All

Feeling that experts aren’t right

Posted on July 3, 2016. Filed under: All, life | Tags: , , , , , |

A little thought provoked by an exchange on Facebook. This is a slightly expanded copy of what I wrote in that exchange and is by no means complete.

The most dangerous phrase I’ve ever heard is “I feel”. Few people seem to believe or decide anything any more, they always seem to “feel”.

I wish more people would challenge any apparent decision that begins with “I feel” or “I felt” (or that other weaselly phrase “I’m passionate about”). It may be a correct decision, but arrived at entirely by accident. It’s like trying to navigate from London to Adelaide by always following the prettiest or easiest road – it might get you there eventually, but it makes it a lot harder, takes longer than it should and probably leads to a lot of dead-ends and backtracking that others already knew about. We don’t accept “gut instinct” or “feeling that he’s a wrong ‘un” in the criminal justice system these days, so why should we accept it elsewhere?

Evidence is hard work. Thinking and rationalising is harder. Emotions are easy – go for the one that generates the warm fuzzy “feeling”. But then, when scientists are so often portrayed as being on the autistic spectrum (cf Sheldon Cooper), it makes it easy for those who are not in that world to claim that scientists and other experts just don’t understand the things that matter to them. The truth is, we often do understand them – but we can see other options and points of view clearly too.

“Shoulders of giants” is a bloody good metaphor – but needs to be explained a bit more clearly. The view’s pretty good from up here.

Read Full Post | Make a Comment ( None so far )

Words cannot be unread – but I sometimes wish they could.

Posted on September 12, 2013. Filed under: All, Education, life |

The proof is not in the pudding, the proof of the pudding is in the eating.

One does not “go direct”. Go to gaol. Go directly to gaol. Do not pass Go. Do not collect £200. Take the direct route if you wish, but go directly.

Mr. Clarkson, if something is 4 times greater than 1, it is 5, not 4.

I of haveten thought that Terry Pratchett’s least useful contribution to the literary word lies in the abuse have “of”.

There is too much loose use of “loose”. I fear we may lose the correct meaning.

Little Johnny went to the shops and brought some pies. I wonder if he bought them or was taking them there to sell ?

Clothes may be made of cloths.

They’re, there, their. It’s all better now.

 

 

 

 

 

Read Full Post | Make a Comment ( 2 so far )

Excellent news

Posted on November 29, 2011. Filed under: All, Education, forensic | Tags: , , , , , , , , , , , , |

Yet again, other activities have kept me away from this blog for far too long. Personally, I think that’s probably a good thing. A mix of casework and research commissions means I can afford to eat properly again (and those who know me will know how important it is that I maintain my physique – particularly in the current high winds).

The major projects that are keeping me busy are on a new website : Forensic Excellence where work on two of the three major elements of “forensic” quality systems is underway. The other bit of news is that I have an interview for funding of some work on the third element, and hope to be able to kick that work off towards the middle of next year.

Onwards and sideways!

Read Full Post | Make a Comment ( None so far )

ISO ISO baby – part 1

Posted on October 8, 2010. Filed under: All, Education, forensic | Tags: , , , , |

As I write this, it’s 8:50 a.m. on Friday in Berlin. I’ve been here since Sunday night attending a meeting of ISO/IEC JTC1 SC27 (that’s the Information Technology – Security Techniques sub-committee to anyone who isn’t fluent in standards committee numbers).

It’s my first time at an event of this type, though I’ve been to a few BSI meetings to discuss the work that’s going on within ISO that relates to “forensic” work. More on that in the next post.

What I’ve found fascinating this week, though, is the way language is being used. Within ISO the convention is to use english for all meetings and documents – but it isn’t quite the english that you or I know. It isn’t the Queen’s english, it isn’t American english, it isn’t even Euro-english – it’s something quite strange. It’s ISO english.

Words that we think we know the meaning of have to be defined and, much like Humpty Dumpty, when a drafting committee (the body responsible for defining a standard) uses a word, it means exactly what that committee wants it to mean, no more and no less.

As a result, ISO has had to produce a Concepts Database to manage the definitions. Try it – see if the words you thought you understood have the same meaning(s). You’ll find it at http://cdb.iso.org/ Don’t bother looking for “forensic”, by the way – it isn’t there.

Read Full Post | Make a Comment ( None so far )

Neglecting WordPress

Posted on August 1, 2010. Filed under: All | Tags: , , , |

Regular readers (do I have any ? ) will have noticed that I have completely failed to keep this blog up to date recently. There are reasons for this  – not particularly good ones, but there are reasons.

Starting this month, I’m aiming to set aside a couple of hours each month for an update. Meanwhile, don’t forget to look for my published ramblings in Digital Forensics Magazine and The Investigator (if the editor likes my latest idea, that is).

