Skill Certifications vs

By Deb Radcliff  |  Posted 2008-01-02 Print this article Print

Who has the right to probe digital crime? That very question may be the next battleground between the flatfooted private detective of old and the new-age computer sleuth.

Do a keyword search on "Digital Forensics and Private Investigation" in any state private investigator database and you'll see that the listings do reflect poorly on the reputation of digital forensics. Most are for cheesy divorce and personal monitoring firms advertising, "Is your spouse cheating on you?"

Quality control around digital forensics is a major issue. Private investigators and IT experts alike say they are worried about protecting the evolving profession and are looking for ways to institute measurable quality controls.

"Requiring digital forensic experts to obtain PI licenses does not serve the public's best interest," says Toby Finnie, executive officer of the High Tech Crimes Consortium (HTCC). "Instead, digital forensic examiners should be required to show demonstrated levels of competencies, based on standards and practices developed by peers."

HTCC, a law enforcement assistance network with more than 1,800 members in 37 countries, is drafting a briefing paper to provide background information and guide state legislators in their development of independent practical regulatory controls for forensics that can keep pace with the dynamic discipline.

"Like a doctor who's gone to medical school, works in his field, takes continuing education and maintains his medical licenses—that's the level of accountability we need for digital forensics," says Stan Kang, a principal in the Forensics and Investigative Response Practice of Verizon Business Services in Norfolk, Va. "Since most companies outsource digital forensics to consultants, they need a way to know that chain of custody and other rules of legal evidence are applied."

Because they are already licensed by their industry-specific agencies, certified accountants, medical examiners and engineers are exempt from state PI requirements, Abrams explains. IT professionals are pushing for the same thing for forensics, but Abrams contends that states don't want the cost and overhead of setting up another independent licensing body.

In South Carolina, an ad-hoc advisory committee is revising the state's computer forensic regulation under its PI laws to include definitions and guidelines for digital forensic professionals, which will go to legislature by end of January, according to Abrams. These guidelines are being modeled after the Georgia, Nevada and North Carolina guidelines. The North Carolina guidelines are currently in committee. Both the Georgia and Nevada guidelines have died in committee, but expect them to be back, says Finnie.

FORUM DISCUSSION: Should states mandate licenses for forensics pros? Tell us what you think at ITLink.

States are looking to the failed Nevada legislation as a model for defining these qualifications. The attempted revision to the proposed statute defined a digital forensic professional as "a person who engages in the business of, or accepts employment using, specialized computer techniques for the recovery or analysis of digital information from any computer or digital storage device, with the intent to preserve evidence, and who as a part of his business provides reports or testimony in regards to that information."

Nevada's qualification guidelines include 18 months' experience, a Bachelor's degree in computer forensics, and a Certified Computer Examiner (CCE) credential or its successor equivalent. South Carolina won't have a requirement for any particular degree, but will require minimal training, CCE certification and annual continuing education to remain licensed, according to Abrams.

At present, the CCE is the most recognized forensic certification available to the private sector and the only one open to the private sector being considered in state PI licensing laws. The credential requires professionals to abide by a strict code of ethics and pass a stringent certification exam that tests skills and knowledge. There are about 1,000 CCEs, of which about 70 percent are in the private sector and the balance in law enforcement, says ISFCE's Mellon.

Mellon acknowledges that the ISFCE and his training firm, Key Computer, have a lot to gain through such legislation. The exams are offered at a modest $300 fee, he says, so they're not a big money maker. Still, experts question the ability of one organization to meet the demand.

The ISFCE is currently considering reorganizing itself into a non-profit to be more flexible in structure, Mellon says. As a non-profit, he notes, the ISFCE can take a stronger political stand against the takeover of his profession by private eyes.

"Forensic examiner licensing can only be a good thing," says Mellon. "But you don't want it to fall on 50 state PI licensing agencies to manage. So, we're reaching out to our listserve of CCEs telling our members how to reach their legislatures and what to tell them."

All state examiners need to get together with their digital forensic communities to develop a unified exam for the states before it's too late, says Norcross Group's Phipps. He adds, "Under an independent exam, we [digital forensic professionals] can control our own destiny."

Deb Radcliff is a freelance writer and editor in Northern California who specializes in computer-based crime and information security.

WRITE TO US: What's your take on the digital forensic debate? Send comments to editors@baselinemag.com.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.