Rules of professional responsibility in digital forensics

Journal of Digital Forensics, Journal of Digital Forensics,

Security and Law Security and Law

Volume 10 Number 2 Article 3

2015

Rules of professional responsibility in digital forensics: A Rules of professional responsibility in digital forensics: A

comparative analysis comparative analysis

Filipo Sharevski Purdue University

Follow this and additional works at: https://commons.erau.edu/jdfsl

Part of the Computer Engineering Commons, Computer Law Commons, Electrical and Computer

Engineering Commons, Forensic Science and Technology Commons, and the Information Security

Commons

Recommended Citation Recommended Citation Sharevski, Filipo (2015) "Rules of professional responsibility in digital forensics: A comparative analysis," Journal of Digital Forensics, Security and Law: Vol. 10 : No. 2 , Article 3. DOI: https://doi.org/10.15394/jdfsl.2015.1201 Available at: https://commons.erau.edu/jdfsl/vol10/iss2/3

This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of Scholarly Commons. For more information, please contact [email protected].

(c)ADFSL

http://commons.erau.edu/jdfsl

http://commons.erau.edu/jdfsl

https://commons.erau.edu/jdfsl

https://commons.erau.edu/jdfsl

https://commons.erau.edu/jdfsl/vol10

https://commons.erau.edu/jdfsl/vol10/iss2

https://commons.erau.edu/jdfsl/vol10/iss2/3

https://commons.erau.edu/jdfsl?utm_source=commons.erau.edu%2Fjdfsl%2Fvol10%2Fiss2%2F3&utm_medium=PDF&utm_campaign=PDFCoverPages

http://network.bepress.com/hgg/discipline/258?utm_source=commons.erau.edu%2Fjdfsl%2Fvol10%2Fiss2%2F3&utm_medium=PDF&utm_campaign=PDFCoverPages







https://doi.org/10.15394/jdfsl.2015.1201

https://commons.erau.edu/jdfsl/vol10/iss2/3?utm_source=commons.erau.edu%2Fjdfsl%2Fvol10%2Fiss2%2F3&utm_medium=PDF&utm_campaign=PDFCoverPages

mailto:[email protected]

http://commons.erau.edu/

http://commons.erau.edu/

/creativecommons.org/licenses/by-nc-nd/4.0/

/creativecommons.org/licenses/by-nc-nd/4.0/

Rules of Professional Responsibility in Digital Forensics –… JDFSL V10N2

© 2015 ADFSL Page 39

RULES OF PROFESSIONAL RESPONSIBILITYIN DIGITAL FORENSICS – A COMPARATIVE

ANALYSISFilipo Sharevski

Department of Computer and Information TechnologyCollege of Technology

Purdue UniversityWest Lafayette, IN, 47906

[email protected]

ABSTRACTThe Committee on Identifying the Needs of Forensic Sciences Community (2009) accentuates theestablishment of a uniform code of ethics emphasizing the importance of enforceability instrengthening the role that the forensic science plays within the criminal justice system. Equallypertinent to the domain of digital forensics, this imperative entails a research commitment incomparing and contrasting the respective codes of ethics to illustrate their variety, specificity andenforceability to inform the discussion on the associated regulative aspects. Accordingly, thispaper reviews the professional regulation inaugurated in both the US and international digitalforensics arena giving a detailed perspective on the consolidation of the practice.Keywords: digital forensics code of ethics, digital forensics professional standards of conduct

1. INTRODUCTIONUnderstood as a “convention amongprofessionals”, the coequal purpose inestablishing a code of ethics is to protectforensic community members from certainpressures and consequences of the professionand serve as a collective recognition of theirresponsibilities, while providing rationalsanctioning reference when the establishedprofessional norms are violated (Barnett, 2001;Bowen, 2009; Davis, 1991). Despite thenecessity of a normative regulation, theoperationalization of the proclaimedprescriptions remains an issue of concern since“most forensic disciplines still lack anyconsistent structure for the enforcement of‘better practices,’ operating standards, andcertification and accreditation programs

(Committee on Identifying the Needs of theForensics Sciences Community, 2009, p. 214).In response to this challenge, the NationalResearch Council (NRC) in its report on thestatus of forensics discipline recommendsestablishment of a national code of ethics forall forensic science disciplines and mechanismsof enforcement through a certification process.

While the full realization of this imperativeis a subject of an extensive discussion amongthe forensics community, useful argumentationcontributing to this engagement is acomparative revision of the current professionalresponsibility regulation present in differentforensic societies. Being one of the youngestforensic sciences rapidly unfolding domain ofapplication (Casey, 2011; InternationalStandardization Organization, 2014b), digitalforensics are particularly interesting for such

JDFSL V10N2 Rules of Professional Responsibility in Digital Forensics –…

Page 40 © 2015 ADFSL

a research commitment. Recognizing theimportance of the digital forensic ethics,Bassett, Bass, & Brien (2006) underline that“the computer forensics requires a well-balanced combination of technical skills, legalacumen, and ethical conduct,” knowing thatforensic practice frequently entails facingethical dilemmas. However, the lack of aunified governing body regulating the practiceamong the digital forensics societies (Casey,2011) underlines the impression that the“widespread coverage, harmonization andenforceability” aspects of the digital forensicscodes of ethics are still unaddressed(Harrington, 2011). Addressing exactly theseissues of concern, the reminder of the paperprovides a comparative assessment of the codescurrently regulating the professionalresponsibility as established by the mostprominent domestic and international digitalforensics certification and trainingorganizations. Following the contours outliningthe course of the basic professional behaviorgiven in the second part, the third sectionbrings the analysis of the digital forensics codesof ethics by contrasting them against theprescriptive comprehensiveness, scientificmethod, examination and interpretation,adversary presentation, and general practiceand profession (Melson, 2012). Theenforceability is approached in the fourthsection, discussing the incentives driving theoperational regulation in the digital forensicsarena. The paper concludes with a perspectiveon the regulative consolidation steaming out ofthe central analysis.

2. RELATED WORKThe ethical conceptualization being closest tothe digital context of the forensics practice iscomprehensively elaborated by both Barnett(2001) and Bowen (2009). Focusing on thenecessity of the professional standards andprotocols in the forensic sciences, Barnett

(2001) arguments their importance notingthat they unequivocally define the relationshipbetween the criminal justice system as aconsumer and the practitioners as providers offorensic services in that the latter consider andemploy the “entire gamut of scientific methodsand tools that could resolve the issues relevantto the proceedings”, while the previousevaluate the process for yielding the forensicproducts and their admissibility according todefined rules of evidence, being respectively theDaubert and Lorraine models in the case of thedigital forensics (Federal Judicial Center,2011). As a stronghold for the forensicprofessionalism, Barnett (2001) furtherdiscusses the development process of codes ofethics, detailing several comprehensive primers(while noting the lack of nationally recognizedand accepted one)–including the codes of ethicsestablished by the American Academy ofForensic Sciences (2013), American Board ofCriminalistics (2013) and the CaliforniaAssotiation of Criminalists (2010) –and thecomplementary policies and procedures thatdeal with the issue of enforceability andsanctioning. Completing the elaboration,Barnett (2001) outlines the ethicalrequirements in terms of competence,thoroughness, relevance, reviewability anddisclosure, while in the same time highlightingthe threats of ethical conflicts raising related tothe professional practice and technicalcompetence. Extending the discussion further,Bowen (2009) thoroughly explicates themotivation and justification of an actualethical misbehavior, providing case studiesinvolving selective bias, dishonesty, conflicts ofconscience and commitment, contingency, andfavoritism. On this basis, Bowen (2009) sets themain accent on the structuring process for theforensics code of ethics–borrowing heavily fromBarnett (2001)–and the ethical approach toforensic professionalism, providing, in additionwith a research data on the ethical concerns,



examples of unethical behavior, and training inethics.

Cognizant of the need for structuring acode of ethics specially tailored for the digitalforensic professionals, Gay (2012) tries toextend both Barnett's (2001) and Bowen's(2009) conceptualizations by proposing a set ofprinciples and precepts for the practitionersworking in the private sector. However, Gay(2012) fails to provide a strong ethicalreference generally applicable in the digitalforensics realm, mainly because it misses tocompare and extrapolate all the essentialprovisions from the currently valid regulativeexemplars. By the same token, Harrington(2011) discusses the collaboration between thelegal representatives and the digital forensicexperts, focusing mainly on the ethical aspects.Analyzing the ethical rules that govern thedigital forensic investigation, Harrington(2011) reviews several digital forensics codes ofconduct, concluding that “although mostdigital forensics organizations do impose a codeof ethics as a condition of membership, thereis little known about frequency ofenforcement, efficacy of enforcement, or ethicsawareness among the membership” (p. 357).Beyond these efforts, no useful contributionstowards the imperative of the particularresearch commitment exits. Given thededication in contrasting digital forensics codesof ethics as to illustrate the “variety, specificityand enforceability” among them, themethodological approach can hardly borrowuseful directions from these works. Therefore,the comparative assessment follows the schemeinitially developed by Saks (1989) andextensively operationalized by Melson (2012)in reviewing the status of ethical regulationconcerning the forensic practice. Reviewing andanalyzing the “current status of ethics codes inprofessional organizations, both in US andinternational”, Melson (2012) illustrates “thevariety, specificity and enforceability of these

