First published June 2010
by Dr Chris Hargreaves, lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK
If the research described in this example was carried out purely from a computer security perspective then there is precedence in how to address these issues. In vulnerability research, (e.g. a problem is discovered in a browser that could allow an attacker to access personal data) a common practice is to publish the results but to give the software company advance notice so they have time to fix the vulnerability prior to the results being made public. The difference in the case of digital forensics research is the clear benefit offered to investigations into unlawful activity by preventing the results from being made public.
The best course of action regarding publication is even less clear if we take into account users who are not covering evidence of unlawful activity, but are using the ‘evidence removal’ software to erase their personal information prior to selling a piece of old equipment. In the earlier example, in the course of conducting digital forensics research a problem was discovered with a piece of software potentially used by law abiding citizens to protect their privacy and their personal data. Publishing the results of the research may highlight the limitations and may help them protect their privacy. Is withholding this information from the public in order to prevent the covering up of unlawful activity acting in the best interests of society? Perhaps the paraphrasing of Asimov’s laws of robotics used in Wright (2006) is appropriate here: “A computer scientist may not injure humanity, or, through in-action, allow humanity to come to harm”?
Furthermore, publications are an essential part of the research process. The publication and peer review of results ensures that subject knowledge expands, that existing knowledge is preserved, and that obtained data and theories are correct. It also prevents the same research being carried out multiple times by different people. There is a question over whether this field can afford such duplication of effort.
Discussion of issues such as these always seems to raise more questions than it answers. Perhaps that is the point, and that discussing this issue may help to provide some answers as to a best practice or guidelines regarding the publication or dissemination of the results of digital forensics research.
Wright, D.R. (2006), Research Ethics and Computer Science: An Unconsummated Marriage. ACM Special Interest Group for Design of Communication.
Click here to discuss this article.
Chris Hargreaves is a lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK. Chris is involved to some extent in all of the Centre’s core activities: Education, Research and Consultancy. Chris’s main focus is research (publication list available here), but he also teaches on several of the modules within Cranfield’s MSc programme including Advanced Forensics, the newly revamped Programming for Practitioners, and also some of the new courses planned for next year. Before taking on a lecturing position, Chris obtained his PhD at Cranfield on the topic of “Assessing the Reliability of Digital Evidence from Live Investigations involving Encryption”.