An important aspect of most professional associations is its code of ethics. A code of ethics is normally established and defined by the practitioners themselves, and is part of a membership practice and (often) licensing. Membership can also involve government organizations, testing and licensing as well as monitoring and reporting of individuals who desire to remain in good standing. Annual fees often must be paid to become a member as well as ongoing education and upgrading of skills, not to mention re-certification at regular intervals. First and foremost, though, any code of ethics defines and guides the parameters under which the practice is carried out.
In computer forensics, The International Society of Forensic Computer Examiners (ISFCE)[1] establishes the code of ethics and professional responsibility for the field. It requires an examination which also has specific guidelines regarding how the exam is to be taken (such as not cheating). Like most codes of conduct, this one requires that each and every member abide by its rules in order to maintain good standing, retain licensing, and avoid potential suspension or revoking of certification if the code is broken.
Many organizations require that their members pass examinations to belong and adhere to the code of ethics or face expulsion, and sometimes even prosecution. These stringent guidelines are required in order to give credibility to the field. They work to assure that the services of the practitioner are accredited to high standards, and trustworthy. More, if the work is not deemed acceptable or questions of conduct, integrity or other behaviours arise, there is recourse and potential consequences for the member involved. Membership protects both the practitioner and the public that might draw upon the expertise and services.
Details of the code of ethics[2]
The heart of the code of ethics is broken up into two parts: what the practitioners “will at all times” do, and what they “will never” do. This two-part list includes unequivocal statements of responsibility. The code expresses the values and principles that guide the mission of the organization and its practitioners. Its stringent guidelines ensure that both the members and the public are protected with respect to the intent and function of those involved in forensic examinations.
What a certified computer examiner “will at all times” do
The code states, in part, that an examiner will at all times demonstrate “commitment and diligence”, “abide by the highest moral and ethical standards”, as well as “comply with all legal orders of the courts” and “thoroughly examine all evidence” within the scope of an investigation.
What a certified computer examiner “will never” do
An examiner commits to “never withhold any relevant evidence”, “reveal any confidential matters”, “express an opinion on the guilt or innocence of any party” or “engage in any unethical or illegal conduct”, among other express limitations.
Costs of certification
Currently, the certification process costs $US395. Members must retake the exam every two years in order to stay current. If an applicant fails the exam, there is a wait period before retaking it at a cost of $US175. The membership itself has no independent fee, but until the exam is passed, an applicant cannot claim to be a member of this group.
Broadly, the computer forensic code of ethics demands that its participants carry out their role in a manner that is free from bias, diligently and professionally pursued, and where violations are reported as quickly as possible. [3]
Elements of examination for certification
Potential applicants can download a guide to this process from the ISFCE. The guide outlines the general areas any practitioner needs to master in order to attain certification, but all areas may or may not be encountered in any single examination. The exam is completed online, and includes preparing three reports on media that are supplied for this purpose. In addition to testing on ethics and the law, applicants may also encounter questions regarding the following topics:
- Common software issues such as licensing and versions
- Hardware specifications and identification
- Media that might comprise part of evidence compilation
- Network overviews
- Mobile device forensics
- Operating systems
- The acquisition process: demonstrate standard procedures to collect evidence
- Forensic operation procedures
- Files and media geometry
- Procedures for forensic media and imaging techniques
- Manual file recovery skills
- Specific processing skills required in the examination
- Practical skills required in the process of data recovery
Benefits of membership
The ISFCE also provides a number of benefits to those who pass the exam and become bona fide members in good standing. The first benefit is the credibility that the member receives for being accepted to the organization. Names are often publicly listed on the website—and this is the case with the ISFCE.[4] This can be excellent advertising for people who work as consultants and to make connections with other members. In addition, ISFCE members gain access to a monthly journal, special insurance rates, lower costs on some tools of the trade, among other things. More, members gather at least once each year to network, which can be beneficial to establish contacts in the field as well as for future job openings and other opportunities.
Many professional organizations have a flagship organization that provides membership and offers licensing. In many cases membership is a prerequisite to practice. Law, medicine, education, to name a few areas, are examples. Membership can offer protection to both the practitioners as well as the general public, ensuring that only those who meet the standards of practice can carry out the work and those who request it can be sure they are receiving the best standards of practice from members and licensees.
[1] Home page for the ISFCE: //www.isfce.com/
[2] The code of ethics can be read here: //www.isfce.com/ethics2.htm
[3] //www.isfce.com/ethics2.htm
[4] //www.isfce.com/ccelist.htm
The Digital Forensics Certification Board (“DFCB”) exists to promote public trust and confidence in the digital forensics profession. In keeping with this goal, certificants must adhere to the highest standards of ethical and professional conduct and behavior. Consequently, the DFCB has established the DFCB Code of Ethics and Standards of Professional Conduct in order to more fully set forth the conduct and behavior required for all DFCB certificants.
Certificants pledge themselves to work with integrity and professionalism. Certificants have a professional obligation to their clients and to each other that includes, without limitation, subordination of self-interest to the interest of others.
Certificants shall follow these standards and strive always to demonstrate integrity, objectivity, competence, and confidentiality.
In order to comply with the Code of Ethics and Standards of Professional Conduct, every certificant of the DFCB shall:
Code of Ethics
Refrain from exercising professional or personal conduct adverse to the reputation, integrity, or image of the digital forensic profession, or otherwise to the best interests and purposes of the DFCB;
Report to the Board any violation by one’s self or another certificant of the DFCB Code of Ethics and Standards of Professional Conduct;
Refrain from issuing public statements that appear to represent the position of the DFCB without specific authority first obtained from the Board of Directors;
Acknowledge and agree to the provision of certification that any violation of the Code of Ethics and/or Standards of Professional Conduct, as determined by the DFCB in their sole discretion, shall be subject to disciplinary action including, without limitation, suspension or revocation of certification.
A Certificant of the DFCB shall:
Not engage in, or pressure others to engage in, any conduct that is harmful to the profession of digital forensics including, but not limited to, any illegal or unethical activity, any technical misrepresentation or distortion, any scholarly falsification or any material misrepresentation of education, training, credentials, experience, or area of expertise;
Demonstrate, at all times, commitment, integrity, and professional diligence;
Avoid any action that could appear to be a conflict of interest;
Comply with all lawful orders of courts of competent jurisdiction;
Show no bias with respect to findings or opinions;
Express no opinion with respect to the guilt or innocence of any party;
Not disclose or reveal any confidential or privileged information obtained during an engagement without proper authorization or otherwise ordered by a court of competent jurisdiction;
Examine and consider thoroughly all information (unless specifically limited in scope by court order or other authority) and render opinions and conclusions strictly in accordance with the results and findings obtained using validated and appropriate procedures;
Report or testify truthfully in all matters and not knowingly make any material misrepresentation of information or otherwise withhold any information that, in so doing, might tend to distort the truth;
Accept only engagements for which there is a reasonable expectation of completion with professional competence.
Standards of Professional Conduct:
Integrity and ObjectivityCertificant shall treat all items and information of potential evidentiary value with the care and the control necessary to ensure their integrity.
Prior to accepting any engagement, certificant shall research potential conflicts of interest and shall disclose any potential conflicts of interest to prospective clients, attorneys or to their employer. Any research of potential conflicts shall include, as a minimum and without limitation, the names of the client(s), attorneys, and litigants.
Certificant shall maintain objectivity and independence in fulfilling their professional responsibilities and shall make full, complete and truthful disclosure of the findings to the court, board, submitting agency or client. Certificant shall make no inaccurate or incomplete statements of qualification either during sworn testimony, on CVs, or to their clients or client’s counsel. Certificant shall always conduct his or her self in a manner that maintains or enhances the reputation of the profession.
Certificant shall comply with all laws and/or any lawful order of the courts or other controlling authority, to include, without limitation, any applicable federal, national, state, provincial, or local court decisions, statutes or regulation. Prior to accepting any engagement, certificant shall research in good faith applicable local laws and/or requirements to ensure compliance.
Professional Care and CompetenceCertificant shall be competent and shall not accept engagements for which such competence is lacking. In order to fulfill this obligation, Certificant should have sufficient understanding of the nature of the issue or dispute to the extent necessary to understand the professional requirements of the engagement including the scope of the anticipated work, any limitations thereto, and the responsibilities of all parties. If the scope, limitations, or responsibilities of the parties change materially, certificant shall communicate promptly with the client or employer to reach a new understanding. It may be possible, in some circumstances, to satisfy the requirement of professional competency by means of consultation or referral.
Certificant shall utilize validated and appropriate methods, techniques, standards, and controls to conduct examinations and analyses such that they could be reproduced by another qualified and competent person.
Certificant shall carry out their duties in a professional manner and strive to be worthy of the confidence of the public.
Certificant shall regard and respect their peers with the same standards that they hold for themselves.
Certificant shall continually strive to increase and improve their skills and knowledge and to maintain currency with advances and standards in their profession. Certificant shall complete the minimum requirements for continuing professional education and/or practice experience as required by the DFCB.
Certificant shall ensure that any work performed by assistants shall be adequately supervised and reviewed.
Conclusions and opinions shall be supported by data and information that is relevant, complete, and sufficient.
ConfidentialityWithout proper authorization or otherwise as ordered by a court or proper controlling authority, certificant (and those working under the direction of certification) shall not disclose confidential or privileged information obtained during the course of an engagement, except as required to report or testify truthfully and fully. If a certificant becomes aware of an effort to compel or becomes legally compelled to disclose confidential or privileged information, certificant shall promptly give notice to the client or client’s counsel. With respect to review by professional boards, state licensing boards, regulatory bodies or other similar bodies, such review shall not be precluded by this provision provided the reviewing organization agrees to abide by these confidentiality restrictions and provided the terms of the engagement do not prohibit such review.