codes” by cataloging the provisions in sevendifferent categories: “(1) ethical considerations;(2) scientific method; (3) examination andconclusion; (4) adversary presentation; (5)general practice; (6) professional conduct; (7)additional provisions”. Towards theenforcement of the misconduct allegations,Melson (2012) analyzes the codes’enforceability and the imposition of sanction,as a considerably important regulatory aspectof the forensic practice. An analogousillustration of the digital forensics codes ofethics is provided in Tables 2 = 8 (seeAppendix).

3. COMPARATIVEANALYSIS OF THE

DIGITAL FORENSICSCODES OF ETHICS

The responsibility of the digital forensicsprofessional regulation is left into the hands ofvarious certification entities or professionaldigital forensic societies. Corroborating theinitial premise outlined in the NRC report,Table 1 brings a representative sample of codesof ethics specially developed for the digitalforensic science1 together with the codes ofethics of the leading forensics organizations.The particular set includes the codesestablished by the AAFS, ABC and CAC as toenable logical coherence with Barnett's (2001)and Bowen's (2009) concepts, and in the sametime to provide a reference in contrasting thecodes purported to regulate the digital forensic

1 (Consortium of Digital Forensic Specialists, 2013;Cybersecurity Institute, 2013; Digital ForensicsCertification Board, 2008; EC-Council, 2013; HighTechnology Crime Investigation Association, 2013;International Association of Computer InvestigationSpecialists, 2013; SANS Institute, 2013; TheAmerican Society of Digital Forensics andeDiscovery, 2013; The International Society ofForensic Computer Examiners, 2013)



practice. This group includes US- (ASDFD,CDFC, CI, DFCB, ECC, SANS) andinternational-based (HTCIA, IACIS, ISFCE)digital forensics organizations, accenting thepractice towards which the NRCrecommendation is directed. Though somewhatsubjective in the nature, the initial contrastingsuggests disparate level of specificity,irrespectively to the domain of operation–whileDFCB and ISFCE detail the ethical conceptsto a greater level, the rest of societies devotemoderate to brief attention. However, thecomparison as of the number of precepts tellslittle about the contextual relevance of thecodes, i.e., the commonality between them orthe enforceability in action. Therefore, codes’prescripts are further contrasted over the samedimensions used in Melson (2012) as to betterilluminate the undertaken analytical effort.

3.1 A Comparison in Respect toMain Provisions

The catalogue of the codes subdivided by theethical considerations and depicted in Table 2indicates high similitude relative to theprofessional diligence, competency,qualification, confidentiality, examination andanalysis, and reporting segments. This isintuitively rational, knowing that the digitalforensic practice resembles with both thegeneral praxis and the universal professionalconduct. However, some of the codes remainsilent respective to the testimony (CI, ECC,HTCIA, IACIS, SANS), conflict of interest(HTCIA, IACIS), financial stakes (DFCB,ECC, HTCIA, IACIS, SANS), responsibility toclient (ASDFD, CDFS, HTCIA, IACIS) andlawful compliance (HTCIA, IACIS, SANS).Considered in conjunction with the similarcomparison including the AAFS, ABC, andCAC code given in (Melson, 2012), theimpression holds that the US-based societiesare more explicit in distinguishing the “threatsto the professional misconduct” (Barnett, 2001)

while remaining coherent with the sine quanon codes for the forensic practice (except forthe ISFCE code, which potentially can serve asan additional reference of the professionalregulation). Relating to the main imperative,Table 2 suggests that explicit precepts areadditionally needed in detailing what theexpert wittiness role entails, what constitutesconflict of interest and how should be resolved,the manner in which the reports need to betailored as to establish legal compliance andthe professional stakes in the relationship withthe service consumers.

3.2 A Comparison in Respect toScientific Method

Table 3 brings the comparison relative to thescientific method underpinning the digitalforensics investigative process. The betterrelative explicitness mainly of the DFCB andCI codes against the international ones draws ajustification in the precedent nature of thecriminal justice system in the US, where thefederal rules of evidence (Federal JudicialCenter, 2011) tend to frequently causedilemmas about the juristic conditioning of theforensic products due to incorrectinterpretation precedent to different cases andunder different circumstances (Ham &Davidoff, 2012). Notwithstanding this fact, thegeneral impression is that the interpretationbias needs dedicated section as to explicate thethreat and the consequences in diminishingboth the evidentiary value and the credibilityof the profession at all. Same conclusion holdsfor the investigative methodological path towhich the forensic process standardizationguidelines (International StandardizationOrganization, 2012, 2014b) might serve as auseful reference. A segment of immediateattention is the one concerning the proficiencymaintenance among the professionals. Sincethe societies offer different certification andtraining courses in digital forensics, at least a



general frame on the professional training andeducation needs to detail the necessaryknowledge units for each of the digital forensicssubdomains in order to harmonize the content

covering various educational tracks. A goodstarting point on this topic can be found in(Bird & Cheah, 2014; Lang, Bashir, Campbell,& DeStefano, 2014).

Table 1Explicitness of the codes of ethics relevant to the digital forensics practice

Number of provisionsOrganization 1-10 11-20 21 or more

American Academy of Forensic Science (AAFS)

American Board of Criminalistics (ABC)

American Society of Digital Forensics and e-discovery (ASDFD)

California Association of Criminalists (CAC)

Consortium of Digital Forensic Specialists (CDFS)

Cybersecurity Institute (CI)

Digital Forensics Certification Board (DFCB)

EC-Council (ECC)

High Technology Crime Investigation Association (HTCIA)

International Association of Computer Investigation Specialists(IACIS)

SANS Institute (SANS)

International Society of Forensic Computer Examiners (ISFCE)

3.3 A Comparison in Respect toExamination and Conclusion

In regards to the examination and conclusioncomparison given in Table 4, most of thedomestic codes–in contrast to the internationalones–only prescribe use of proven and acceptedmethods, without explicit notion on what isconsidered under “sufficient examination andinterpretation” (Saks, 1989). A goodalternative in striking balance between thecodes’ flexibility and explicitness when itcomes to examination and interpretation arethe guidelines provided by the InternationalStandardization Organization (2014a),complemented with the concept of“conclusions, qualifications and certaintyconveyance” of the practical investigative

methodology using the likelihood-ratio orcertainty scale, expressing the “degree ofsupport for one of the alternative hypothesesrelative to the interpretation of the evidentiaryweight” (Association of Forensic ScienceProviders, 2009; Casey, 2011). The regulationmight also extend towards expressing theinvestigative results, given the extensive set ofpotential outcomes and the threat of dataalternation or elimination especially inenvironments with a high degree of volatility.Considering also the threat to the resultantinterpretations imposed by the anti-forensicsactions (Simmons, Jones, & Simmons, 2011),the regulative aspects might provide thecontours of an investigative strategy thatincorporates both the hypothesis-basedapproach (Carrier, 2006; Casey, 2011) and the



often necessary real-time digital forensics triage(Roussev, Quates, & Martell, 2013). Byabstracting the characteristics of theinvestigative strategy, the deviations from theaccepted norms identified with theinterpretative bias, contingency and favoritismcan be more easily recognized and eliminated.

3.4 A Comparison in Respect toAdversary Presentation

When it comes to adversary presentation,digital forensics codes of ethics prescribe onlyactions for disclosing exculpatory findingswhen the prosecution is not going to makedisclosure and permit giving opinions onmatters not subjected to formal examination(except CI’s code, which explicitly prohibitsleaving false impressions in the minds of factfinders), as depicted in Table 5. Compared tothe respective regulation in the other forensicsciences (Melson, 2012), digital forensicsorganizations have not prescribed any similaractions in conveying the findings in clear andunderstandable manner, implanting falseimpressions in assisting case contestants andgiving more weight to the testimony than isdue. In improving the quality of the deliveredproducts by mastering the compliance with theDauber and Lorraine models (Federal Rules ofEvidence, 2011), these segments certainly havethe catalyzing effect on the maturation of theoperative investigation process (Saleem, Popov,& Bagilli, 2014). Therefore, the regulativeadaptation of postulates outlining thecourtroom presentation of the investigativefindings (Smith & Kenneally, 2008) is anutmost objective for the digital forensicssocieties, which in turn also contributes to thecentral imperative in that it reveals the specificarguments used in presenting and juristicallycommunicating non-physical evidentiary data.

