The main topic to answer is what pertains to when a Computer Forensic Examiner has to Testify in Court. In addition to understating how to be successful in court, I’ll explain why keeping your credentials is also important.
When a Computer Forensic Examiner is required to be an expert witness in court it is one of the most important parts of their job. Obviously, doing the forensic analysis on the data is the other part. The difference is one (forensic analysis on the data) is based on known straightforward facts. As B. Olson references court rules in his article from the website www.forensicmag.com, “The purpose of an expert witness is really fairly straightforward. The applicable rules are set forth in Rules 701 through 706, Federal Rules of Evidence. As noted in Rule 702, F. R. E.: “If scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge, skill, experience, training, or education may testify thereto in the form of an opinion or otherwise….”. To sum that up, a Computer Forensic Examiner is defending their work / findings based on facts and to give opinions that are also based on those facts and findings. The difficult part of appearing and defending your work are attorneys who are a) not as technically versed in the work a Computer Forensic Examiner does, and b) are actively trying to discredit your work. A Computer Forensic Examiner needs to translate the work and their findings to an audience who are not as technically advanced as a Computer Forensic Examiner. If this cannot be clearly translated the evidence and work provided could be deemed inadmissible. There are two main points a Computer Forensic Examiner must clearly identify are the data / evidence uncovered and the custody – chain of command of how that data was retrieved. The ACE and CCE certifications ensure that a Computer Forensic Examiner is aware of the process from start to finish. If a Computer Forensic Examiner cannot maintain these certifications they would not know the current procedures and therefore not capable for being considered to testify. Everything a Computer Forensic Examiner must be rooted in fact, not knowing a fact / step that utilize current versions is not acceptable.
The ACE certification ensures your knowledge and proficiency using the Forensic Toolkit or FTK. The FTK suite is software which is used to do the uncovering / analysis of data on digital media. The Syntricate website (www.syntricate.com) identifies the points for required for maintenance of the ACE certification.
–ACE Credential Maintenance is required two years after the initial ACE certification. and every two years thereafter to maintain the ACE credential.
–ACE Credential Maintenance requires passing the current ACE examination; the examination can be taken online at a time of your choosing.
–The examination will be based on the most current versions of FTK, FTK Imager, Registry Viewer and PRTK.
–There is no educational requirement for ACE Credential Maintenance.
The Certified Computer Examiner (CCE)® certification is more the process side (But also some digital forensics) of being a Computer Forensic Examiner. This entails a vendor natural standard for how the data is retrieved and presented. The CCE website (www.isfce.com) lists (below) the requirements necessary for re certification, which is every two years.
–Forty (40) hours of Continuing Professional Education credits (CPE) relevant to the CCE Certification, practice of digital forensics or a specialty related to that field with the intent of expanding the recertification candidate’s practical skills and abilities during the 2 year certification period (ISFCE CPE Guidelines)
-and-
–Documented completion of no less than three (3) digital forensic examinations during the 2 year certification period.
If the re certification candidate DOES NOT possess the relevant work experience listed above, that candidate may complete a practical examination exercise in lieu of the work experience.
Sources
Olson, B. (2011, June 1). How to Be an Effective Expert Witness in Court: Part 1. Retrieved from https://www.forensicmag.com/article/2011/06/how-be-effective-expert-witness-court-part-1
(2018 April 1). Certified Computer Examiner. Retrieved from https://www.isfce.com/certification.htm
Computer Forensics – Certification. Retrieved from https://www.syntricate.com/computer-forensics-certification.html
