Saturday, October 15, 2016

ISO/IEC 17025/17020 - One-Person Organisation

Having just finished part two of the work study into QA and Laboratory Accreditation MTEB UK SEMINARS 2016 II v03- QA Lab Accreditation.pdf ( ) I came across this cracking article by Karin Athanas, Program Manager at the American Association for Laboratory Accreditation (A2LA) titled "Accreditation for the One-Person Organization - The smallest laboratories can teach us the biggest lessons." ( )

Basically Karin's article helps us understand that one, two or three person/s organisation/s should not be put off but can and should apply for ISO/IEC 17020 and 17025 as the requirements are not insurmountable, particularly when it comes to allocation to whom the quality manager's role, audits etc. will be allocated and deemed to be responsible. I also read this to mean that ABs might need to widen their scope to appreciate many roles in a accredited system can be held by one person.

Karin's article is a recommended read.

Sunday, October 09, 2016

QA and Laboratory Accreditation

MTEB UK SEMINARS 2016 II v03- QA Lab Accreditation.pdf
Read more - updated link

QA and Laboratory Accreditation. Previously, lab criteria applied to mobile phone forensic testing was randomly applied:

- various industry standards
- public and private approach to best practice
- guidelines/training courses
- Some certified ISO9001, some sought UKAS accreditation.

The introduction of a UK Forensic Science Regulator (FSR), there are now mandated ‘Codes of Practice and Conduct’, standards and accreditation applicable to mobile phone forensic evidence:

- ISO/IEC 17025 e.g. requirements for the competence to carry out tests and calibrations...
- ISO/IEC 17020 e.g. scene of crime and in the field activity
- UKAS Accreditation

The FSR’s strategy moves the goalposts away from simply applying industry best practice and random approaches to a common purpose – provision of forensic science across the criminal justice system is "subject to an appropriate regime of scientific quality standards"

That common purpose approach has been developing for approximately 6 years but only really in the last several years ISO/IEC 17025:2005 has  started to make its mark and the first accreditation to requirements of Forensic Science Regulator’s ‘Codes of Practice and Conduct’ was  2014.

- still early days for the public and private sectors
- very small number of organisations accredited for mobile phone forensic evidence
- it could be said we are all pioneers to new endeavours
- common purpose does not dilute ‘speciality’ distinguishing one organisation from another
- FSR deadlines for public sector forensic science overall 2017-2020
- e.g. Law enforcement mobile phone forensic test laboratory accreditation by Oct 2017
- Lead times of 18-months to implement suggests 2017 deadline could be missed
- ‘devil in the detail’ causing much more work than at first thought

There is increased demand for practical solutions and helpful insights that may assist prepare for accreditation.

Saturday, September 03, 2016

Adopted Cloud Vocabulary and Architecture

Adopted Cloud Vocabulary and Architecture

Given the amount that is written about the Cloud it is not surprising that many have entered various terminology and definitions into text that it can be difficult to know which are accepted industry vocabulary. Part of the work of the ISO/IEC is produce standards adopted by national bodies; thus they hold greater weight when used to identify particular technology in legal proceedings, for development reports or quotations/tenders or for training/education purposes because such vocabulary and definitions have been adopted by industry (**see more details below).

Two standards I would recommend all organisations retain a copy:

ISO/IEC 17788:2014 1st Information technology -- Cloud computing -- Overview and vocabulary JTC1/SC38 provides an overview of cloud computing along with a set of terms and definitions. It is a terminology foundation for cloud computing standards.

Download Standard:


ISO/IEC 17789:2014 1st Information technology -- Cloud computing -- Reference architecture JTC1/SC38 specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships

Download Standard:


ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 17788 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 38, Distributed application platforms and services (DAPS), in collaboration with ITU-T. The identical text is published as ITU-T Rec. Y.3500 (08/2014)

ISO/IEC 17789 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 38, Distributed application platforms and services (DAPS), in collaboration with ITU-T. The identical text is published as ITU-T Rec. Y.3502 (08/2014).

Friday, September 02, 2016

Smartphone Platform Leader

According to Statista Android is the undisputed smartphone platform leader. Of course, a single identified platform does not of itself identify which of the Android OS versions is used more than any other. Wikipedia Android version history states Android Lollipop 5.0-5.1 ( ) is the single most widely used Android version.

Additional information about Android -

In comparison the above chart illustrates a decline in all other platforms. This again tends to suggest not dismissing other smartphone platforms until identified what they are ( ) and identifying other smartphone OSs ( ), which can assist forecasting how to structure the investigation process and what examination lab tool/s is/are most likely to be required.

British Airways i360

Took a day off from work to take my wife and grandson to visit the new British Airways i360 viewing tower in Brighton, Sussex, England. The i360 Guide informed me this new tourist feature goes higher than the London Eye but lower than The Chard in London. We had a good time; but I wont spoil it for you by showing you the photos of the spectacular views across Brighton.


Apple iPhone connected devices

Proliferation of mobile devices and computers associated with cybercrimes and legal disputes grow on a daily basis. I thought perhaps readers might find this 2015 document a useful and helpful reminder. DEFT Practice Notice J10702015.pdf

Saturday, August 13, 2016

Admissibility of Computer Evidence in Criminal Proceedings

Admissibility of Computer Evidence in Criminal Proceedings
The article *‘Admissibility of Computer Evidence in Criminal Proceedings’ was originally produced back in 1998 and appeared in a publication produced Professor David Bainbridge, Aston University, relating to intellectual property and computer evidence.

After the 1998 article was written changes took place in **law. These changes related hearsay evidence and presumption of a computer operating properly at the material time. In an article “written for a law magazine by Professor Graham Robertson ICAF (now deceased) and me, we discussed the merits the repeal might have impact regarding evidence. We noted:

“However, with rapid advances in computer technology have made Section 69 an increasingly difficult hurdle, primarily for the Prosecution to overcome. In a Report, No. 245, produced by the Law Commission on recommendations on "Hearsay Evidence" about computer material it raised the proposition that computers should be accepted in evidence, as a natural presumption, that they are operating properly at the material, thus recommending repeal of S69 Police and Criminal Evidence Act (PACE) 1984.
“On the 14th April 2000 the legislation necessary to remove the requirement for computer certification was implemented by virtue of Section 60 Youth Justice and Criminal Evidence Act 1999. The effects of this implementation, apparently it brings computer evidence into line with evidence from mechanical sources such as traffic lights and speedometers.”

The purpose of reproducing ‘Admissibility of Computer Evidence in Criminal Proceedings’ is that comments and conclusions stated in the article back in 1998 have in part resurfaced in 2013 as noted in the following materials.....

The extent to which the later 2013 discussions might have impact or introduce change about ‘hearsay evidence’ and ‘presumption’ about computers could require a more in-depth analysis of the impact of cybercrime attacks reported on networks and computers that have soared in recent years and occur virtually on a daily basis in 2016.

Governments around the world have spent many millions of pounds/euros/dollars in financing law enforcement departments and purchasing hi-tech equipment to combat cybercrime and for capturing evidence from networks and computers, the target victims of cybercrime. In the UK, by virtue of the fact the Government acknowledge networks and computers may be compromised, contaminated and unreliable, this position might be difficult (indeed, even be untenable) to reconcile with Statutory law provisions where the Government and Legislature have directed Courts of Law to presume networks and computers are reliable and that hearsay evidence should be allowed on that basis.

Indeed, most law enforcement websites now offer advice about cybercrime, further underpinning the change to the technology landscape that was not around when s.69 PACE was repealed.

Cybercrime might well turn out to be the technology cause that brings about a re-think for the re-introduction of s.69 PACE 1984 or similar legislation with respect to evidence obtained from networks and computers. That might be because back in 1999 when the computer was said to be working properly at the material time or if not would be down to network faults, software glitches or hardware failure in computers etc., it was presumed not to impact on data (evidence) that might be recorded and stored.

However, attacks on varying network protocol layers, malware, ransomware, Cryptovirology etc. weren’t (or were not as much) prevalent back in 1999 and thus would have had a significantly less influence during repeal of s.69 PACE 1984. Had that debate occurred today, of course, it may well be that an entirely different outcome would be reached.

Tuesday, August 02, 2016

Universal Coded Character Set (UCS) & JPEG 2000

When technically researching and investing evidence on smartphones, computers or network storage two further standards worth keeping in your research library that are available and recently updated:

ISO/IEC 15444-4:2004 2nd Information technology -- JPEG 2000 image coding system: Conformance testing bitstreams
ISO/IEC 15444-5:2015 2nd Information technology -- JPEG 2000 image coding system: Reference software
ISO/IEC 15444-12:2015 5th Information technology -- JPEG 2000 image coding system -- Part 12: ISO base media file format

ISO/IEC 10646:2014 4th Information technology -- Universal Coded Character Set (UCS)
ISO/IEC 10646:2014/Amd 1:2015 1st Information technology -- Universal Coded Character Set (UCS) -- Amendment 1: Cherokee supplement and other characters
ISO/IEC 10646:2014/Amd 2:2016 1st Information technology -- Universal Coded Character Set (UCS) -- Amendment 2: Bhaiksuki, Marchen, Tangut and other characters

Monday, August 01, 2016

Information Security and Biometric Attacks

Two ISO/IEC standards available and updated for 2016 that should be in your cyber management and technical library:

ISO/IEC 27000:2016(E) 4th Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary

ISO/IEC 30107-1:2016 1st Information technology -- Biometric presentation attack detection -- Part 1: Framework