Is There a Need for Industry Control?

First published April 2005

by Nick Furneaux
CSITech
www.csitech.co.uk

For many years if someone asked what I did for a living I would have to use an all-purpose description such as I worked in computer security or even worse I would just mumble ‘computers’. Now, if I say computer forensics, they say, ‘Oh, like on CSI [a popular TV show], what colour is your Humvee?’ For the first time last month I was asked by someone (who just about knew how to pick up email) how they could get into my line of work, and this both worried and interested me at the same time.

Searching the forums I find many basic questions by those looking to get into the ‘industry’ or even more worryingly asking, ‘I’m just setting up my own business, how do you image a hard drive?’ Is this new trend a good thing or bad thing for our ‘art’?

It was not until I really stopped and thought about not only the complexities of electronic forensics but the consequences of getting it wrong that I became concerned. Can we even begin to imagine the miscarriages of justice that would happen if electronic forensic investigation became the new web design? Just about anyone with a good grounding in computing can stumble their way around EnCase or FTK, but knowing what the buttons do does not make a good investigator. So much more knowledge is needed along with a certain mind-set that takes an investigator in a particular direction or enables them to ‘see’ a line of reasoning or follow a hunch generated through experience.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

On the flip side, the industry, both in law enforcement and the private sector needs new blood, young computer engineers that do understand the new technologies and how people use the Internet today. How can we both attract them and yet control the flow of people to ensure a certain level of competency and protection?

My problem is that I can’t remember when I started in forensics. Although I have been involved with computer security in the corporate sector for a decade I am unable to remember my first investigative toe in the water. I think it was to do with an employee who was deliberately deleting key company files. I certainly remember flying to a meeting on the subject in the Physics Department of The University of Florida back in 1998 and have since worked in the UK, USA and Russia; but does that history make me an expert, a specialist? How can a defence team or a corporate IT department who pay for my services be sure that I know what I am doing?

The industry needs an International Controlling Body and even an industry qualification as is now appearing for computer security. In the UK, to be ‘approved’ by any of the official or even self-appointed directories of Expert Witnesses you just need to supply proof of work done for two law firms; that’s it! Great isn’t it? I was recently approached by a law firm that had received a marketing email from my company who retained me to defend an indecent images case. They handed over all the case notes and made an appointment for me to go to the police and gain access to 3 CDs worth of illegal images and they did this all without checking who I was. This cannot be allowed to continue.

The fact is that if a person walked into my local Law Enforcement HQ and asked for access to case files containing indecent images they would be escorted from the building. However, if the same person flashes one of my business cards and has been sent by a lawyer, or similar, they are ushered in and made a cup of tea.

As another example I contacted a local Police Force Hi-Tech Crime Unit this week as we have not yet worked with them. The pleasant and helpful officer who replied to my email didn’t ask for references, experience or indeed who the heck I was but was only interested in my day rate. I am very familiar with this reaction and I find turning up in a suit with a notebook computer and an expensive business card is enough to quell their fears. It shouldn’t be enough and is wide open to abuse. My company does all it can to improve the situation by providing references on request, having ID/photo style business cards and registering with key organisations. However, the worrying fact remains that a paedophile could get his fix by setting up as a private forensic investigator defending indecent images cases without downloading a single image himself.

If there was an International Governing Body offering recognised qualifications which could also be based on provable experience, it would be a simple procedure to check up on the investigator you are planning to hire. Businesses could be approved en masse with an ISO/BS style quality and competency standard enabling them to recruit and train new people, bringing new, young trainees into the corporate sector. It would not eliminate incompetence or some tenacious people determined to gain access to illegal material but it would be better than what we have today.

In the US they now have the self styled IISFA, the International Information Systems Forensics Association (http://www.infoforensics.org/) with their CIFI certification. This is quite a challenging exam and covers all the core elements of computer forensics including Intrusion Detection, Auditing and Countermeasures. This is all very nice but, in my opinion, much more suited to a corporate internal security team not to a specialist in hard drive or even mobile phone forensics. The other problem is how many of us have ever heard of the IISFA? This ‘International’ organisation has 13 ‘Chapters’ around the world and 11 of those are in the US; the only one in Europe is in Italy. (There are around 20 other certifications available from a variety of reputable sources and, shall we say, ‘others’ as of January 2005).

With the increase in computer crime affecting the whole world, getting new blood into the forensic investigation of electronic equipment is vital if the criminals are not going to win. Working for law enforcement as a trainee is an excellent and proven way in, however the numbers are not yet there and we need a defined and ‘safe’ way to recruit, train and hire people to work in this increasingly important arena.

I am not offering to set up the type of body discussed above, I believe it should come from an existing recognised body in the security arena and even if it did happen, getting companies or law firms to check the register would be yet another hurdle. However, in an industry that can give people access to illegal material and personal information and which can ultimately affect a person’s freedom, more needs to be done to control and protect our industry from gaining a bad name and ultimately protecting the freedoms of the people we represent.

Nick Furneaux – Security and Forensic Specialist
CSITech
www.csitech.co.uk

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, May 01 2024 #dfir #computerforensics

Forensic Focus 1st May 2024 5:30 pm

Marco Fontani joins the Forensic Focus podcast to discuss Amped Software’s latest AI-powered tool, DeepPlate. DeepPlate is a deep learning system designed to read license plates affected by common issues introduced by surveillance systems, making it a valuable asset for forensic video analysts.

Marco provides an in-depth overview of DeepPlate, explaining how it currently supports eight countries (France, Germany, Italy, the Netherlands, Spain, Sweden, the UK, and the United States) and how it uses separate models for each country to account for varying license plate formats. He also discusses the synthetic data generation process used for training the models, ensuring privacy and mitigating bias.

The conversation delves into the limitations and considerations when using AI-based tools in a forensic workflow, with Marco emphasizing the importance of bias mitigation techniques and proper interpretation of confidence scores. He stresses that DeepPlate is an investigative tool designed to provide a second opinion, rather than a tool for court admissibility.

00:00 – What is DeepPlate and what is its purpose?
02:45 – How many countries does DeepPlate currently support?
09:30 – What are the challenges of diplomatic and personalised number plates?
11:30 – How would a forensic video analyst use DeepPlate as part of their workflow?
13:40 – Can DeepPlate be used in Court?
16:30 – What is Amped Software’s position on AI?
19:00 – What will be the impact of updated models on results?
20:50 – What kind of data is used to train the system?
23:30 – How has the system been tested?
26:15 – What are the access conditions for using DeepPlate?
28:05 – Does Amped Software retain user data for DeepPlate and if yes for how long? 
29:45 – Is it possible to buy additional seats for your license?
31:00 – What are the limitations and considerations when using AI-based tools like
DeepPlate for forensic and investigative purposes?
35:20 – Does Amped Software plan to use AI in other areas?

Show Notes 

Washington State Judge Blocks Use Of AI-Enhanced Video As Evidence In Possible First-Of-Its-Kind-Ruling - https://www.linkedin.com/feed/update/urn:li:activity:7181308834370494464/

Neural Network for Denoising and Reading Degraded License Plates - https://link.springer.com/chapter/10.1007/978-3-030-68780-9_39

Introducing DeepPlate, Amped’s Investigative Tool for AI-Powered License Plate Reading - https://blog.ampedsoftware.com/2024/02/28/introducing-deepplate-ampeds-investigative-tool-for-ai-powered-license-plate-reading

Marco Fontani joins the Forensic Focus podcast to discuss Amped Software’s latest AI-powered tool, DeepPlate. DeepPlate is a deep learning system designed to read license plates affected by common issues introduced by surveillance systems, making it a valuable asset for forensic video analysts.

Marco provides an in-depth overview of DeepPlate, explaining how it currently supports eight countries (France, Germany, Italy, the Netherlands, Spain, Sweden, the UK, and the United States) and how it uses separate models for each country to account for varying license plate formats. He also discusses the synthetic data generation process used for training the models, ensuring privacy and mitigating bias.

The conversation delves into the limitations and considerations when using AI-based tools in a forensic workflow, with Marco emphasizing the importance of bias mitigation techniques and proper interpretation of confidence scores. He stresses that DeepPlate is an investigative tool designed to provide a second opinion, rather than a tool for court admissibility.

00:00 – What is DeepPlate and what is its purpose?
02:45 – How many countries does DeepPlate currently support?
09:30 – What are the challenges of diplomatic and personalised number plates?
11:30 – How would a forensic video analyst use DeepPlate as part of their workflow?
13:40 – Can DeepPlate be used in Court?
16:30 – What is Amped Software’s position on AI?
19:00 – What will be the impact of updated models on results?
20:50 – What kind of data is used to train the system?
23:30 – How has the system been tested?
26:15 – What are the access conditions for using DeepPlate?
28:05 – Does Amped Software retain user data for DeepPlate and if yes for how long?
29:45 – Is it possible to buy additional seats for your license?
31:00 – What are the limitations and considerations when using AI-based tools like
DeepPlate for forensic and investigative purposes?
35:20 – Does Amped Software plan to use AI in other areas?

Show Notes

Washington State Judge Blocks Use Of AI-Enhanced Video As Evidence In Possible First-Of-Its-Kind-Ruling - https://www.linkedin.com/feed/update/urn:li:activity:7181308834370494464/

Neural Network for Denoising and Reading Degraded License Plates - https://link.springer.com/chapter/10.1007/978-3-030-68780-9_39

Introducing DeepPlate, Amped’s Investigative Tool for AI-Powered License Plate Reading - https://blog.ampedsoftware.com/2024/02/28/introducing-deepplate-ampeds-investigative-tool-for-ai-powered-license-plate-reading

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_OVTrTRCC5ZQ

AI-Powered License Plate Reading With Amped DeepPlate

Forensic Focus 30th April 2024 9:58 am

Forensic Focus Digest, April 26 2024 #digitalforensics #dfir

Forensic Focus 26th April 2024 3:35 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles