The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Security Perspectives

Fri, August 29, 2003General

Computer Forensics: Science or Fad?

By Marc Rogers

The private sectors’ push to jump on the computer forensics bandwagon threatens to turn an evolving scientific discipline into a mere fad; a lack of standards and training can result in bad case law, guilty parties escaping prosecution and innocent parties being “railroaded” into incarceration.

Historically, computer forensics was restricted to law enforcement, the military or other government agencies. There were limited tools, common training and a very limited number of forensic investigators. Concepts such as the chain of custody and rules of evidence were built into standard law enforcement procedures. Today, we no longer have a restricted pool of commonly trained investigators; anyone can hang out a shingle claiming to be a computer forensics investigator.

Currently there is no recognized professional body over-seeing any designations, no nationally or internationally recognized standards, curricula, common body of knowledge or training. The state of computer forensics is proprietary and fragmented. Vendors are clouding the issue by claiming that computer forensics is merely a piece of software as opposed to a formalized methodology.

In order for computer forensics to be a legitimate scientific discipline, it must meet the same standards as other forensic sciences. These include formal testable theories, peer reviewed methodologies and tools, and replicable empirical research. Sadly, these standards are not being met.

As evidence evolves from physical, paper based media to the virtual realm, the need to ensure that digital forensic science, and the sub-discipline of computer forensics, matures as a true scientific field, is obvious. To continue to allow the field to “naturally” progress without the appropriate scientific rigor is a mistake. We need to increase our efforts to develop, a unified approach to education and training in computer forensics, a common body of knowledge, and increase empirical research. Failure to do so will result in computer forensics being relegated to a “fad” conducted by amateurs, resulting in contaminated or lost evidence.

Marc Rogers PhD, CISSP, is a research scientist and assistant professor at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

SECURITY WIRE DIGEST, VOL. 5, NO. 65, AUGUST 28, 2003 Copyright (c) 2003, Information Security and TechTarget. No reuse or redistribution without the express written authorization of Information Security and TechTarget. To obtain reuse permission, contact Larry Walsh.

Get Your Degree with CERIAS