Digital forensic labs need accreditation


Digital forensic labs conduct risk assessments, carry out analysis of computers for fraud and corruption, and deal with general cybercrime cases like hacking.

The police should partner with private labs to alleviate the large backlog in forensic cases in SA. However, this may not be possible anytime soon, as private digital forensic labs (DFLs) are struggling to get standardisation.

Riana Smalberger, head of the DFL at Specialised Services Group (SSG), says trying to get accreditation is a challenge for DFLs in SA, simply because there is no set route to achieve this, ITWeb reports. “Having accreditation gets a lab’s methodology approved so an outside body can see that it conforms to a general standard. If labs have a general standard to follow, then not as many cases will get thrown out of court.”

SSG says digital or computer forensics involves the identification, collection, preservation, examination and analysis of digital data, using a forensically sound methodology that will stand up in a court of law. “We’re battling to get industry people involved to start with an accreditation process for digital forensic labs and a set of standards. It’s a huge nightmare at the moment,” says Smalberger. “We follow a very strict methodology and procedure. The goal is to not tamper with evidence.” However, she says formal accreditation is still required. “So many cases are being thrown out of court because of a lack of following methodology and the correct procedures. There needs to be standards for analysis.”

Private help
“If we look at government’s backlog at the moment we can see the need for these types of labs. We are in the digital age and that also brings about a need,” notes Smalberger. Democratic Alliance shadow minister of police Dianne Kohler Barnard says over the last four years, court case backlogs have steadily risen in SA, driven in large part by backlogs in forensic laboratories. “Our forensic laboratories are now, in fact, in a state of crisis – they serve as one of the most severe bottlenecks in the entire criminal justice system, with the number of backlogged samples having increased by more than 300% since 2007.” It is for this reason that non-governmental organisation The DNA Project has always lobbied for the use of private labs to alleviate the backlog in the government forensic labs.

Smalberger says the same needs to happen for DFLs and this is why a formal set of standards and an accreditation process are so important.

SSG’s DFL was started on 1 May last year and was officially unveiled in October. Smalberger says it investigates and interrogates electronic data from computers, mobile phones, GPS devices and other electronic storage equipment. “Government is using something like this and we are getting a few requests from SAPS due to their backlog.” The lab deals with risk assessments where information is gathered about systems and clients are advised accordingly. It also does normal analysis of computers for fraud and corruption, and deals with general cybercrime cases like hacking.
“One of the things that’s huge in Johannesburg and Pretoria is intellectual property conflict and we deal a lot with these cases,” says Smalberger. She adds that the lab also works closely with the police on child porn cases. “Because of the police backlog, we find individuals come to us with these incidences.” The DFL also does e-mail tracking and so can trace spammers and cyber stalkers. Smalberger adds that the lab can also help employers with insider threats and to see which Web sites their employees are viewing.

The lab uses two forensic software toolkits – EnCase and FTK – that are used by the FBI and Scotland Yard. These cost about R300 000. There are also two software toolkits – XRY/XACT and Cellebrite – to analyse mobile phones, GPS devices, iPads and other mobile units, and these cost about R200 000. These forensic tools allow the lab to examine deleted information from mobile and other devices. The pairs of kits do basically the same thing, but two are used for the sake of verification, explains Smalberger.