London software testing news UK


Quality Assurance practices for computer forensics

Posted in Acceptance testing by testing in London on October 9, 2007

From Forensic Magazine

Previous columns discussed starting a Computer Forensics unit. This column begins a discussion of Quality Assurance Practices that the unit must follow to generate quality results.

Regardless of whether a Computer Forensics unit is a stand alone entity within a law enforcement agency, a section within a forensic laboratory, or is housed within a private corporation or business, Quality Assurance Practices are essential to its overall success. Quality Assurance Practices are an overall means to assess the quality of analytical processes and must be in place prior to beginning forensic analysis. They often include systematic and planned activities by management to ensure that the analytical processes are sound and capable of providing quality results. A primary factor controlling quality in any setting is the incorporation and utilization of good scientific practices.

The results of the analysis of digital data routinely lead to either civil or criminal litigation. Prior to litigation, the unit’s management and legal counsel have to be assured that the results are accurate, reliable, verifiable, and repeatable. The successful completion of forensic imaging/analysis training classes by examiners does not guarantee those assurances. Rather, training classes can often give the examiners a false sense of security, which leads to the belief that they are prepared to provide quality results. This is a fallacy. There are many other complex, interrelated issues that must be addressed if the results are to be considered a quality product. All are critical and have to be clearly articulated and well documented before proceeding with any forensic analysis:

  • What was the probable cause that initiated the request for analysis?
  • • Where was the digital data stored on the computer or computer network?
  • How many individuals had access to the computer and the digital data?
  • How was the evidence collected?
  • What training did the examiner receive prior to analyzing cases>
  • Is there a documented training program?
  • Did the examiner demonstrate competency prior to performing the analysis requested?
  • Has the examiner been proficiency-tested on a regular basis?
  • How reliable were the tools (both software and hardware) used in the analysis?
  • Are the procedures for analysis documented and have they been verified/validated?
  • Were scientific practices and principles followed during the analysis of the data?

Quality Assurance Software Testing

One Response to 'Quality Assurance practices for computer forensics'

Subscribe to comments with RSS or TrackBack to 'Quality Assurance practices for computer forensics'.

  1. Computers » Quality Assurance Practices for Computer Forensics said,

    […] Check it out! While looking through the blogosphere we stumbled on an interesting post today.Here’s a quick excerptRegardless of whether a Computer Forensics unit is a stand alone entity within a law enforcement agency, a section within a forensic laboratory, or is housed within a private corporation or business, Quality Assurance Practices are … […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: