PLEASE HELP

This section of the paper talks about the legal requirements that XYZ, Inc. needs to take in consideration before setting up a digital forensic laboratory that may include various accreditations. The goal of a digital forensic laboratory is to provide a safe and secure facility that supports our federal and state agencies and our legal system. Therefore different types of policies and guidelines are required. In addition, quality assurance programs are vital for forensic laboratories. Some of these programs include SWGDE, ASCLD/LAB and ISO 17025. Our team recommends XYZ, Inc keep a closer attention to these programs as they are an essential need of accreditations.

Since XYZ, Inc. is building a new digital forensic laboratory, therefore it will be required to follow all construction codes and standards depending on the location. Each state and county may have different codes to protect general public safety since each building has its own occupancy and environmental requirement. These codes are also known to be the minimum standards of design and implementation. Other than structural requirement, there are no enacted laws that may require having digital forensic laboratory accreditation but it is still a great practice to have a lab with accreditations as it may be required in court of law. There are Federal Statutes to take in consideration including Electronic Communications Privacy Act (ESPA), Cable Communiations Policy Act (CCPA), Patriot Act of 2001, and Privacy Protection Act of 1980 (PPA). Many of these acts do not affect the operation of digital forensic laboratory but there could be a problems or limitation with processing and obtaining information or even touching evidence. For example, due to invasion of privacy, ESPA establishes many limitations for law enforcement agencies to seize and access evidence. In addition, XYZ, Inc. will be required to have many operational policies including administrative policy, security policy, and other standard and procedures required by accreditation programs.

Importance of ASCLD/LAB-

The ASCLD, also known as American Society of Crime Laboratory Directory is a widely used program by many law enforcement agencies, designed to certify various type of forensic labs such as DNA, fingerprint, digital forensic and others based on how each lab is organized and managed. ASCLD was formed in 1973, sponsored by FBI as a non-profit professional society of crime laboratory directors to promote excellence in forensic science field. Through ‘self assessment,’ organizations who had overcome the challenges in improving themselves were later known as American Society of Crime Laboratory Directory/Laboratories Accreditation Board (ASCLD/LAB) (Whitcomb, 2007).

The members of ASCLD/LAB known as ‘Delegate Assembly’ are assigned administrators of accredited laboratory to certify digital evidence forensic lab. According to the ASCLD-LAB official website, the organization offers three different programs of accreditation including “ASCLD/LAB-International Testing Program, ASCLD/LAB-International Breath Alcohol Calibration Program and ACSCLD/LAB Legacy Program” (ASCLD-LAB, n.d). For the purpose of this lab, ASCLD/LAB-International Testing Program will fit for XYZ, Inc. laboratory. Since the program covers accreditation of ‘Digital & Multimedia Evidence’ testing. In addition, the program is based on ISO/IEC 17025:2005, supplemental requirement, and policies and guidelines stated under ASCLD Manual 2008.

Role of ISO/IEC 17025:2005-

ISO/IEC 17025:2005 is also an accreditation program for forensic laboratories and it has been adopted by ASCLD. Many international communities’s including U.S, U.K, Germany and others, highly support the program due to the general requirements for carrying out testing using laboratory assigned methods. Combination of ASCLD and ISO/IEC 17025:2005 has re-categorized ASCLD standards and made things that were “important” are now known as “essential” for accreditation. It is important to understand the requirements of the programs including “management requirement, document control, subcontracting tests and calibrations, service to the customer, corrective action, prevention actions, internal audits, and measurement traceability and many others” (Jones & Valli, 2009, pp. 267). These requirements means to report any types of changes in management level, qualifications, proficiency tested personnel’s, annual audit logs, and other measurable standards and policies.

Use of SWGDE and NIST-

Scientific Working Group on Digital Evidence (SWGDE) and National Information Security Technology (NIST) Handbook 150 are some procedures and general guidelines that XYZ, Inc. may want to consider for quality control. The purpose of SWGDE is to provide guidelines and instructions to maintain credibility and quality assurance via Quality Assurance Manual (QAM) for laboratories performing digital forensic examinations (SWGDE, 2012, Ver.3.0). It is important to know that QAM may be required for digital forensic lab to receive accreditation of ASCLD/LAB and ISO/IEC 17025:2005. To ensure quality control process under SWGDE laboratory manual, management and technical requirements are required to meet level of accreditation under ISO/IEC 17025. These requirements are also mentioned above. Lastly, NIST Handbook 150 has come up with some general guidelines and requirement under National Voluntary Laboratory Accreditation Program (NVLAP) for proficiency testing. This program does not provide accreditation and guidelines can be amended based on individual lab needs to improve proficiency (NIST Handbook 150, 2006). NVLAP guidelines do take in consideration of ISO/IEC 17043 and it is consistent with international standards.

How to Apply for ACLD/LAB accreditation-

References: