Summary
Highlights
This section introduces the learning objectives, covering standard operating procedures, digital forensic laboratory accreditation standards, and various checklists, including those for laboratory managers, examiners, technicians, budget, training, evidence control, quality assurance, equipment, health and safety, and facilities.
The process of constructing a new forensics laboratory involves four general activities: planning, design, construction, and moving. Planning includes needs assessment and design program, while design covers site access, security, and electrical systems. Specific room types for various forensic sections (e.g., controlled substances, toxicology, DNA, latent prints, computer evidence) and general laboratory design elements like work surfaces and evidence dry rooms are also detailed.
A comprehensive checklist for computer forensic laboratories is provided, covering physical security (door locks, wall construction), disaster preparedness (fire, flooding), secure evidence storage, written policies and procedures, case management systems, network isolation for examination computers, centralized document storage, and validated field kits. It also emphasizes the importance of hardware and software tools for data recovery, acquisition, and specialized analysis.
The accreditation process focuses on three essential elements of a digital forensic case: computer network evidence recovery and analysis, and digital evidence analysis, recovery, preservation, and interpretation. It outlines the steps for universities seeking accreditation, including initial contact, preparing course outlines and an in-depth matrix, assessment visits by a panel, communicating results, and annual reviews.
This section explains that the accreditation service helps establish and maintain education standards in forensic science, involving major employers and professional interests. Accreditation is based on a series of component standards that address specific areas of forensic practice. Codes for each component standard, such as crime scene investigation (CSI), lab analysis, and digital evidence analysis, are provided.
The Certified Forensic Computer Examiner (CFCE) credential, the first for computer forensics in Windows-based systems, is discussed, noting its administration by the International Association of Computer Investigator Specialists (IACIS). A detailed checklist for digital forensic examiners is presented, covering educational qualifications, training hours, certifications, proficiency exams, and knowledge of examination equipment and procedures.
This segment guides examiners through preparing a case file, ensuring proper authorization (search warrant/consent), requesting laboratory examination with keywords, and creating reports and analysis worksheets. It also covers creating keyword lists, compiling evidentiary files onto CDs with appropriate utilities, and assembling a final report with all relevant documentation.
Health and safety considerations are paramount in all stages of the forensic process. Personnel must operate in accordance with government regulations and laboratory policy. This includes having safety manuals, conducting risk assessments, developing safe systems of work, maintaining clean work areas, providing appropriate safety equipment, and instructing staff on emergency procedures (fire, bomb threats, spills, electrical accidents). Regular drills and qualified first aid personnel are also essential.
A robust complaints procedure is outlined for reviewing miscarriages of justice and anomalies to identify trends and inform senior management. All complaints are to be recorded, investigated, and corrective actions taken to prevent recurrence. Prompt action is required for any anomaly affecting the validity of results. For laboratory examinations, anti-contamination precautions are crucial, and items are to be inspected for packaging integrity before processing. Electrical hazards and static discharge risks must be minimized, and written procedures based on national or international standards, like the ACPO good practice guide, should be maintained and understood by all staff.