What’s in a name ?

Posted on March 29, 2010. Filed under: All, forensic | Tags: , , , , |


on my way back from yet another meeting. Funny how I used to hate them when I was a salaried employee, but find them quite interesting since there’s no way they can turn into extra work, unless I want them to, now.

The topic and participants aren’t really relevant to this entry, other than to note that it was a meeting about standards (of a sort) in digital forensics and that the participants were drawn from quite a wide community.

What I found really interesting about it was the way that the meeting seemed to start with the premise that digital forensics is a sub-discipling of information security. That’s something I’ve heard time and time again over the years and have even struggled with when it comes to getting papers published. The info. sec. community quite rightly understand that there is a “forensic” element required in their work – especially when things go wrong or when some sort of attack is attempted, but I would argue that digital forensics goes beyond the realms of info. sec. (and that’s why I always got bad referees’ reports on papers).

It’s not just about law enforcement either, which is the other view I’ve heard expressed on occasion.

No, to me, digital forensics is about the investigation of activity using data found on digital devices. The activity itself may not be a crime, may not constitute misuse, but may have some value in another context. Yes we ought to understand that, strictly speaking, “forensic” means it relates to courts & the law, but common use of the word now seems to mean “investigative science” (isn’t that redundant – isn’t all good science investigative anyway ? ) and digital forensics is a tool which can be deployed in a multitude of contexts. So, my stance is that it overlaps law enforcement and information security as a discipline in its own right, with features from both of those areas and more.

In fact – on Wednesday this week, snow permitting, I’ll be talking about yet another use – digital forensics in fire investigation – in Aberdeen.

Leave your thoughts and comments and I might award a buttery for the best one 😉

Of course, maybe the real problem is that we haven’t stopped to define digital forensics properly yet…

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

6 Responses to “What’s in a name ?”

RSS Feed for Forensically sound(ing off) Comments RSS Feed

isn’t all good science investigative anyway?

Yes, but it seems that is all too often forgotten now. The pressure is to have outputs. When the process becomes too mechanistic, good science (and the creative processes that go with it) are drooped at the altar of the metric.

Then again, even the phrase ‘digital forensics’ is becoming modish and muddied, as engineering departments, CS departments and a whole load of others crowd into an area that is newly fashionable and potentially good for recruitment.

In the process the wood is missed and all they see is trees: digital forensics is, in the end, just science. Science in a newer context perhaps (on machines, using machines and the network), but just science in the end.

And perhaps in this day and age, maybe some more blue sky science wouldn’t go amiss

I agree the the comments about “investigative science”. On the use of words……I prefer for the word “forensic” to be kept for anything “pertaining to the courts” rather than to be used generally. I think it is used too loosely. For example, TV Time Team excavations of archaeological sites are often said to have been “carried out forensically”, or a room may be said to have been “cleaned forensically”. What they mean here is that the work has been carried out stringently and carefully. But that does not make it “forensic”. If it did, would that make my cleaning lady a forensic worker?

Patricia – I, personally, agree with you about the word “forensic” – unfortunately, my colleagues in the information security world seem to have adopted it to mean “any action we have to take to figure out what went wrong after some unfortunate incident”, hence my ramblings in this article.

Is this not just plain old ‘investigation’ (and possibly some degree of mitigation)? I fail to see how and why ‘forensic’ would be used in this context, though maybe I’m biased in some way. Maybe ‘forensic’ makes things sound a little more interesting and appealling?

You know my position on accurate and concise use of definitions and terminology.. In such science-based disciplines, I feel that terms should be adequately defined, especially in this field when so much is placed upon one’s interpretation of findings (and more so, a jury’s interpretation of what on earth you are talking about).

That having been said, media is very influential. The term ‘forensic’ has pretty much become a buzzword that practically everyone is aware of, and to most people, this is the image of some sort of superhuman SOCO-Lab Technician-hybrid that doesn’t need to produce statements for court, not attend court, and is proficient in every science discipline known to man.

One could consider reviewing the terminology, propose legislation, discuss the issue of terms with forensic science providers, regulators, academia, etc. But at this stage, everyone knows the term ‘forensic’ (whether right or wrong) and introducing new definitions may confuse matters. Maybe we just have to grin and bear it?

I recall a ‘Hoover / Vacuum cleaner’ discussion some time ago…

I strongly suspect that it doesn’t matter one jot how any of us would like to define things.
For what it’s worth I would call it simply ‘investigation’ (mainly because it’s generally only part of the whole picture which isn’t all digital), and that it’s done to a forensic standard (which gets around the ‘need’ for it to be do with courts – the investigation is done to a standard whereby evidence is produced which would be suitable for a court).

Where's The Comment Form?


    This is the weblog of Angus M. Marshall, forensic scientist, author of Digital Forensics : digital evidence in criminal investigations and MD at n-gate ltd.


    Subscribe Via RSS

    • Subscribe with Bloglines
    • Add your feed to Newsburst from CNET News.com
    • Subscribe in Google Reader
    • Add to My Yahoo!
    • Subscribe in NewsGator Online
    • The latest comments to all posts in RSS


Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: