Skip to content

A Dive into the Forensic Universe: Forensic Standardisation

What is Forensic Standardization? 

Computers have been an integral part of daily life in recent decades. Many that commit offenses, unfortunately, are not immune to the computer revolution. As a result, techniques that allow prosecutors to retrieve data from devices used in unlawful activities and use it as evidence in criminal cases are becoming increasingly relevant to law enforcement. Standardization of the compilation, analysis, interpretation, and reporting of forensic evidence is essential to a common approach to how evidence is used. This allows states to share facts and intelligence in order to exonerate the accused or convict the guilty.

HISTORY

The first Digital Forensic Research Workshop (DFRWS), conducted in Utica, New York in 2001, described digital forensics as “the application of scientifically derived and proven methods to the storage, processing, confirmation, identification, examination, interpretation, recording, and presentation of digital evidence derived from digital sources for the purpose of facilitating criminal investigations.” or assisting with the rehabilitation of violent cases, or assisting in the anticipation of unauthorized activities that have been seen to interrupt scheduled operations.” Digital forensic evidence, on the other hand, maybe used in both criminal and civil trials.

ISO/IEC 27043:2015 (ISO/IEC 27043:2015) is an international standard that covers information infrastructure, encryption techniques, and incident investigation standards and processes. The specification defines a component of a larger investigation that can be used in accordance with other international standards such as ISO/IEC 27035, ISO/IEC 27037, and ISO/IEC 27042. The ISO/IEC 27043 standard was created with the primary goal of defining and following certain standardized investigation principles and procedures in order to obtain the same results for different investigators under similar circumstances. The concepts of reproducibility and repeatability are critical in any criminal investigation. Throughout the inquiry process, the ISO/IEC 27043 specification is also intended to provide consistency and transparency in the collected findings for each specific process (including report generating).

UNDERSTANDING THE NEED FOR STANDARDISING FORENSIC REPORT PROCESS

Report generation is a process in ISO/IEC 27043 that focuses on the analysis of digital data. In general, the presentation phase of a digital forensic investigation assists in the confirmation of the forensic theory, while report generation as a procedure is encapsulated within the investigative process and is one of the classes of the digital investigation process. Although report generation is not a method for conducting investigations, it has been presented as a process for displaying or interpreting the results. We believe that forensic reports should be prepared or produced in a standardized manner, rather than being lumped into one of the digital investigation categories (investigative process class). It’s worth noting that if forensic reports aren’t prepared, presented, and interpreted properly, they may lead to misinterpretations of the forensic theory or investigative fact throughout several cases. This is a major flaw in the standard.

SCOPE OF DIGITAL FORENSIC INVESTIGATIONS

It’s important to remember that a forensic report can cover the full spectrum of the automated forensic investigation process as it’s being written or produced. At this stage, information from a digital forensic investigation cannot be retrieved without observing specified procedures; this must be stated clearly since the digital forensic investigation’s importance cannot be overstated. Which provides for open investigative notification to all interested stakeholders. One might also look at the possibility of using Blockchain to ensure the credibility of the report’s data.

LIMITATIONS

There is no such thing as a flawless automated forensic examination. As a result, any decisions to skip such procedures, protocols, or investigative behavior, as well as any known shortcomings in the methods and strategies used, should be reported. 

CONCLUSION AND FUTURE DIRECTIONS

The need to standardize the report generation process in order to improve the presentation of forensic evidence before and after trial while adhering to the ISO/IEC 27043:2015 standard. Future study will focus on defining the core components of a standardized report generation process, for example in collaboration with the international digital forensic group, as well as investigating how modern technology like augmented reality, Blockchain, and machine learning can be used to make the process easier.

Enroll in a Ethical Hacking Boot Camp and earn one of the industry’s most respected certifications — guaranteed.

-Live online ethical hacking instruction
– Exam Pass Guarantee
– CEH exam voucher

Related courses

  • Texial Certified Hacker
  • Certified Ethical Hacker
  • SOC Certifcation

Defend your business against
the Latest Cyber Threats

share it