Brett's Ramblings

Font size: +
3 minutes reading time (643 words)

“I am neither a digital forensics practitioner nor do I play one on television.”

dfirregs

TL: DR (this is the important part)

One day, your DFIR profession may be negatively affected by your behavior in your private life, judged by a third party’s ethical standard. And your creativity to solve cases will be restricted by only being allowed using approved processes. Oh yeah, this external party making judgment won’t be DFIR practitioners…

 When you let someone else make the rules

If we the practitioners do not police ourselves, someone else will. (https://brettshavers.com/entry/the-last-thing-we-want-is-the-first-thing-we-need-in-df-ir). You will be regulated eventually; it is inevitable. The result of this regulation that will happen is totally up to what you do or do not do today.

Several states have been co-mingling Private Investigator regulations to require the DFIR field to follow the same regulations as a PI, and I have seen NGOs quietly creating their suggested guidelines for regulation. Independent DFIR associations (non-profits, not-for-profit, and loosely organized associations) have created their own standards of ethics, training, and education. 

The Deciders

This article is a good example of what is coming: “There’s no code of ethics to govern digital forensics – and we need one

The reason that this article is an excellent example of what I keep harping on is summed up in the first sentence:

“Let me begin with a disclaimer: I am neither a digital forensics practitioner nor do I play one on television.”

Like most things in life that are regulated, the regulators are not practitioners and see things from a different perspective. In my opinion, the practitioner needs to be involved in the creation of regulations that affect the practice.

Your private life will be under scrutiny as part of working in DFIR.

“Unlike medicine or law, each of which has a single, overarching code of professional ethics enforced by the states, there is no comparable code that describes how a digital forensics practitioner should (or must) behave in his or her professional life.” - https://theconversation.com/theres-no-code-of-ethics-to-govern-digital-forensics-and-we-need-one-45755

This private life scrutiny won’t be an issue for many, but that will also depend upon what is commonly acceptable behavior today in your private life as compared with what may or may not be commonly acceptable tomorrow.

Several statements in this article should give you pause about how DFIR might become regulated.

“[  ] digital forensics is not science-driven; instead, it is driven by its practitioners.”

‘[  ] Unlike DNA analysis, there’s no standardized protocol for identifying, recovering, or processing digital evidence. As a result, two different technicians at different crime labs might reach different conclusions about a particular piece of evidence.”

‘[  ] there isn’t a code of ethics that governs the professional behavior of digital forensics practitioners.”

“We will also reach out to leaders in the AAFS and the American Bar Association for help with developing the code.”

“[ ] the lack of agreed-upon standards is a big problem.”

I recommend fully reading the article. In short, the writer states that digital forensics is the “Wild West”, and it is imperative for non-practitioners to create a code of conduct that not only covers DFIR processes and procedures, but also includes their personal life.

Credit where credit is due.

I give every person and organization credit that is working to create a blanketing regulation of DFIR. They have the interest and are making the efforts to create our ethical code and the processes that we will be required to use in DFIR.

Unfortunately, DFIR practitioners are too busy practicing their trade to be concerned about this movement of imminent regulation.

On a positive note,

We could use some regulation that we have a large part in creating. We can prevent over-reaching, incomprehensible, and impossible to follow regulation created by those who may not understand how the job is actually done.

Otherwise, we will just have to follow rules that govern what we do, even when the rules won't do what they were intended to do.

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

DAIR: Digital Analysis/Incident Response?
The DFIR Investigative Mindset