201902252045401564470240_thumbnailcoverccpt0119.jpg201904121437111650068531_spring2019cover.jpg

    Electronic Crime Committee >> Digital Forensics Committee (DFC)


    Mandate

    The Digital Forensics Committee (DFC) provides expert technical advice, guidance, and recommendations to the CACP Electronic Crime (ECrime) Committee on digital forensics matters and related investigations support activities of operational significance to the Canadian law enforcement community.

    Objectives

    1. Provide expert advice and guidance to the CACP ECrime Committee in the field of digital forensics,  inclusive of cybercrime investigations support activities.
    2. Identify and qualify issues and matters of significance to the Canadian law enforcement community in the field of digital forensics.
    3. Develop recommendations for the CACP ECrime Committee as proposed consideration for CACP policies and guidelines.
    4. Advocate and promote quality standards for digital forensics in the Canadian law enforcement community.
    5. Define national training guidelines necessary for digital forensics police practitioners.
    6. Provide a national forum to discuss trends in digital evidence sources, digital forensics solutions, and associated operational support challenges.

    Significant Accomplishments 2018-2019

    1)  Reintroduction of Cyber into the scope of the committee from a strictly operational perspective and the impacts on digital forensics

    2)  Delivered in May 2018

    • Dealing with contaminated evidence protocols in a computer lab setting
    • Privileged material procedures – when defense claims privilege on digital evidence (opened - continuing)
    • Impact of Cloud computing on digital forensic process

    3)  Delivered in October 2018

    • Established Consensus Position of Common Challenges Among Member Agencies
      • Staffing shortfalls (not enough and not enough quality candidates in pools nationally)
      • Lack of front line and investigative understanding in dealing with digital files and how to triage what is most important to limit scope of analysis – broad based education
      • Need to embed digital forensics analysts in investigations as early as possible to properly inform investigators in decision making process
    • File management protocols
      • Method to manage (admin rights and infrastructure)
      • Auditing capability at storage level
      • Lock-out capability for file security
      • Redundancy of storage medium
    • Beginning of metrics gathering process to identify numbers that qualify the digital forensic process (that is, the scope of digital forensics processing hurdles) – first deliverable planned for Spring 2020
    • File transfer protocols – how to transfer data through the legal system
      • Creation of local SOPs
      • Ensure encryption by default
      • Auditing (to ensure evidence continuity from source to end point)
      • Dependent on nature of file as a consideration
      • Educating police personnel on this process
    • Virtual Currencies (initial discussion – progress to continue

    Initiatives Planned for 2019-2020

    • Continue work on the draft of the contaminated evidence handling procedures
    • Continue work to advance the privileged evidence handling procedures through crown prosecutor case law input
    • Continue to examine evidence management system guidelines to develop access control and network permission standards for liability prevention
    • Continue to develop a national statistical report format for reporting purposes to the E-Crime Committee for the Digital Forensic Committee membership’s encryption, resource capacity, passcode and tool restrictions
    • Continue work on a guideline for implementation of a digital field technician program


    201801182036131546226773_small201408151301531445346713memoriallogoimage.jpg

    201808241632411602097061_cacpwebpx.jpg201411191911051480856265_biglogo.png