Educating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts

Similar documents
Global Cybercrime Certification

Organization of Scientific Area Committees for Forensic Science (OSAC)

Program Approval Form

Computer forensics Aiman Al-Refaei

Certification, Registration and Education of Digital Forensic Experts

Scientific Working Groups on Digital Evidence and Imaging Technology

CYBERCRIME RESPONDERS TRAININGS

Guide for Minimum Qualifications and Training for a Forensic

Overview on the Project achievements

Certification. Forensic Certification Management Board. Robert J. Garrett, Director

Gina L. Bianchi, Deputy Commissioner and Counsel Acting Director, Office of Forensic Services Kimberly A. Schiavone, Forensic Services Program

ESTABLISHMENT OF AN OFFICE OF FORENSIC SCIENCES AND A FORENSIC SCIENCE BOARD WITHIN THE DEPARTMENT OF JUSTICE

ANZPAA National Institute of Forensic Science BUSINESS PLAN

TERMS OF REFERENCE ACCREDITATION PROGRAM FOR OFFICIAL STATISTICS PROFESSIONALS (Draft)

COMPUTER FORENSICS (CFRS)

Requirements for Forensic Photography & Imaging Certification (08/2017)

Digital Forensic Science: Ideas, Gaps and the Future. Dr. Joshua I. James

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE

CYBER CRIME LEGISLATION COURSE MALAYSIAN COMMUNCIATIONS AND MULTIMEDIA COMMISSION MALAYSIA

Council of the European Union Brussels, 23 November 2016 (OR. en)

Administrative Directive No. 4: 2011 Continuing Professional Education Requirements for All Certification Programs

10025/16 MP/mj 1 DG D 2B

Incident Response and Investigations. Regulation and standards

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

Skills Academy. Forensic Studies Courses

ISO Lead Auditor Program Risk Management System (RMS) Training Program

Choose only one. If you are registered in both category, PEPC & Accredited Checker, separate FORM H is required for each category.

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

NATIONAL COMMISSION ON FORENSIC SCIENCE

Standard Course Outline IS 656 Information Systems Security and Assurance

A Comparative Study of Teaching Forensics at a University Degree Level

environmental crime prosecution - the Netherlands -

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

SYLLABUS POSTGRADUATE TRAINING FOR NORDIC COMPUTER FORENSIC INVESTIGATORS. Module 3E Windows Forensics 10 ECTS

Higher National Unit specification: general information. Graded Unit 2

Teaching and Examination Regulations

Raksha Shakti University

MEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV

Intellectual Property Office of Serbia

Programme title: BSc (Hons) Forensic Archaeology and Anthropology

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

- To aid in the investigation by identifying. - To identify the proper ISP, webhosting. - To use in search warrant affidavits for to

Designing Robustness and Resilience in Digital Investigation Laboratories

Syllabus. Course Title: Cyber Forensics Course Number: CIT 435. Course Description: Prerequisite Courses: Course Overview

Objective: Education:

THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.

Level 5 Diploma in Crime Prevention Designing Out Crime

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

IMF IT-Incident Management and IT-Forensics

Guiding principles on the Global Alliance against child sexual abuse online

Basic knowledge requirements include: general biology, genetics, molecularbiology, statistics and informatics.

A Road Map for Digital Forensic Research

ASSIUT UNIVERSITY. Faculty of Computers and Information Department of Information Technology. on Technology. IT PH.D. Program.

ISO Lead Auditor Program Environmental Management System Training Program

Short courses presented by the NWU Programme in Forensic Accountancy

ITU Model Cybercrime Law: Project Overview

JEAS-Accredited Environmental Assessor Qualification Scheme

National Certificate in Public Sector Compliance Operations (Level 4) with an optional strand in Investigations

Information Systems and Tech (IST)

STRIPPING METADATA: WHAT EVERY ATTORNEY SHOULD KNOW-A WEBINAR

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Computer Forensics US-CERT

NATIONAL INSTITUTE OF FORENSIC SCIENCE

Fighting Cybercrime in Belgium. Brussels, 29 February 2012

Programme Specification

Training Catalog. Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz. Revision public. Authorized Training Partner

Programme Specification

Cybercrime Capacity Building a cooperative process

NORTH CAROLINA STATE CRIME LABORATORY FY2015/2016 Annual Report

CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

PECB Certified ISO Lead Auditor. Master the Audit of Occupational Health and Safety Management System (OHSMS) based on ISO 45001

Professional Training Course - Cybercrime Investigation Body of Knowledge -

PECB Certified ISO/IEC Lead Auditor

Guide for the international tekom certification examinations

Master the Audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001

Global cybersecurity and international standards

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

ISO LEAD AUDITOR TRAINING

Higher National Unit specification: general information. Graded Unit title: Computing: Networking: Graded Unit 2

Police Technical Approach to Cyber Threats

Course Fees: 850 euro

EXAM PREPARATION GUIDE

LEGAL SOLUTION CYBERCRIME LEGAL SOLUTION LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL

COMPUTER HACKING Forensic Investigator

COWLEY COLLEGE & Area Vocational Technical School

Introduction to UKAS Accreditation Fire Scene Development Programme. David Compton November 2017

Continuing Professional Development. Standards, principles, and practices

EXPERT WITNESS: Completion of a perfect circle

Chapter 13: The IT Professional

WHO SHOULD ATTEND COURSE OUTLINE. Course Outline :: PROJECT MANAGEMENT PROFESSIONAL (PMP) EXAMINATION PREPARATORY COURSE::

15412/16 RR/dk 1 DGD 1C

GTA West Corridor Review

ITIL Master Qualification. Candidate Process Guidance

NATIONAL QUALIFICATION AUTHORITY

EPHAR Certification. EUROPEAN CERTIFIED PHARMACOLOGIST (EuCP) Guidelines for Certification

Legal Foundation and Enforcement: Promoting Cybersecurity

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

Completing & Submitted the IRB Approval of Human Subjects Form

CA ELAP Expert Review Panel Meeting January 31, EPA Perspective: Effective Laboratory Certification Program Implementation

Transcription:

Educating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts Dr. Hans Henseler, University of Applied Sciences Leiden Sophie van Loenhout M.Sc., Netherlands Register of Court Experts DFRWS EU 2018 CONVITTO DELLA CALZA - Oltrarno Meeting Center March 21-23, Florence, Italy

Content About the NRGD Working methods Open for certification Standards for Digital Forensics Demarcation Requirements Example questions for DF Court Experts 2

About the NRGD Experts in Criminal Cases Act + Register of Court Experts in: Criminal Cases Decree legal basis, independent position and structural funding The NRGD contributes to a fair administration of justice by assuring the competence and quality of court experts and their reports through: - Code of Conduct - Standards per field of expertise - Assessing & registering experts - Periodic re-assessment NRGD also provides advice on forensic competence assurance 3

About the NRGD (cont d) 9 fte, administrative employees and policy officers Board 7 members from justice community, National Police and forensic sciences Bureau Advisory Committee for Standards Advisory Committee for Assessment Advisory Committee for Objections Dutch as well as foreign forensic experts and legal experts Changing panel of legal and forensic experts; chair is administrative judge 4

Setting standards per field of expertise Expert Meeting Advisory Committee for Standards (ACS) draws up a draft advice Consultation of the draft in the field of expertise Processing the comments and input and submit the final draft to the Board Presentation of the ACS to the Board with the possibility to ask questions After a possible revision, the Board adopts the standards 5

ACS: Set standards Specify requirements of article 12(2)a-i of Decree (incl. Code of Conduct NRGD) Subject-matter + criminal law requirements (incl. role of expert-witness) Theory & practice requirements In cooperation with subject-matter and legal experts (acceptance/support) Define field of expertise: Core activities Boundaries Subfields? 6

ACA: Assess applications (I) In cooperation with subject-matter and legal experts (acceptance/support): Evaluation of written material and, if necessary, oral examination. Application package: CV List of case information Selection of 2-4 case reports Evidence of competence (incl. collegial review + CPD) Certificate of Good Conduct Signed declaration 7

ACA: Assess applications (II) Advisory evaluation form: Main/ Minor points Strong/ Weak points Unanimous advice: 5 year registration 2 year registration No independent work Quality of non-essential elements must improve After previous rejection on subject-matter expertise Check by Bureau >> decision by Board 8

NRGD is open for certification For the fields of expertise: 1. DNA-analysis and interpretation 2. Handwriting Examination 3. Forensic Psychiatry and Forensic Psychology 4. Forensic Toxicology 5. Drugs-analysis and interpretation 6. Weapons and Ammunition 7. Forensic Pathology 8. Digital Forensics 9. Legal Psychology 10. DNA Activity Level (in progress) expert meeting held in January 2018 Received (re)applications > 1000 Rejected 20% first phase 9

ACS: Digital Forensics E.J. van Eijk MSc, CISSP Netherlands Forensic Institute, NL R.M. van der Knijff MSc Netherlands Forensic Institute, NL R.J. Mora RE, OSCP, CISSP Royal Dutch Shell, NL Professor H. Prakken LL.M, PhD Utrecht University, NL C.J.T. Prickaerts GCFA, CISSP Fox-IT, NL H. Schut MSc High Tech Crime Unit (police), NL Professor P. Sommer MA De Montfort University, UK Consulting ACS members: C. Baardman LL.M CoE Cybercrime, Dutch Public Prosecution Service A. Kuijer LL.M CoE Cybercrime, Dutch Public Prosecution Service 10

NRGD standards for Digital Forensics Competence standards consist of 3 parts: Demarcation Registration requirements Assessment procedure Download: https://english.nrgd.nl/registration/digital-forensics.aspx 11

Demarcation: Steps in the Forensics Process Preserve & Collect Extract & Examine Analyse Collect Electronic Stored Information Create a forensic copy Make elecronic stored information readable Information culling Data interpretation Connecting the dots 12

Demarcation: Digital Forensics 008.0 Digital Forensics 008.1 Computer Forensics 008.2 Software Forensics 008.3 Database Forensics 008.4 Multimedia Forensics 008.5 Device Forensics 008.6 Network Forensics N.M. Karie & H.S. Venter, Toward a General Ontology for Digital Forensic Disciplines, Journal of Forensic Sciences 2014(59), 1231 1241. 13

Registration Requirements example (1) An applicant Digital Forensics should: Generic requirement: 12(2) a. ( ) have sufficient knowledge and experience in the field of expertise to which the application relates. Basic requirements: have at least 3 years of relevant work experience at the level of an academic Master s Degree preferably in the field of technical IT; or have at least 5 years of relevant work experience at the level of an academic Bachelor s Degree preferably in the field of technical IT; and be familiar with the summary of concepts (see Annex A) and keep abreast of state of the art developments. ( ) 14

Registration Requirements example (2) An applicant Digital Forensics should: ( ) Basic requirements: keep up to date with technological and other developments in the field and taking active steps to maintain competence; be aware of fundamental principles of forensics investigations (e.g. crime scene investigation, chain of custody, principles of evidence) have adequate knowledge of collection, examination and analysis of data. 15

Registration Requirements example (3) An experienced reporter or a newly qualified reporter should: Specific requirements: demonstrably have interpreted and reported 4 case reports (criminal, civil or administrative law) in the preceding 4 years that have been subjected to collegial review. For each stipulated subfield the reporter should have at least two case reports. have spent minimally 40 hours per year in the past 4 years on continued professional development (e.g. conference attendance, giving or attending lectures or courses, publications). Documents to be submitted: Certificates for (proficiency) tests or courses attended An overview of forensically relevant continuing professional development 16

Preserve & collect phase questions Questions related to the forensic soundness of data collection, for example: Was the electronic equipment correctly secured? Is the bypassing of the access code correctly carried out? Is the data correctly safeguarded from complex infrastructures like industrial control systems? 17

Extract & examine phase questions (1) Questions on identification and date & time, for example: What data concerning the crime can be found on what exhibit, what is the location of the data and by what means can it be retrieved? When has the data been accessed, modified and/or changed? Can it be ascertained when the retrieved data has been stored on the data carrier? 18

Extract & examine phase questions (2) Questions on the methods of extraction, for example: Was the data accessible by use of software available to the suspect? Was deleted information, e.g., messages, photos and videos, correctly retrieved? Is the exchange of data, captured in a network trace, correctly made visible? 19

Data analysis phase questions (1) Questions regarding the reconstruction of how digital evidence ended up on the material under examination, for example: Is digital evidence present on the material under examination? What is the nature of the digital evidence on the material under examination? How did the digital evidence end up on the material under examination? 20

Data analysis phase questions (2) Questions relating to the interpretation of information, for example: Does the read data match a scenario outlined in advance? Given alternative hypotheses, what can you say about the evidence that was found? Given the evidence that was found, what can you say about the alternative hypotheses? 21

Data analysis phase questions (3) Follow-up (qualitative) questions aimed at providing clarity about the extent to which a particular event or action can be attributed to a person, for example: How much knowledge and skill in the field of digital technology is required in order to achieve a particular result? Is a particular event or action technically difficult? 22

Status register for Digital Forensics Number of DF registrations in January 2018 Area 008.1 Computer Forensics 5 008.2 Software Forensics 5 008.3 Database Forensics 1 008.4 Multimedia Forensics 0* 008.5 Device Forensics 5 008.6 Network Forensics 2 # experts * One application in progress How to assess expert witnesses with short reports, e.g., critically evaluating the report of another expert witness? 23

Thank you for your attention henseler.h@hsleiden.nl www.linkedin.com/in/henseler 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback