The amount of electronic data that is held about individuals and their activities is
staggering. Tools enabling data recovery, believed deleted, vary in consistency and
reliability of result. Data under review can be fed into investigative tools which also
vary immensely in reliability, consistency, quality and indeed price.
Conclusions and inferences drawn from the use of these tools can be morally, socially
and commercially damaging for the individuals or entities being investigated. Often not
purely because of the lack of experience of the investigator, but also because of the
simplistic operation of the toolsets.
Whilst prescriptive guidelines exist in the public sector for the proper handling, analysis
and reporting of computer evidence, little commercially independent professional
guidance exists in the private sector. This lack of guidance has led to a position whereby
actors in the field of data forensics have few challenges as to their expertise or
experience. Recent cases of incompetence and crossing ethical and professional
boundaries provide strong support for a National, preferably International certification
and training scheme for data forensic analysts, supported by clear ethical codes.
This research in light of the above challenges, provides examples of failures in
extrapolation, operator understanding and tool use; argues a proposal for a code of
conduct to ensure correct and repeatable process is followed; along with a suggested
outline for the creation of the supervision of conformity to that code in the private
sector. The current forensics community and academic research body of knowledge,
supported by the extensive experience of the researcher have been the major inputs to
the work. The outputs of this work are intended to form a solid base for the furtherance
of the Computer Forensics profession, and as such will represent a significant
contribution to the advancement and knowledge base of that profession