Parliamentary briefing note says practitioners may struggle for 2017 deadline for all to have ISO accreditation
Digital forensics is not as good as it needs to be among law enforcement agencies, with frontline police officers lacking relevant skills and doubts about a 2017 target for all practitioners to be accredited, according to a research note produced for Parliament.
A new Postnote from the Parliamentary Office of Science & Technology (POST) highlights the role of digital forensics – tapping into the data from IT devices – in criminal investigations and points to the debate on forthcoming Investigatory Powers Bill for law enforcement agencies to access communications.
But it highlights a number of difficulties, including the proliferation of devices that hold data and the growing use of encryption and cloud services, and suggests there is a shortage of the necessary skills.
One of the problems is in the triage process to determine whether a device is likely to be useful before seizing it, which needs the police at the scene of a crime to make an assessment. While they might have the use of triaging software on a USB stick or a triaging kiosk, the report says that many do not understand it well enough and might overlook evidence.
This could also conflict with the Forensic Science Regulator's (FSR) requirement for digital forensic practitioners to be independent.
The FSR has also said there are significant risks of errors, set a target for all investigators to be accredited to an international standard – ISO 17025 – by October 2017, and published codes of practice. But there have been warnings that the deadline could be a big challenge.
There are also difficulties in accessing the data for investigations.
“Challenges for digital forensics investigators can include difficulties with accessing data, for instance if it encrypted or stored in the cloud, and the rapid pace of technological change,” POST said an accompanying statement. “New hardware, operating systems and applications must be studied to discover how to reliably find information of forensic value, which requires the development and testing of new techniques.
“The proliferation of devices and the increasing amount of data being stored on them, is adding to digital forensic workloads. Some police forces have delays of up to 12 months for the analysis of devices, and policing organisations have identified a need to develop their digital investigation capabilities.”