3.5 A Comparison in Respect toGeneral Practice and Profession

The comparison focused on the generalpractice and profession provided in Tables 6and 7, respectively, suggests that most of thedigital forensics codes of ethics have disparateapproaches towards the professional obedienceand professional improvement. Except DFCBand CI, none of the others has addressed there-examination of the peer practitioners andaction for taking undue credit. Only CDFScode explicitly addresses the aspects ofprofessional misconduct reporting andexpelling of members convicted of felonieswhile none of the codes requires reporting ofinvalid and unreliable methods or anydiscoveries or developments from the societymembers. On the good side when it comes tothe development of the profession, CDFS, CI,DFCB ECC and HTCIA clearly encouragecooperation in improvement through research.Whilst the research initiative certainly is agood attribute that shall be translated in thegeneral forensics practice, the absence ofprescripts regulating the professionalmisconduct can have negative effect not juston the credibility of the societies and their rolewithin the criminal justice system, butmoreover can hinder the very determinationfor discipline development. As to overcome thisdrawback and provide an enforceabilityreference, digital forensics communities have tofirst define which actions qualify as misconductof the professionals investigating computer-related/cybercrimes–for which a usefulreference can be found in the general forensicsand information security arena (Barnett, 2001;Greenwald, Snow, Ford, & Thieme, 2008)–andthen incorporate provisions that will protectthemselves from both intentional andunintentional wrongdoing.

3.6 A Comparison in Respect toAdditional Provisions

As in the other forensics branches (Melson,2012), the field of digital forensics identifies the



practice with additional provisions in respectto the evidence integrity, confidentiality andlawful compliance, as depicted in Table 8.Being extremely fragile in its very nature(Saleem et al., 2014), digital evidence integritypreservation is expected to be leading postulateof the associated practice, though not all of thesocieties (i.e., ASDFD, CDFS and IACIS)explicitly require to guide the investigativeoperations in this manner. The same holds truefor the independence and impartibility aspectsof the professional conduct, where only DFCB,ECC and SANS have separate prescriptsconfronting the interpretation bias. Knowingthat these attributes are presupposed to bemaintained by every serious digital forensicsprofessional, their central place within the codeof ethics should indisputably be guaranteed.These aspects of the professional conduct–asincorporated also in the federal rules ofevidence (Solomon & Hackett, 1996)–is whataccents the credibility of the digital forensicssocieties within the criminal justice system(Smith & Kenneally, 2008), thus a furtherconsolidation is needed in this context. Inaddition, Table 8 also suggests that only halfof the US-based societies (ASDFD, CDFS, andCI) and none of the international ones requirefrom their members not to impose contingencyfees for their service, corroborating the sametrend of non-uniformity depicted in Table 2 inthe case of conflict of interest, lawfulcompliance, and responsibility to clients.

4. ENFORCEABILITY OFTHE DIGITAL

FORENSICS CODES OFETHICS

Recalling the main purpose of the professionalregulation, digital forensic societies areexpected to have separate by-laws thatregulate the actions taken upon professional

misconduct2. However, the mere existence ofan enforceability policy and processes–focusedon the investigation of an alleged ethical code’sviolations (Melson, 2012, p. 115)–does notimply that their execution, i.e. the actualenforcement, is a course of action rigidlyfollowed by the forensics societies. While thepurpose of the enforcement is mainly to“emphasize the importance of the ethicaldecision making in practice, promote the endsof justice and protect the reputation of theassociation” (Melson, 2012), the associatedactions of collecting evidence supporting themisconduct, determining an actual violation ofthe code of ethics, hearing and imposingsanctions, and handling reinstatementprocedures necessitates executional capacitythat very few forensics organizations possess.The reason for missing an actual link betweenthe enforceability and the enforcement withinthe forensics arena might be traced to twomain factors. First, the overall process forinstantiating and processing a case ofprofessional misconduct (including the right toappeal for the accused parties) can be costlyand overburdening process for most of thesocieties, given their limited financial andhuman resources. Second, even if such aproceeding is brought to a conclusion, thedetermination of the appropriate sanction is adifficult task, since the forensics organizationneeds to establish balance between the assuringof high standards for professional behavior andthe ability to withstand the consequences ofthe imposed sanctions. Afraid of a negativeimpact in terms of financial loss, reputationdamage or similar, many organizations arereluctant to expulse or decertify theirmembers, go public with such matters, or takeactions to reprove the violating member.

2 An extensive elaboration on all the actionsconsidered as forensics misconduct is given in(Goodstein, 2002).



Not surprisingly, most of the assesseddigital forensic organizations here have notestablished strict by-laws as of theenforceability of their codes of ethics, despitethat most have covered a substantive set ofactions “qualifying as serious deviations fromthe accepted practice” (Goodstein, 2002).Except CDFS, SANS and ISFCE–which havemade enforcement arrangements onlyrespective to the decertification or licenserevocation–the represented digital forensicscommunity is not strongly advocating asanctioning course of action in “gatekeeping therightful practice” (Goodstein, 2002; Melson,2012). The abovementioned rationale indeedholds true in this case–due to their small size,limited recourses and not yet accumulatedexperience in recognizing the complexity of theprofessional misconduct and appropriatedealing with it, digital forensics societies areeither not taking any actions at all or limitthemselves only to revoking the license orcertificate of the violating member. Building afull professional gatekeeping capacity follows along process of maturation as evidenced withthe actual cases of ethical misconductlitigations (Bowen, 2009; Melson, 2012), so it islikely to expect that the relatively youngdigital forensics community at this pointcounters the unethical behavior only by thepersuasive nature of the regulating codes ofethics and peer practitioner pressure (assuggested in Table 7). However, the futureactions in concordance with the other forensicscommunities as recommended by theCommittee on Identifying the Needs of theForensics Sciences Community (2009) shoulddevelop policies and procedures detailing theoverall process of enforcement, as in the otherforensic institutions, for example the AAFS,ABC, and CAC (Barnett, 2001; Bowen, 2009).

5. CONCLUSIONAligning the perspective on the digitalforensics professional conduct regulation with

the recommendation of the Committee onIdentifying the Needs of the Forensics SciencesCommunity (2009), several observationsdeserve immediate attention. Regarding themain prescripts for professional behavior, thedomestic digital forensic societies have tocapitalize the experience of their peerorganizations (Barnett, 2001) in detailing theconflict of interest together with the profile ofdigital forensics expert witness and its rolewithin the criminal justice system, which inturn brings them the leading position inestablishing the professional standards for thedigital forensics practice on an internationallevel. This is equally valid for the formalabstraction of the investigative methodologyand the importance of the continuousproficiency improvement in eliminating theinterpretation bias, producing highlyadmissible forensics products, andcommunicating them clearly in the courtroom.As of the general practice and profession, theforensics consolidation might in fact benefitfrom the digital forensics codes of ethics, giventhat the community itself is explicitlyencouraging improvement of the practicethrough research cooperation. However, in areverse direction, digital forensic societies needto fortify their position on the independenceand impartibility, and the financial aspects inproviding the professional service similarly astheir peers.

The enforceability and actual enforcementof the instituted norms are tightly related tothe varieties and specificities of therepresentative codes of digital forensicsprofessional behavior. Although non-uniformly,digital forensics societies are aware of theimportance of having policies and proceduresfor handling professional misconduct, whichmainly impose sanctions such as licenserevocation or decertification. Still, digitalforensics community is in the process ofbuilding enforcement capacity in fully



responding to the threat of professionaldeviations. Nonetheless, being this a long andresource consumptive engagement, digitalforensics discipline has the benefit of therelative experience from the other forensicpeers in extending and augmenting theprofessional regulation (Bowen, 2009; Melson,2012). In sum, digital forensics maintains arelatively good position respective to theimperative for working under unified forensicscode of ethics. Certainly, several segments canbe subjected for further improvements, but theset of references and experiences from the otherforensic sciences–as pointed through theforgoing sections–provide a good starting pointin extending the research commitment in thisdirection.



REFERENCESAmerican Academy of Forensic Sciences.

(2013). Code of Ethics and Conduct. AAFSBylaws. Retrieved fromhttp://www.aafs.org/aafs-bylaws#Art2

American Board of Criminalistics. (2013).Rules of Professional Conduct. ABCBylaws.

Association of Forensic Science Providers.(2009). Science and Justice Standards forthe formulation of evaluative forensicscience expert opinion. Science & Justice,49(3), 161-164.doi:10.1016/j.scijus.2009.07.004

Barnett, P. D. (2001). Ethics in ForensicScience: Professional Standards for thePractice of Criminalistics. Boca Raton,FL: CRC Press.

Bassett, R., Bass, L., & Brien, P. O. (2006).Computer Forensics : An EssentialIngredient for Cyber Security. Journal ofInformation Science and Technology, 3(1),22-32.

Bird, R., & Cheah, M. (2014). TheDevelopment of Constructive Alignment inActivity Led Learning and Assessment ofDigital Forensics. In Proceedings of theWestern Canadian Conference onComputing Education, 1-6. New York:ACM Press.

Bowen, R. (2009). Ethics and the Practice ofForensic Science (International ForensicScience and Investigation). Boca Raton,FL: CRC Press.

