Uni to develop computer forensics standards to help cops nab crims

Government grant to fund new nation-wide standards

Researchers from the University of South Australia are aiding police in the fight against online crime by developing a set of forensic computing standards.

With the help of an Australian Research Council (ARC) grant to the value of $500 000, Associate Research Professor Jill Slay and two of her PhD students expect to have the criteria set by the end of 2009.

The standards will allow law enforcers to validate evidence gathered from computers. Presently, the lack of standards means that the reliability of software used to draw evidence from a suspect's computer can be questioned in court. "Computer forensics has grown as an art, not a science" Professor Slay said. "It is currently a product, not standards driven area."

Once developed, the computer forensics standards will allow software developers to create their own forensics tools, and by testing them against the criteria, legally demonstrate that the evidence extracted through the tools is reliable.

According to Professor Slay, this means that by following the benchmarks, the police will be able to present files taken from a computer to a court, and demonstrate how the forensic tools used explain how the file got onto the computer. This will help to scientifically separate the genuine claims of Trojan placement of files from a false use of the defence in a manner the courts can accept as reliable.

The idea for the research came into fruition when one of Professor Slay's students needed to test some forensic tools, only to discover there was no point of reference to validate the success of the tools.

Currently there are no similar standards existing elsewhere in the world.

Professor Slay explained that while millions of dollars has been spent on research in the US, American forensics standards are not yet complete. This is despite a great deal of literature on the subject stating the importance of developing standards.

For the research, Professor Slay is working with the National Institute of Forensic Science, the NSW Police State Electronic Evidence Branch, the Australian Federal Police and the South Australian Police. Once finalised, the standards will be used Australia-wide, by both the state and federal police, as well as other bodies with the power to seize computers, such as the Australian Tax Office and Customs.

More about: ARC, Australian Federal Police, Australian Research Council, Australian Research Council, Federal Police, NAB, NSW Police, University of South, University of South Australia

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/235/softperfect-network-protocol-analyzer/

SoftPerfect Network Protocol Analyzer

Publisher's notes: SoftPerfect Network Protocol Analyzer is an advanced, professional tool for analyzing, debugging, maintaining and monitoring local networks and Internet connections. It captures the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia