Incidence Response: Credentialing of Digital Forensic investigators

Abstract

The purpose of the conducted study was to explore the credentialing of digital forensic investigators, drawing from applicable literature. A qualitative, descriptive research design was adopted which entailed searching across Google Scholar and ProQuest databases for peer reviewed articles on the subject matter. The resulting scholarship was vetted for timeliness and relevance prior to identification of key ideas on credentialing. The findings of the study indicated that though credentialing was a major issue in digital forensics with an attentive audience of stakeholders, it had been largely overshadowed by the fundamental curricula problems in the discipline. A large portion of research and efforts were directed towards coming up with a clear and standardized framework for teaching digital forensics. While contending with an apparent dearth of literature, it was apparent that state and federal governments were relatively passive in offering credentials to digital forensic investigators. This had been left to private companies such as Mile2, EC Council and ISC2, with the government providing oversight through the Department of Justice (DoJ) and affiliates like NIST, OSAC and NAS. The involvement of private credentialing in some cases had led to mistrials and thus there was need to have a unified framework for collection, reporting and submission of digital forensic evidence. It was recommended that more efforts are directed towards credentialing including advocacy, funding and research and a national framework for teaching digital forensics is developed together with a standard credentialing system. Additionally, the state and federal governments needed to step up and take active roles in the credentialing process.

List of Key Terms

Digital forensics

Credentialing

Certification 

Curriculum

Forensic science 

Introduction

Digital forensic investigation is one of the prominent fields emerging from the broad discipline of forensic science. Though the academic theory and practice of digital forensics has existed since the 1970s, increased interest in the field has been witnessed recently owing to escalated risks of cyber attacks and computer related crimes (Altheide & Carvey, 2011). The field of digital forensics particularly concerns the evidence found in computers, storage devices, social media and cloud among other IT related elements that can be used in trials and other form of inquiries (Mohay, 2005). Data extraction, collation, carving and the release of forensic expert reports are what encompass the core of practice in the field. Despite being well established in recent times, the discipline of digital forensics continues to face several core problems. A needs analysis survey by Rogers & Seigfried (2004) indicate training and certification as the main challenge, a claim collaborated by several stakeholders in the field including the National Institute of Justice Research. There are concerns that the field is largely fragmented, lacking a national framework for curricula training and development. In addition, the field as currently constituted has no gold standard for certification, a central challenge in instilling consistency and professionalism in the field. This paper explores the egregious issue of credentialing and certification in digital forensics, drawing from relevant academic literature. 

Research Methodology

The inquiry was qualitative and descriptive in nature, utilizing published research on the field of digital forensic investigation. A search was conducted in major academic databases including Google Scholar and ProQuest, isolating articles from reputed journals on the subject of the federal, stage, private, profit and non-profit credentialing of digital forensic investigators in the United States. Each study was vetted for relevance of content and timeliness, with the inclusion criteria only featuring articles within ten years of publication. A review of literature conducted focused on first the general fundamental theories in the domain, the problematic issue of credentialing and possible solutions. Thematic reflections on the findings on various issues were noted and forwarded as recommendations and conclusions on the present state of the identified problem. 

Literature Review

Though many studies in digital forensic investigations have identified the bias in available research towards applied aspects of the domain as opposed to the development of fundamental theories, the prejudice is justified. This is because of the largely practical nature of forensic science at large and the pressure mounting from external events such as cyber-terrorism and cyber-crimes, necessitating more applied research (Nelson, Phillips & Steuart, 2014). As it emerges, the issue of credentialing of digital forensic investigators at various levels falls under applied research and continues the implied bias. However, there is credence in the fact that several studies identify lack of a proper credentialing standard as one of the main challenges facing the profession today. For instance, a study by Flory (2015) indicated that though the state of Indiana’s law enforcement agencies were deliberate about digital forensic training with half of their staff trained, their ability could only be rated from low to mid-range. As such, there was still an insurmountable need to create a standard and comprehensive framework for locating experts, obtain forensic insight with the help of standard operating procedures and finance career advancement in the domain. The above study shows the longstanding nature of the challenge of credentialing and locating competent experts in digital forensics and thus justifies the focus of research towards that direction (as opposed to fundamental theories). 

The issue of credentialing, though vast, seems to be overshadowed by the looming challenge of lack of a proper, consistent curriculum in the first place. As such, lots of research is currently dedicated to advancing training and ensuring that there is a teaching framework that can be followed successfully by most universities and colleges. As noted by Lang et al. (2014), the development of a digital forensics curriculum should provide a self-contained and comprehensive tool for teaching the discipline in universities given the failure of many institutions to offer such courses for missing certain aspects of the entry barrier. In their proposed curricula, Lang et al. (2014) offered an introductory, advanced course and hands on laboratory programs. They however fail to focus or mention at any point, the essence of credentialing and its role in developing the digital forensics investigator. This seems to be consistent with most curricula and reports on the status of digital forensics investigation and related disciplines throughout. For instance, a report by West Virginia University Forensic Science Initiative (2007) submitted to the Department of Justice (DoJ) on training and education of digital forensics investigators highlights the antecedent qualifications and a detailed career path but omits otherwise essential information on credentialing. The report is comprehensive on other aspects of training and career path, highlighting the qualifications, skills and knowledge needed, the Associates’, Baccalaureate, and advanced levels of learning in the discipline but makes a major omission on certifications and credentials needed in the profession. This sums the whole credentialing conundrum in available studies- that most of it looms in the shadow of a clear training and education framework for digital forensic investigators. 

The literature on building accreditation and credentialing in digital forensics is quite grim. Losavio et al. (2016) makes the bold allegation that digital forensics was not yet a profession and justifies the claim on several grounds. According to the paper, a profession entails specialized knowledge, specialized training, highly valuable work, self-regulation, a code of ethics, high levels of autonomy and many other significant elements. Certification and credentialing are what offers code of ethics, autonomy of practice and evidence of specialized training but lack in the discipline as per the arguments of Losavio et al. (2016). This has hindered the development of digital forensics as a profession. A large number of studies indeed recommend that proper standardized frameworks are brought into the frame for credentialing of digital forensic investigators. Butler (2015) highlights some of these recommendations offered by the National Academy of Sciences (NAS). They include creating a standardized accreditation model for digital forensic investigators to achieve recognition, consistency and the “expert” label. From the reading, it appears that there is a robust framework for providing oversight to various accreditation bodies in digital forensics. These include the national institute of standards and technology (NIST), the Department of Justice (DoJ) and the organization of scientific area committees (OSAC) which came together to carry out research and chat a framework that can operationalize accreditation bodies. The national commission on forensic science on its part acts as an advisory body to the DoJ and carries out various roles that form the framework for accreditation. These include training on science and law, testimony and reporting, provision of interim solutions and above all, accreditation and proficiency testing (Garfinkel et al., 2009). Therefore, though there are no consistent accreditation frameworks, the framework to regulate bodies that offer credentialing exists and operates with a clear mandate.

The development of accreditation oversight in digital forensics has since been reported at the national level. Coordinated by the DoJ and with the advice of NIST, such frameworks have emerged as a product of OSAC efforts. According to Butler (2017), OSAC has been involved in the development and promulgation of technically-appropriate and universally accepted documentary standards that are used by accrediting bodies to audit forensic laboratories and carry out credentialing of forensic investigators. OSAC has since developed to include a Forensic Science Standards Board and various committees and subcommittees that are responsible for offering oversight in credentialing and other related activities. 

There are several credentialing bodies, many of which are international that are apparent in the field of digital forensics. Gladyshev, Marrington, & Baggili (2014) notes that the bulk of these organizations are either for profit or privately owned, with the state only providing the framework that such bodies can use in carrying out certification and accreditation. They include companies like Mile2 and ISC2. Other entities include the EC Council, the American Board of Information Security and Computer Forensics (ABISCF), International Association of Computer Investigative Specialists (IACS) and International Society of Forensic Computer Examiners (ISFCE) (Freiling & Schwittay, 2007). These bodies use the standards and frameworks issued by the oversight bodies like OSAC to offer certifications such as Certified Computer Examiner (CCE), Certified Ethical Hacker (CEH) and Certified Computer Forensics Examiner (CCFE). 

Findings

There were a number of findings from the research conducted on digital forensics investigation. First, it was apparent that credentialing was a major issue in digital forensics and featured some of the main issues that were in the radar of major stakeholders such as the National Academy of Sciences and National Institute of Standards and Technology (NIST) (Casey, 2009; 2011). It therefore qualified to extend the bias on applied research over fundamental theorization in the general domain of forensic science. In addition, the field on the wider scope was fragmented and lacking in proper curricula, which was the preoccupation of various stakeholders and educators, rather than the formation of credentialing frameworks (Nance, Hay, & Bishop, 2009). As such, the issue of credentialing was important but had been overshadowed by the lack of proper, standardized curricula in the domain. 

It was also apparent that the state and federal levels of governments were largely non-actors in the credentialing of digital forensic investigators. According to Garfinkel (2010), majority of the bodies involved in accreditation and certification were private companies and for profit organizations. They included Mile2, EC Council and ISC2 among others, offering a number of accreditations such as the Certified Computer Examiner (CCE) to digital forensic experts. The scarcity of literature on accreditation and credentialing makes it difficult to determine the repute and ratings of these organizations (Lillard, 2010). However, they appeared to be the main players in the credentialing in the absence of government actors. Instead, the federal government offered oversight and guidance to these bodies, giving frameworks and standards to be applied in the operationalization of the credentialing bodies. This oversight duty was carried out by the Department of Justice (DoJ), National Academy of Sciences and other affiliates working closely with the DoJ such as OSAC and NIST. 

According to Lundquist (2016) there are several instances where private digital forensics have failed in assisting DoJ investigations, leading to incarceration of the innocent and mistrials in some cases. These include the case of State of North Carolina v Bradley Cooper, State of Connecticut v Julie Amero among others. In each of the highlighted cases, there were anomalies in the process of collation, submission and reporting of evidence. Oversight bodies can improve this by coming up with a standardized framework for digital forensics that can be applied in all cases. This entails credentialing of experts that the court can rely upon as experts in cases requiring digital forensic evidence (Kessler, 2007). At the moment, oversight appears fragmented due to lack of a singular, unifying and standardized curriculum to build on at the national level.

Recommendations

In light of the above findings, it is recommended that:

• More attention is paid to credentialing which entails research, funding and advocacy at the national and state levels.
• A national framework for teaching digital forensics is developed to bring standardization in the field.
• A complimentary, standardized credentialing system is instituted which sets the base for professionalism in digital forensics.
• The state and federal levels of government assume active roles in the credentialing and oversight of credentialing bodies with immediate effect.

Conclusion

The present research brings to light recalcitrant issues in the credentialing of digital forensic investigators. The status quo reveals a troubling scenario of government non-participation, lack of proper certification bodies and oversight. This has however been overshadowed by the apparent lack of a consistent curriculum at the national level to guide the teaching of digital forensics in the university and other institutions of higher learning. The findings at a glance show that there is all to do in order to instil professionalism and inspire further development of digital forensics not only as a branch of forensic science but as an independent domain emerging in contemporary scholarship. If the recommendations issued are to be followed, there shall not only be a solution at the academic level of digital forensics, but also at the professional level which remains a cause for concern. The government should spearhead curricular reinvention and development and take their active roles in the promotion of a unified credentialing framework to guide other bodies in the same direction. 

References

Altheide, C., & Carvey, H. (2011). Digital forensics with open source tools. Elsevier.

Butler, J. M. (2015). US initiatives to strengthen forensic science & international standards in forensic DNA. Forensic Science International: Genetics, 18, 4-20.

Butler, J. M. (2017). Recent activities in the United States involving the National Commission on Forensic Science and the Organization of Scientific Area Committees for Forensic Science. Australian Journal of Forensic Sciences, 49(5), 526-540.

Casey, E. (2009). Handbook of digital forensics and investigation. Academic Press.

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.

Flory, T. A. C. (2015). Digital forensics in law enforcement: A need based analysis of Indiana agencies (Doctoral dissertation, Purdue University).

Freiling, F., & Schwittay, B. (2007). A common process model for incident response and digital forensics. Proceedings of the IMF2007.

Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. digital investigation, 7, S64-S73.

Garfinkel, S., Farrell, P., Roussev, V., & Dinolt, G. (2009). Bringing science to digital forensics with standardized forensic corpora. digital investigation, 6, S2-S11.

Gladyshev, P., Marrington, A., & Baggili, I. (Eds.). (2014). Digital Forensics and Cyber Crime: Fifth International Conference, ICDF2C 2013, Moscow, Russia, September 26-27, 2013, Revised Selected Papers (Vol. 132). Springer.

Kessler, G. C. (2007, March). Anti-forensics and the digital investigator. In Australian Digital Forensics Conference (p. 1).

Lang, A., Bashir, M., Campbell, R., & DeStefano, L. (2014). Developing a new digital forensics curriculum. Digital Investigation, 11, S76-S84.

Lillard, T. V. (2010). Digital forensics for network, Internet, and cloud computing: a forensic evidence guide for moving targets and data. Syngress Publishing.

Losavio, M., Seigfried-Spellar, K. C., & Sloan III, J. J. (2016). Why digital forensics is not a profession and how it can become one. Criminal Justice Studies, 29(2), 143-162.

Lundquist, R. (2016). An Examination of Failed Digital Forensics and the Criminal Justice System(Doctoral dissertation, Utica College).

Mohay, G. (2005, November). Technical challenges and directions for digital forensics. In Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on(pp. 155-161). IEEE.

Nance, K., Hay, B., & Bishop, M. (2009, January). Digital forensics: defining a research agenda. In System Sciences, 2009. HICSS’09. 42nd Hawaii International Conference on (pp. 1-6). IEEE.

Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and investigations. Cengage Learning.

Rogers, M. K., & Seigfried, K. (2004). The future of computer forensics: a needs analysis survey. Computers & Security, 23(1), 12-16.West Virginia University Forensic Science Initiative. (2007). Technical working group for education and training in digital forensics. US Department of justice.