Read Full Post | Make a Comment ( None so far )

Requirement acquirement

Posted on May 19, 2010. Filed under: All, forensic | Tags: , , , , , , , , |

In a few recent posts, I’ve talked about the “fitness for purpose” challenge and the fact that it seems to be causing confusion or consternation amongst those who haven’t dismissed it as irrelevant. Partly, I think, this is because of misunderstanding about what the regulatory environment really means. The Forensic Science Regulator’s primary role is to produce Quality Standards for Forensic Science, not to define procedures. In that context, “fitness for purpose” is a test of whether or not something passes tests to show that it is fit for whatever purpose the forensic science provider wishes to use it for. Nothing more. There is no complex or secret agenda here. It’s simply a question of demonstrating that anything being used (method, process or tool) meets the requirements defined by the person using it, or by their customers.

Having recently written a “complementary evidence” report, in which I gave an independent view of some deviation from accepted procedures, I am now convinced that the approach we came up with at the meeting in December (see http://www.n-gate.net/ under “Regulation”) is right – we need to consider whether or not we can produce a set of industry-wide requirements which can be used as a starting point or menu by each provider. If we can get them agreed by the industry, we have the potential to standardise testing of methods, processes and tools as well as identifying gaps in current practice, and laying the groundwork for the future.

“Where to begin?” has been the stumbling block for the last couple of months, but now I have an idea. Watch this space and http://www.n-gate.net/ for progress.

Unrelated : I’ve been playing with a product called ZumoDrive on my Mac, Palm Pre (thankyou HP – WebOS has a future it seems!) and Linux server for a few weeks now. At the basic level it’s a free 2Gb cloud filespace which can link folders across multiple machines so they are always in sync as well as appearing as a targetable drive on all machines. It hasn’t fallen over yet and is providing me with an online backup for some important, but not confidential, files as well as taking over as a music storage service. Highly recommended. Upon installation, you get 1Gb free, but if you complete the online “dojo” training, you get another 1Gb. ( http://www.zumodrive.com/ ). Don’t rely on it as your only backup – but if you need to have access to different types of files in multiple locations, try it out – it even has version tracking and a web interface. (Apparently, it works on some lesser smartphones too ;P )

Read Full Post | Make a Comment ( None so far )

What’s in a name ?

Posted on March 29, 2010. Filed under: All, forensic | Tags: , , , , |

I’M ON THE TRAIN!

on my way back from yet another meeting. Funny how I used to hate them when I was a salaried employee, but find them quite interesting since there’s no way they can turn into extra work, unless I want them to, now.

The topic and participants aren’t really relevant to this entry, other than to note that it was a meeting about standards (of a sort) in digital forensics and that the participants were drawn from quite a wide community.

What I found really interesting about it was the way that the meeting seemed to start with the premise that digital forensics is a sub-discipling of information security. That’s something I’ve heard time and time again over the years and have even struggled with when it comes to getting papers published. The info. sec. community quite rightly understand that there is a “forensic” element required in their work – especially when things go wrong or when some sort of attack is attempted, but I would argue that digital forensics goes beyond the realms of info. sec. (and that’s why I always got bad referees’ reports on papers).

It’s not just about law enforcement either, which is the other view I’ve heard expressed on occasion.

No, to me, digital forensics is about the investigation of activity using data found on digital devices. The activity itself may not be a crime, may not constitute misuse, but may have some value in another context. Yes we ought to understand that, strictly speaking, “forensic” means it relates to courts & the law, but common use of the word now seems to mean “investigative science” (isn’t that redundant – isn’t all good science investigative anyway ? ) and digital forensics is a tool which can be deployed in a multitude of contexts. So, my stance is that it overlaps law enforcement and information security as a discipline in its own right, with features from both of those areas and more.

In fact – on Wednesday this week, snow permitting, I’ll be talking about yet another use – digital forensics in fire investigation – in Aberdeen.

Leave your thoughts and comments and I might award a buttery for the best one 😉

Of course, maybe the real problem is that we haven’t stopped to define digital forensics properly yet…

Read Full Post | Make a Comment ( 6 so far )

Websites and fitness for purposes tests

Posted on November 2, 2009. Filed under: 1, All, forensic | Tags: , , , , , , , |

Websites : new material on the book website – now up to chapter 6 with the exercises! (bet it’ll take me longer to do the model answers though) – see http://www.digital-forensics.org.uk/
Fitness for pupose tests In the last week or so I’ve been talking to a lot of people about the “fitness for purpose (ffp)” requirement that the regulator’s working group have recommended for the digital evidence standard. We’ve been kicking around ideas about how this can be demonstrated. At one level, the vendors could go for ISO17025 or CESG CTM (CTM) certification themselves – but this only really tests the product “out of the box” as they ship it, with no real accounting for how it is used in the field. This is a particular problem, I think, for anything which includes scripting capabilities as each script will still need to pass the ffp test. It gets worse when we start to think about all the really good open source, non-forensic software and tools produced by small companies without the budget or resources for performing their own ffp testing.

