Digital Forensics: DFCB and the ABA Resolution Dave Kleiman CAS, CCE, CIFI, CEECS, CISM, CISSP, ISSAP, ISSMP, MCSE, MVP www.computerforensicexaminer.com
What are the DFCB and the ABA Resolution DFCB - Digital Forensics Certification Board Digital Forensic Certified Practitioner (DFCP) ABA Resolution on Computer Forensics: ABA adopts resolution against private investigator licenses for computer forensics -
Digital Forensics - Science Digital and Multimedia Forensics is an accepted Forensic Science Digital and Multimedia Sciences (DMS) Section of the American Academy of Forensic Science (AAFS) was formed in early 2008. (http://www.aafs.org) First section added to the AAFS in 28 years. In conjunction with this, the National Center for Forensic Science (NCFS), a program of the Department of Justice s National Institute of Justice, has formed a Digital Certification Board (DFCB). (http://www.ncfs.org/dfcb) Created a new certification Digital Forensic Certified Practitioner (DFCP) Open to public and private sector Extensive background checks Strict experience and education requirements Continuing education requirements
Digital Forensics - Definition Digital Forensics: The examination and the collection acquisition, authentication, and reconstruction of Digital information from Digital systems stored on media such as hard drives, floppy disks, handheld devices, tape backup systems etc. in a scientific standardized and well-documented manner. This may or may not be to maintain its admissibility and probative value in legal proceedings. Often theses same techniques are applied for standard data recovery.
U.S. Vs. Ganier 6 th Circuit Nov. 15, 2006 An IRS Special Agent who was a qualified computer forensic specialist was offered by the government prosecutor as a fact (lay) witness In her opinion, Judge Moore recognized that while many computer applications are common knowledge, the ability to interpret the output of forensic software required qualification as an expert witness under FRE 702. It is therefore the responsibility of the court to determine if the witness is qualified, if appropriate scientific principles were utilized and applied to the matter at bar.
Why is this important? States are passing new laws and implementing them very quickly. These laws can go into effect immediately with no grandfathering of current non-licensed people nor giving them a path to get licensed by the deadlines. The PI Board in many states is lobbying similar wording and trying to get similar laws passed and shooting for a felony. Most computer forensic or computer security professional have no idea this is happening at all or believe that it applies to them.
RECENT EVENTS IN MICHIGAN Michigan passed the Professional Investigator Licensure Act on May 28 th 2008. I makes it a felony to practice computer forensics without a license going into effect: This act is ordered to take immediate effect. Penalty for the crime of computer forensics: (3) A person violating this section is guilty of a felony punishable by imprisonment for not more than 4 years or by a penal fine of not more than $5,000.00, or both.
OPINIONS? Opinions people have expressed:..regulation is needed.. It gets rid of the rift raft that hangs out a sign..worst computer guy working on their case over a PI and generally believe the PI is not qualified...this is a field of science and computer science does not belong under the PI wing...but a lot more people just think it does not apply to them; Forensic Handwriting Experts, or Question Document Examiners.
AMERICAN BAR ASSOCIATION ADOPTED BY THE HOUSE OF DELEGATES AUGUST 11-12, 2008 RECOMMENDATION: RESOLVED, That the American Bar Association urges State, local and territorial legislatures, State regulatory agencies, and other relevant government agencies or entities, to refrain from requiring private investigator licenses for persons engaged in: computer or digital forensic services or in the acquisition, review, or analysis of digital or computer-based information, whether for purposes of obtaining or furnishing information for evidentiary or other purposes, or for providing expert testimony before a court; or network or system vulnerability testing, including network scans and risk assessment and analysis of computers connected to a network.
AMERICAN BAR ASSOCIATION ADOPTED BY THE HOUSE OF DELEGATES AUGUST 11-12, 2008 FURTHER RESOLVED, That the American Bar Association supports efforts to establish professional certification or competency requirements for such activities based upon the current state of technology and science.
DFCB Digital Forensics Certification Board DFCB Founders Process Begins in November 2008 thru March 09 Regular Certifications begins in March 2009
Mission The Digital Forensic Certification Board exists to promote Professionalism Trust Confidence in the digital forensics profession By providing professional certifications
History Digital Forensics Professional Certification Funded by a Grant for the National Institute of Justice (NIJ) to the National Center for Forensic Science (NCFS) at the University of Central Florida (UCF) 2004 Roundtable Discussion with Professional Groups 2005 European Network of Forensic Institutes (ENFSI) 2006-08 Numerous volunteers from academia, business, industry, federal, state and local law enforcement and forensic scientists have made this professional certification possible.
Roundtable Consensus 2004 Question 1 Should there be some form of certification for forensic practitioners? The unanimous conclusion of the roundtable participants was that the need for certification is imperative. Question 2 Will a single certification work for all practitioners? There are many roles in the forensic process and while each role requires education or training, not all will require certification. It was recognized that a single certification process is possible. However, there will need to be some number of specialized subcertifications based on common bodies of knowledge.
Current Certifications Internal certification programs Vendors with tool-specific certifications Restrictive professional associations Certificate without an assessment We Believe in Professional Certification
Why DFCB Certification? The DFCB s only product will be certification Focus is to benefit the profession, not profit We provide an inclusive professional body to promote collaboration We will seek independent accreditation of this certification We will have opportunities for scholarships
DFCB Concept To promote trust and confidence in the digital forensics profession To enhance the reputation and capabilities of the digital forensics profession To produce a quality professional certification for a reasonable price ($350) To provide a standard of excellence for use by courts, employers, and practitioners themselves
DFCB Concept To provide an objective certification process in digital forensics which will help the maturation of digital forensics as a science To encourage the sharing of information, methods and processes among members of the profession To establish and enforce a Code of Ethics and a Standard of Professional Conduct
Types of Certification The Digital Forensic Certification Board exists to promote professionalism, trust and confidence in the digital forensics profession by providing professional certifications. Digital Forensic Certified Practitioner (DFCP) Based on Experience Digital Forensic Certified Associate (DFCA) Based on Experience
Public Benefits Practitioners are held accountable to a high standard of excellence Employers Hire certified practitioners that meet objective and independent standards Overall Provide weight to the opinions and findings obtained by the practitioner and acted upon by the employer and the public.
DFCB Advantages Objective and independent Community-based Core competencies Ethics-driven standards Professional certification
What DFCB is Not We don t provide training We don t sell software We don t publish books We don t do case work We don t sell membership
Communities Served Public and private sectors Criminal and civil courts Business and industry Regulatory and administrative bodies Academia
Current Status Core competencies, listed on website Testing plan in place Validating of test questions planned Organizational documentation: goals & objectives, bylaws, Code of Ethics, organizational chart, etc. Operating under a 501c3 organization
Accomplishments Founders Assessments Part 1: $350 Will begin November 2008 March 2009 Founders assessment will be one time ONLY Experience is essential and is rated If experience scored enough points Part 2 Submit 15 questions in assigned domains are Questions are evaluated and collected Questions selected and validated via a Pilot Test Founders take the (non-graded) Pilot Test
Resource Requirements We need Professionals to volunteer their time and knowledge Organizations to participate on the DFCB Community Advisory Council Support of all communities we serve public and private
Thank you for your attention! Downloading Part 1 of the Assessment Tool will begin in November 2008 Check out the Website at http://www.ncfs.com/dfcb Our thanks to NIJ and the Bureau of Justice Programs for their support! Jody Westby ABA Resolution Drafter Scott Moulton Now a Licensed PI in GA