At its essence, digital forensics is the identification, preservation, examination and analysis of digital evidence, using scientifically accepted and validated process, and the ultimate presentation of that evidence in a court of law to answer some legal question.
This is according to Jason Jordaan, principal forensic scientist at DFIRLABS, who will be talking about ‘Becoming a digital forensics practitioner', at the ITWeb Security Summit 2018, to be held from 21 to 25 May at Vodacom World in Midrand.
He says although this definition may seem clinical, it doesn't fully communicate seriousness of the work that a digital forensics practitioner does. "By examining and analysing digital evidence and testifying about that evidence in a court, they effectively have a significant impact on the life of people by what they do. Their evidence can be responsible for sending someone to prison, paying a significant fine, or keeping someone from escaping justice. Moreover, civil and labour matters can impact on a person or company financially and reputationally. It is crucial that they get it right every time as there is a real human cost if they get it wrong."
Jordaan says properly qualified digital forensics practitioners need a combination of qualifications. "Firstly a decent academic degree in one of the computing of digital engineering sciences, which establishes their foundational knowledge in computing, as digital forensics is a defined specialisation in the computing sciences, much in the same way a forensic pathologist would need to first study to become a doctor."In addition to academic qualifications, he says practitioners require technical and professional training in digital forensics principles and processes. "This training is in addition to any training that they require to use specific digital forensics tools that have. Training in digital forensics tools is not training in digital forensics. It is only training on how to use specific tools to perform specific tasks. Just being trained to use a specific tool does not make one a digital forensics practitioner, no more than being trained to use Excel makes one an accountant."
He says considering the impact their work can have on an individual's life, a digital forensics practitioner should also undergo competency testing each year to be objectively determined to be competent in what they do.
Over and above annual competency testing, digital forensics practitioners should undergo continual annual training to keep up to date in a fast moving discipline with 40 hours a year being considered the minimum. "Unfortunately in South Africa we fall very far behind the rest of the world in terms of the qualifications of our digital forensics discipline."
Jordaan says digital forensics has changed considerably over the last decade, and most significantly, that is has become recognised as a full-blown forensic science discipline, which is now held to the exacting standards of forensic science. "It is no longer just some type of investigative technique that can be done by just buying some tool and doing a course in how to use that tool."
Delegates attending Jordaan's presentation will get a detailed understanding of the current international trends and standards in the practice of digital forensics and learn what is considered the minimum standards for a digital forensics practitioner.
"It will allow attendees to be able to accurately assess the competence of digital forensics practitioners that they hire or that they retain, to ensure they not only get a competent practitioner, but that the practitioners they use or have can actually add value, solve problems, and see justice done."