I read with great interest Mr. Stephenson’s article “Advancing to a mature state of digital forensics’ in the September issue of SC Magazine.
Related to the article was his presentation titled 'Putting The Horse Back In Front Of The Cart' presented at the Digital Forensic Research Workshop (DFRWS) meeting recently held in Cleveland.
Mr. Stephenson mentions the ongoing conflict surrounding "Is digital forensics art, technology or science?". He identifies specific problems that need to be resolved, such as the inconsistency in forensic analysis, to certify or not to certify (labs and practitioners), education and training at all levels, and a consistency of process. Further, he states that "We must, therefore, all of us, become scientists" and identifies marching orders for the digital forensic community.
Although I concur with the majority of Mr. Stephenson's observations, many of the questions, problems, and concerns he raises can be addressed and resolved through an accreditation program for digital forensics. The American Society Of Crime Laboratory Directors / Laboratory Accreditation Board (ASCLD/LAB) offers such a program. For those unfamiliar with this accreditation program, it is voluntary and any crime laboratory may participate to demonstrate that its management, operations, personnel, procedures, equipment, physical plant, security, and health and safety procedures meet established standards and criteria. ASCLD/LAB has four objectives which define the purpose and nature of its accreditation program:
1. To improve the quality of laboratory services provided to the
criminal justice system.
2. To develop and maintain criteria which may be used by a
laboratory to assess its level of performance, and to strengthen
3. To provide an independent, impartial, and objective system by
which laboratories can benefit from a total operational review.
4. To offer to the general public and to users of laboratory services
a means of identifying those laboratories which have
demonstrated that they meet established standards.
ASCLD/LA has been accrediting forensic crime laboratories since 1982 and offers accreditation in the forensic disciplines of Biology (DNA), Controlled Substances, Crime Scene, Firearms and Toolmarks, Latent Prints, Questioned Documents, Toxicology, Trace Evidence, and Digital Evidence. (Although ASCLD/LAB does not certify individuals in any discipline, individual examiners must comply with requirements in the areas of education, training, competency testing, and proficiency testing).
Digital Evidence comprises the sub-disciplines of computer forensics, audio, video and imaging and was added to the accreditation program this year. Its addition was a direct result of the working relationship between the Scientific Working Group On Digital Evidence (SWGDE) and ASCLD/LAB. SWGDE, established in 1998 by Federal Crime Laboratory directors, has been instrumental in developing guidelines for examiners in the Digital Evidence discipline.
ASCLD/LAB will consider a stand-alone digital evidence section or unit as a laboratory. If digital evidence is part of a conventional laboratory, it must be included in the inspection when that laboratory seeks accreditation. To achieve accreditation, a laboratory must achieve 100 percent of applicable essential criteria, 75 percent of applicable important criteria, and 50 percent of applicable desirable criteria. As of September of this year, there were 238 ASCLD/LAB accredited laboratories in the United States, Australia, Canada, Hong Kong, New Zealand and Singapore.
Although the majority of ASCLD/LAB accredited laboratories are local, state, and federal crime laboratories, several private laboratories have also been accredited. ASCLD/LAB inspections are conducted by unpaid volunteers selected from ASCLD/LAB accredited laboratories. Inspectors generally have appropriate discipline specific training and experience and have attended the ASCLD/LAB Inspector Training program. In May of this year, ASCLD/LAB conducted its first Digital Evidence Inspector training class. I assisted with that training and this past August I was selected by ASCLD/LAB to conduct their first-ever inspection of a laboratory seeking accreditation in digital evidence.
It may take a laboratory a year or longer to prepare for ASCLD/LAB accreditation. Probably the most difficult parts of the preparation are the development of a quality manual and documenting compliance with its requirements. ASCLD/LAB requires that a quality manual minimally address 18 issues, some of the critical ones being:
The relationships and responsibilities of management, technical operations, and support services in implementing the quality system.
1. Job descriptions, education, and up-to-date training records of
2. Control and maintenance of documentation of case records and
3. Validation of test procedures used and the use of standards and
controls in laboratory procedures.
4. Calibration and maintenance of equipment.
5. Practices for ensuring the continued competence of examiners.
6. Monitoring court testimony to ensure the reporting of scientific
findings in an unbiased and effective manner.
7. Audits and quality system review.
The ASCLD/LAB manual consists of statements of principles, the basic standards, 145 criteria for evaluation of the standards, and discussions to provide more detailed explanations of the criteria. Prior to submitting an application for accreditation, a laboratory director needs to ensure that he/she complies with all applicable criteria in the manual. Some of the "essential" criteria that a laboratory has to comply with include:
Having well written and understood procedures for: (a) handling and preserving the integrity of evidence; (b) laboratory security; (c) preparation, storage, security and disposition of case records; and (d) calibration of equipment and instruments.
1. Generating and maintaining all examination documentation in a
2. Establishing a system of technical and administrative review of
casework prior to the release of results.
3. Demonstrating that each Digital Evidence examiner had been
through an extensive training program, and understood the
equipment, programs, methods, and procedures used.
4. Ensuring that each Digital Evidence examiner successfully
completed a competency test prior to performing casework.
5. Ensuring that each Digital Evidence examiner successfully
completed an annual proficiency test.
Digital evidence accreditation is a mechanism to address and resolve difficult and controversial issues such as those described by Mr. Stephenson. This is accomplished by the requirement of a laboratory quality manual and compliance with applicable criteria in the ASCLD/LAB manual. Digital evidence is accepted as a forensic discipline within the forensic laboratory community. One laboratory was recently inspected and many other local, state and federal laboratories are preparing for ASCLD/LAB accreditation. Mr. Stephenson correctly states "We must, therefore, all of us, become scientists". The ASCLD/LAB accreditation program will make this happen sooner rather than later.
John J. Barbara, crime laboratory analyst supervisor, Computer Evidence Recovery Section, Florida Department of Law Enforcement.