I am more convinced than ever that we need to introduce a national ffp testing service which can deal with the complexities of non-standard hardware and software combinations, in-house developed tools and rapid deployment of vital patches.

It’ll be a heck of challenge to get it right, but you know something ? – I really want to try to make it work!

Read Full Post | Make a Comment ( None so far )

PhDs

Posted on October 21, 2009. Filed under: All, Education | Tags: , , |

Over the years I’ve had a number of enquiries about becoming a PhD student within my fledgling research group (when I had one). Every single one of them seemed to think that a) I had plenty of topics for them to work on and b) I had lots of money to fund them.

Let’s get a couple of things straight – in the UK, very few universities or other research organisations have funding for PhD research unless it is associated with an established high profile programme with external funding allocated to it. The majority of PhD students are, therefore, financed by themselves, their employers or their governments.

This also means that, although the potential supervisor (Director of Studies in PhD-speak) might have a lot of good ideas it is morally and ethically dubious for him or her to attempt to dictate the topic to the student. A secondary issue is that it is very difficult to judge the ability of a potential PhD student from just a CV and a few lines of references. For this reason, most responsible DoSes will ask the applicant to come up with a research proposal – usually of one or two pages – to allow them to assess the candidates suitability. They should also ask the crucial question “who’s paying? ” (strangely enough, once this question is asked about 75% of applicants give up – makes you wonder what the motivation was really ? )

The proposals are quite informative – some are just page after page of material ripped from the ‘net (do you think we really don’t know the sources better than you do ? ) and go straight into the bin whilst muttering the word “plagiarism” again. Others read more like the sort of essay one would expect from a school pupil. Poorly referenced, ill-thought out and full of journalistic tone and opinion. The good ones, though few and far between, are a joy to read. They contain a properly considered argument explaining what the general research area is, have an indication of what the critical research questions might be (these haunt PhD candidates for the rest of their lives…) and how they might be answered. There will be proper references to published recent papers on the subject (not just a list of books and webpages).

So – if you’re thinking of applying for a PhD – prepare first – please don’t just send an e-mail asking if there are any PhD place – tell the potential DoS what you want to do and it’s going to be paid for – that might get you to the next stage – the interview. At that – there will be one crucial question : “Why do you want a PhD ? ” – and there is a right answer to that – but I’m not going to give away all the secrets now.

Read Full Post | Make a Comment ( None so far )

Credit, debt and security

Posted on October 14, 2009. Filed under: All, forensic, life | Tags: , , , , , |

Sitting at home with nothing but the radio and daytime TV for company is an interesting experience. I tend to keep the TV on while I’m working just to have some background noise and movement.

One thing I’ve noticed recently, though, is that there’s a steadily growing number of adverts for “pre-paid credit cards”. Let’s just review that for a moment – pre-paid credit cards.

Now – a normal credit card is really a debt card – i.e. a token which represents a notional sum of money which someone is willing to lend you, and in the UK such things are governed by the consumer credit act. This makes the lender jointly responsible with the retailer and can give a handy degree of protection if something goes wrong with a purchase.

Then we have debit cards – which are a mechanism for getting access to such funds as are available in a bank account and nothing more, unless an overdraft has been agreed. These are not governed by the consumer credit act.

So, where do pre-paid credit cards lie ? Well – the process is simple – the user “loads” cash onto the card, just like making a deposit into a bank account – in effect, giving the card company an interest-free loan. When the card is used, only the available balance in the account can be spent. These cards are being marketed as a way of controlling your own spending without having to carry cash.

So what is the card ?

To me, it looks very like another form of debit card with none of the consumer protection of a true credit card and fewer of the checks required to open a bank account.

I’ll go further – the adverts seem to be targeting the age group who traditionally have problems getting credit cards because of age and low income. These cards look like real credit cards and can be used in much the same way BUT have less protection – even less since chip & PIN was introduced.

Ah, chip and PIN – I hate this system. Under the old scheme where the bearer had to sign the slip, the retailer could be held liable for fraudulent transactions because it could be claimed that they had failed to check the signature properly. With chip and PIN the responsibility shifts and the first claim is that the card holder has not protected the PIN properly. Don’t get me started on abuse of CVV for mail order and Internet transactions…

So, now we have a card with low initial requirements, no consumer credit act protection and nothing significant in the way of proper anti-fraud mechanisms.

Oh dear. I can see at least 6 criminal activities which would benefit from these cards already.

Read Full Post | Make a Comment ( 7 so far )

« Previous Entries

    About

    This is the weblog of Angus M. Marshall, forensic scientist, author of Digital Forensics : digital evidence in criminal investigations and MD at n-gate ltd.

    RSS

    Subscribe Via RSS

    • Subscribe with Bloglines
    • Add your feed to Newsburst from CNET News.com
    • Subscribe in Google Reader
    • Add to My Yahoo!
    • Subscribe in NewsGator Online
    • The latest comments to all posts in RSS

    Meta

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: