Archive for April, 2010

Fitness for Purpose revisited

Posted on April 29, 2010. Filed under: forensic | Tags: , , , , , , , , , |

I posted a hint, a few weeks ago, that I was intrigued by differing attitudes to the validation task which is effectively required by ISO17025 and the Forensic Science Regulator’s standards.

The two attitudes seem to be :

  • “Well, it’s just testing isn’t it ? How hard can it be ? “
  • “We have to do it, but think of the complexity! How many hardware and software configurations do we need to consider ? “

One comes from end-users of the tools, one from developers. I’ll let you decided which is which. the second response, though, is particularly interesting in light of some stories I’ve heard from teams who have tried to get accreditation for mobile phone work. There has been a suggestion that they have to test every handset which their systems claim they support – even the American spec. phones which don’t work in the UK.

Interestingly, in spite of the requirement to do this validation, there doesn’t seem to be much work going on to determine what we mean by “valid”. Personally, I fall back on software engineering definitions of validation and verification in this situation – it has to do the right thing in the right way. How do we find out how commercial software is doing something anyway ?

Back in December, I hosted a meeting of some industry representatives – mainly people I know or who were recommended to me, to look at the problem more closely. To start the ball rolling, I asked a couple of questions

  • What do we mean by fitness for purpose ?
  • What do we mean by purpose ?

Fairly obviously, the second questions needs to be answered before the first can be dealt with, but the outcome of the discussions we had was quite fascinating to me. You can find a copy of the full report in the “Regulation” section at http://www.n-gate.net/, but the short version is – we struggled to define purpose.

As we considered the various phases of a digital forensic investigation, and the different types of devices, methods and data which might have to be considered it became clear that relatively few people have sat down and done a proper old-fashioned requirements analysis. The view of the group was that we should launch a pilot programme to see if a requirements-led approach can work. The group recommended starting with the data acquisition phase (carefully chosen phrase as it encompasses non-digital data too) as this is the foundation of everything else that can be done.

Thinking more about this process has led me to start challenging accepted wisdom in digital forensics – for example, do we always have to try to get a complete image of every storage device ? Even the ACPO guide doesn’t say it, but anyone who doesn’t can rely on their methods being challenged in court. A proper requirements analysis, determined in part by the type of case might help here.

As always, though, we have the golden question – who has the gold to pay for this ?

(If you have any to spare, let me know – I’d love to get my teeth into this problem properly)

Advertisements
Read Full Post | Make a Comment ( None so far )

Reuse

Posted on April 8, 2010. Filed under: Education, forensic | Tags: , , , , , , , , , , , , , , |

or re-use ? Either way – this article (thanks for bringing it to my attention, Darren) expands on something that gets a mention in my next IRQ column in Digital Forensics Magazine – so that’s saved me a job (Oh! the irony!) for this week.

The regulator’s working group on digital forensics met for the first time in nearly a year yesterday – and the validation/verification debate kicked off again. Interestingly there was a clear split between the software engineers and the rest of the community – I’m going to ponder and reflect for a while longer and then post something here about it, I think. Meanwhile, if you haven’t seen the papers I’ve produced (with the support and help of some industry figures), you’ll find them here.

Read Full Post | Make a Comment ( None so far )

    About

    This is the weblog of Angus M. Marshall, forensic scientist, author of Digital Forensics : digital evidence in criminal investigations and MD at n-gate ltd.

    RSS

    Subscribe Via RSS

    • Subscribe with Bloglines
    • Add your feed to Newsburst from CNET News.com
    • Subscribe in Google Reader
    • Add to My Yahoo!
    • Subscribe in NewsGator Online
    • The latest comments to all posts in RSS

    Meta

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: