Wednesday, February 14, 2018

Important principles in digital forensics


At a time when digital forensics is under the spotlight and taking salvos of criticism for poor performance and lack of knowledge about its own scientific subject matter (http://parliamentlive.tv/Event/Index/7767e1b9-0e44-4de3-8627-baf9d091f487 and https://www.theguardian.com/uk-news/2018/feb/12/police-outsource-digital-forensic-work-to-unaccredited-labs) there is no better time than to refresh on principles to signpost the way to go or leave a breadcrumb trail to find the way back to safe ground.

I posted comments back in November 2006 (http://trewmte.blogspot.co.uk/2006/11/cell-site-analysis.html) identifying principles to remember, recall and apply, when conducting Cell Site Analysis (CSA) - but they apply to examinations also -  that are still relevant to today (2G/3G/4G/5G/etc....) as they were since the inception of digital cellular radio services back in the late 1980s/1990s.

The requirements identified in standards as "mandatory", "conditional", "recommendations" and so on are not written for fun;  nor to be wilfully disregarded just because they appear complex, complicated or difficult e.g. cannot be bothered to learn them, my device/machine does the thinking for me; both render the human-being to be no more than a perfunctory-goffer (human obsolescence) for the processes generated by software and algorithms in a device or machine.

The four principles to easily remember, recall and apply:

- There are mandatory requirements with mandatory outcomes
- There are mandatory requirements with optional outcomes
- There are optional requirements with mandatory outcomes
- There are optional requirements with optional outcomes


Moreover, and a fundamental (and one might suggest absolute) requirement, is the importance to understanding 'Modal verbs terminology' adopted in the standards.

Modal verbs terminology

In the present document "shall", "shall not", "should", "should not", "may", "may not", "need", "need not", "will", "will not", "can" and "cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions)

"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.