Opposition grows over demands that digital forensics labs comply with ISO 17025
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
June 8, 2017
It looks like there is a lot of opposition over several demands that digital forensics labs comply with ISO 17025, an international checklist for specific laboratory testing when it comes to protecting users from cyber attacks.
The British government and its police want computer forensics labs serving Blighty's criminal justice system to be ISO 17025 compliant by October of this year, and some people in the community aren't too happy with that directive.
This simply means that IT experts helping to nail murderers and miscreants must follow the same regulations that DNA labs abide too, an approach that critics argue will raise costs without improving results.
The government's forensic science regulator has dismissed those concerns. A recent survey among digital forensic practitioners found that the general understanding about ISO 17025 is foggy at best.
Additionally, several respondents also complained about the high cost of implementing the standard, which is described as "general requirements for the competence of testing and calibration laboratories."
"In general, ISO 17025 is seen as both inappropriate, even useless and expensive" for digital forensics, according to Peter Sommer, professor of digital forensics at Birmingham City University.
ISO 17025 also sets the bar for high quality forensic science work, whether undertaken by the police or outside contractors. It's followed by labs tasked with matching DNA, fingerprints, blood, paint, fibre, and so on, ensuring that the test procedures and equipment are fair and valid.
Sommer also argues that digital forensics presents several challenges to this model that render a "one size fits all approach" advocated by the FSR inappropriate.
The speed of change in technology means that the relatively slow process of formal validation that applies in conventional forensics cannot be used in digital forensics, unless one recognises that digital forensic evidence will never be able to cope with devices that use recent operating systems and applications.
Additionally, the overall process of getting ISO 17025 certified is expensive both in preparation and in fees to the certifying body, UKAS [United Kingdom Accreditation Service].
Much digital forensics activity is concerned with reconstructing events and providing expert interpretations rather than a basic binary test, and this makes ISO 17025 inappropriate, according to Sommer. He argued that matching DNA, fingerprints, paint fragments and fibres (the work of the mainstream forensics labs) isn't exactly comparable with computer forensics, so a different approach is absolutely required.
Sommer asserted: "A number of established private sector digital forensic companies say that they will withdraw from police and publicly funded work" if the ISO 17025 is forced upon them.
A spokesperson for the government's forensics regulator defended the looming requirement, arguing that ISO 17025 compliance offers tangible benefits, not least in upholding standards.
In conclusion, although the regulator and the Home Office are constantly keeping standards under review, we understand that there are no plans to change the current requirements or implementation timetable.
Sommer wants ISO 17025 compliance limited to certification to the initial evidence preservation stage, and the development of existing good practice guides specific to computer forensics rather than adopting a new non-industry-specific framework.
Source: Birmingham City University.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.