at, the National Science Foundation (NSF)," said Sloan. "The workshop explored the need for a code of ethics and the contours of what such a code might include. We also examined hurdles to establishing a code, and existing codes from other professions that could serve as models." (Read about an upcoming workshop.)

As for standards, Sloan said, "Thankfully, the situation is changing as the National Institute of Standards and Technology works to develop specific standards for analyzing digital evidence."

Sloan summed it up saying, "As digital evidence becomes more common in legal proceedings, ensuring that practitioners have the strongest professional ethics is not only sensible, it is imperative."

Also see

Note: TechRepublic and ZDNet are CBS Interactive properties.

About Michael Kassner

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox