Thursday, March 07, 2013

March 2013

As usual making some new planning and development with three highlights of this month

1. Currently I am working on a Research and Development plan for Digital Evidence and Biometrics in forensic science. When writing down the issues,  there seem to exist some paradoxes in the forensics and creativity of humans.We have the risk paradox, risks have to be taken to develop a new method which fits also in agile careers, and besides that we also have the automation paradox as we saw in airline industry. If we would like to have the newest methods implemented by engineers and scientist, we always take some risk. Mostly in forensic science this will be covered by validation and verification experiments in the real world, though sometimes judges ask for methods that are experimental and not completely validated yet (this should always be stated in the report).

2. For ENFSI new best practice guides are developed in many different field. Sometimes people ask me best practice, does it mean good practice or the best practice. Of course in reality it means good practice, however best practice is a management term which is used in ISO 9000. We try to write best practice as such, to the best effort we have. Smart practice is another means of making it more efficient for a lower price, however in forensic science this is not often used to my knowledge, since the goal is minimizing the errors in the findings. Best practice methods can change from one day on another due to rapid developments, and certainly in digital evidence.

3. When looking in my website  www.forensic.to I see that there appear to happen more sophisticated attacks to the website itself and they also try to make some exploits for mobile phones. So I used some additional shields, mostly it appears to be iframe-injection and vulnerabilities in old scripts that I have used, so I have updated all of them. I also see that the attacks are becoming better, since they appear to be adapt quickly to some filtering methods I use. For that reason I use a combination of off the shelf methods and own developments. Intelligent logging analysis methods remain important to use to watch exploits that are not yet detected by commercial software, so it keeps me busy :)