Tool testing and reliability issues in the field of digital forensics

The digital forensic discipline is wholly reliant upon software applications and tools designed and marketed for the acquisition, display and interpretation of digital data. The results of any subsequent investigation using such tools must be reliable and repeatable whilst supporting the establishment of fact, allowing criminal justice proceedings the ability to digest any findings during the process of determining guilt or innocence. Errors present at any stage of an examination can undermine an entire investigation, compromising any potentially evidential results. Despite a clear dependence on digital forensic tools, arguably, the field currently lacks sufficient testing standards and procedures to effectively validate their usage during an investigation. Digital forensics is a discipline which provides decision-makers with a reliable understanding of digital traces on any device under investigation, however, it cannot say with 100% certainty that the tools used to undertake this process produce factually accurate results in all cases. This is an increasing concern given the push for digital forensic organisations to now acquire ISO 17025 accreditation. This article examines the current state of digital forensic tool-testing in 2018 along with the difficulties of sufficiently testing applications for use in this discipline. The results of a practitioner survey are offered, providing an insight into industry consensus surrounding tool-testing and reliability

ACPO principles for digital evidence: Time for an update?

Despite remaining largely unchanged for over 10 years, the Association of Chief Police Officers’s [1] Good Practice Guides for Digital Evidence and their four governing principles for evidence handling are amongst some of the most cited pieces of digital forensic best practice advice. However, given the pace of change in both technology and the field of digital forensics, this work debates whether it may be time to evaluate whether these principles remain wholly valid given the current forensic analysis landscape and their lack of updating or periodic evaluation. A discussion of the existing four ACPO principles is provided followed by an offering of eight new revised principles as a means of acknowledging the current challenges faced by practitioners in this field. It is hoped that this piece will spark a debate surrounding the principles we so frequently acknowledge as a mark of quality assurance in our investigations, and be a catalyst for evaluative considerations in this area