Home » Security Bloggers Network » QA, Certification, & Accreditation in Computer Forensics

QA, Certification, & Accreditation in Computer Forensics

by InfoSec Resources on July 31, 2018

Introduction

The purpose of digital forensics is to answer one or more investigative or legal questions, with the purpose of using the evidence to disprove or prove a case in court. To ensure that innocent parties in a case are not convicted or that guilty parties are convicted, it is mandatory to apply quality assurance processes to all phases of digital forensic examination. These processes include the use of standards, quality controls, documentation, test forensic environment quality, properly trained personnel and appropriate equipment and tools.

This article goes deeper in this topic and will answer the following questions:

What quality controls are used in Computer Forensics?
What standards are used for lab quality control?
What ways can you test tool quality?
How is the quality of security personnel measured?

What quality controls are used in Computer Forensics?

To maintain the integrity of digital evidences, each phase of the forensics examination should be subject to controls. Quality control measures whether the forensics process follows the standards set by the laboratory. Reviews at a peer, administrative, and program level are quality control components used in computer forensics.

The peer review process is when forensic examination results are examined by one or more other forensic scientists. It helps protect against inaccuracy of the findings by using other experts in the field to identify errors and shortcomings with regards to the forensic examination conclusions before their submission to court. Peer review, also called technical review, should answer the following questions: Was the appropriate examination performed? Does the report describe sufficiently all the findings? Were proper procedures followed?

Documentation is critical to ensuring quality in the computer forensic process. Each step conducted during the investigation is reported in a document; thus, the documentation should be reviewed for the quality of its evidence. The reporting is (Read more...)