Whenever a company engages a third party to provide a product or service, a vetting process should be undertaken to ensure that the contract will be performed with due prudence and responsibility and to an appropriate standard. Never is this more important than in the field of computer forensics, where the quality of the investigation can have a significant impact on the outcome of a case.
In order for any evidence recovered during a computer forensics investigation to be admissible in a court of law or employment tribunal hearing, the firm must be able to show that the investigation was conducted with all due diligence. For this reason, any company looking to engage the services of a computer forensic expert should only consider firms who are able to show that all investigations will be conducted in line with The Association of Chief Police Officers (ACPO) guidelines for computer evidence. The ACPO guidelines outline good practice when collecting digital information for the use of law enforcement, as summarised within four main principles:
1. That no changes should be made to evidence during its handling which may be relied upon in court;
2. That any person accessing such evidence should be qualified to do so, and to explain the reasons and implications of doing so;
3. That an auditable trail should be kept that documents all interactions with the evidence, to a standard which allows an independent party to later duplicate the process and achieve identical results;
4. That the person in charge of the investigation is accountable for its adherence to these principles.
Another mark of quality that corporations and legal professionals can look for when considering engaging the services of a computer forensic expert is registration under British Standard European Norm International Standardisation Organisation 9001. BS EN ISO 9001 refers to an internationally accepted standard for a business or other organisation’s quality management. Successful registration involves an auditing process carried out by an external certification body to ensure that this standard is being met. As such, a company which is BS EN ISO 9001 registered may be assumed to take action to satisfy the needs of its customers whilst operating within the regulatory frameworks which govern its practices.
Another method that is often used by legal professionals to ensure that computer forensics firms are reliable is to select only those who are registered on the Sweet & Maxwell Expert Witness Directory. Any expert witness appearing on the register will have been through a robust vetting procedure which includes verification of the quality of work produced and performance in court by two independent solicitors. Expert witnesses must prove a comprehensive understanding of the legal issues relevant to their field and a high level of experience conducting investigations and giving evidence. Remaining on the register also requires experts to adhere to a strict Code of Practice In this way, a computer forensic expert who appears on the register is more likely to be dependable, reliable and conduct their part in an investigation or court case with due diligence.
While these methods should not entirely replace a company’s own vetting procedures, which might involve visiting a firm onsite or conducting background research on key personnel, they can offer an efficient way to shortlist potential computer forensic firms and protect against sub-standard work that could jeopardise an investigation.