California Assotiation of Criminalists. (2010).Code of Ethics (Vol. 1985). Retrieved fromhttp://www.cacnews.org/membership/handbook.shtml

Carrier, B. (2006). A hypothesis-based

approach to digital forensic investigations.Purdue University. Retrieved fromhttp://search.proquest.com/docview/305266774?accountid=13360. (305266774).

Casey, E. (2011). Digital Evidence andComputer Crime, 3rd ed. Waltham, MA:Elsevier.

Committee on Identifying the Needs of theForensics Sciences Community. (2009).Strengthening Forensic Science in theUnited States: A Path Forward.Washington D.C. Retrieved fromhttps://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf

Consortium of Digital Forensic Specialists.(2013). Code of Ethics. Retrieved fromhttp://www.cdfs.org/documents/CDFS_Code_of_Ethics_January_2013.pdf

Cybersecurity Institute. (2013). Code of Ethicsand Conduct. Code of Ethics and Conduct.Retrieved fromhttp://www.cybersecurityinstitute.biz/training/ethicsconduct.htm

Davis, M. (1991). Thinking Like an Engineer :The Place of a Code of Ethics in thePractice of a Profession. Philosophy andPublic Affairs, 20(2), 150-167.

Digital Forensics Certification Board. (2008).Code of Ethics and Standards ofProfessional Conduct. Retrieved fromhttp://www.dfcb.org/certification.html

EC-Council. (2013). Code of Ethics. Code ofEthics. Retrieved fromhttps://www.eccouncil.org/Support/code-of-ethics

Federal Judicial Center. (2011). ReferenceManual on Scientific Evidence, 3rd ed.Washington D.C.



Federal Rules of Evidence. (2011). Rule 402.General Admissability of RelevantEvidence. Retrieved fromhttp://www.law.cornell.edu/rules/fre/rule_402

Gay, J. R. (2012). A Code of Conduct forComputer Forensic Investigator. Universityof East London.

Goodstein, B. D. (2002). Scientific Misconduct.Academe, 88(1), 28-31.

Greenwald, S. J., Snow, B. D., Ford, R., &Thieme, R. (2008). Towards an EthicalCode for Information Security? InProceedings of the 2008 workshop on Newsecurity paradigm, 75-87.

Ham, J., & Davidoff, S. (2012). NetworkForensics: Tracing Hackers ThorughCyberspace. Upper Saddle River, NewJersey: Prentice Hall.

Harrington, S. L. (2011). Collaborating with aDigital Forensics Expert: Ultimate Tag-Team or Disastrous duo? William MitchellLaw Review, 38(1), 353-396.

High Technology Crime InvestigationAssociation. (2013). Code of Ethics. Codeof Ethics and Bylaws. Retrieved fromhttp://www.htcia.org/code-of-ethics-bylaws/

International Association of ComputerInvestigation Specialists. (2013). Code ofConduct. IACIS membership. Retrievedfromhttp://www.iacis.com/membership/overview

International Standardization Organization.(2012). ISO/IEC 27037:2012 guidelines foridentification, collection, acquisition andpreservation of digital evidence. Retrievedfrom http://www.iso.org/

International Standardization Organization.(2014a). ISO/IEC 27042 -- Guidelines for

the analysis and interpretation of digitalevidence. Geneva, Switzerland. Retrievedfrom http://www.iso.org/

International Standardization Organization.(2014b). ISO/IEC 27043 -- Incidentinvestigation principles and processes.Geneva, Switzerland. Retrieved fromhttp://www.iso.org/

Lang, A., Bashir, M., Campbell, R., &DeStefano, L. (2014). Developing a newdigital forensics curriculum. DigitalInvestigation, 11(1), S76-S84.doi:10.1016/j.diin.2014.05.008

Melson, K. E. (2012). Codes of Ethics inForensic Science Societies: TheOrganizational Parameters of Morality andConduct. In J. C. Upshaw Downs (Ed.),Ethics in Forensic Science, 81-135. NewYork: Elsevier.

Roussev, V., Quates, C., & Martell, R. (2013).Real-time digital forensics and triage.Digital Investigation, 10(2), 158-167.doi:10.1016/j.diin.2013.02.001

Saks, J. (1989). Prevalence and Impact ofEthical Problems in Forensic Science.Journal of Forensic Sciences, 34(3), 772-793.

Saleem, S., Popov, O., & Bagilli, I. (2014).Extended Abstract Digital Forensics Modelwith Preservation and Protection asUmbrella Principles. Procedia ComputerScience, 35, 812-821.doi:10.1016/j.procs.2014.08.246

SANS Institute. (2013). Code of Ethics. GlobalInformation Assurance Certification.Retrieved from http://computer-forensics.sans.org/certification/ethics

Simmons, C., Jones, D., & Simmons, L. (2011).A Framework and Demo for PreventingAnti-Computer Forensics. Issues inInformation Systems, XII(1), 366-372.



Smith, F. C., & Kenneally, E. E. (2008).Electronic Evidence and Digital ForensicsTestimony in Court. In J. J. Barbara(Ed.), Handbook of Digital and MultimediaForensic Evidence, 1st ed., 103-132.Totowa, New Jersey: Humana Press Inc.

Solomon, S. M., & Hackett, E. J. (1996).Setting Boundaries between Science andLaw: Lessons from Daubert v. Merrell DowPharmaceuticals, Inc. Science, Technology& Human Values, 21(2), 131-156.

The American Society of Digital Forensics andeDiscovery. (2013). Code of Ethics. Ethicsand Code of Conduct. Retrieved fromhttps://asdfed.com/domain3

The International Society of ForensicComputer Examiners. (2013). Code ofEthics and Professional Responsibility.Certified Computer Examiner -- HighForensic Standards. Retrieved fromhttp://www.isfce.com/ethics2.htm



APPENDIXTable 2Sub-categorization of the digital forensics codes of ethics in respect to the ethical considerations.Partially adapted from (Melson, 2012; Saks, 1989)

Digital Forensics Organization

Ethicalconsiderations

ASDFD CDFS CI DFCB ECC HTCIA IACIS SANS ISFCE

Professionaldiligence

Competency

Qualification

Examination andanalysis

Testimony

Conflict of interest

Reporting

Financial stakes

Responsibility toclient

Lawful compliance

Table 3A comparison of the digital forensics codes of ethics provisions relating to the scientific method


Scientific method ASDFD CDFS CI DFCB ECC HTCIA IACIS SANS ISFCE

Should be unbiased, minimumanticipation of what results shouldbe, maintain rigid impartiality

Not bolster conclusions by usingunwarranted and superfluous tests

Not use “secret” methods orprocesses, not open to scrutiny

Insist upon representative andreliable materials on which toperform examination

Not use unreliable, unproven, ordiscredited procedures

Keep abreast of new developments

Keep skills sharp, participate inproficiency testing



Table 4A comparison of the digital forensics codes of ethics relating to the examination and conclusion


Examination and conclusion ASDFD CDFS CI DFCB ECC HTCIA IACIS SANS ISFCE

Should use proven and acceptedmethods

Should do sufficiently thoroughexamination

Should not knowingly distorttests or interpretations of them

Should not go beyond owncompetence

Where results are capable ofalternative interpretations, notselect the one favoring the sideby which he or she is employed

Table 5A comparison of the digital forensics codes of ethics relating to the adversary presentation


Adversary presentation ASDFD CDFS CI DFCB ECC HTCIA IACIS SANS ISFCE

Be available for pre-trialinterviews with bothprosecution and defenseattorneys

Disclose exculpatory findings tothe court if it appearsprosecution is not going to makedisclosure

Not give opinions on matters notsubjected to formal examination

Not leave false impressions inthe minds of fact finders

Not testify in a way that wins itmore weight than it is due

Should see to it that the courtunderstands the evidence as it is

Not assist the contestants in acase in implanting falseimpressions

Not confuse or concealconcepts from fact finders



Table 6A comparison of the digital forensics codes of ethics relating to the general practice


General practice ASDFD CDFS CI DFCB ECC HTCIA IACIS SANS ISFCE

Should be willing to re-examineevidence submitted by anotherforensic scientist; however,should try to resolve discrepancybefore case goes to trial;

Members convicted of felonies orother crimes can be expelled

Table 7A comparison of the digital forensics codes of ethics relating to the profession


Profession ASDFD CDFS CI DFCB ECC HTCIA IACIS SANS ISFCE

Should make new discoveries anddevelopments widely known

Should cooperate inimprovement through research

Direct attention to methods whichappear invalid or unreliable

Refrain from seeking personalpublicity

Should not take undue credit Bring to the attention forensicscientist who has committedserious or frequent infractions

Table 8A comparison of the digital forensics codes of ethics - additional provisions


Additional provisions ASDFD CDFS CI DFCB ECC HTCIA IACIS SANS ISFCE

Treat evidence with care tomaintain integrity

Confidentiality

Maintain attitude ofindependence and impartialityto inspire confidence by public

Contingency fees



Documents

Rules of professional responsibility in digital forensics