Pros & Cons of Accreditation for Digital Forensics Laboratories

Dr. Frank Kardasz, July 16, 2024

Editor: Ava Gozo.  

Accreditation of digital forensics laboratories is sometimes touted as a means to enhance the quality and reliability of forensic evidence. However, the actual impact of accreditation on confidence in lab work is a subject of debate. Let's examine the available evidence and arguments.

Pros of Accreditation

Standardization: Accreditation, particularly to standards like ISO/IEC 17025, are meant to establish consistent practices across laboratories. This standardization may lead to more reliable and reproducible results[3].

Quality Management: Accredited labs are required to implement specifid quality management systems, which can improve the overall quality of work and reduce errors[1].

Perceived Credibility: Accreditation may enhance the perceived credibility of a laboratory in legal proceedings, possibly increasing the weight given to forensic evidence in court[2]. In contrast, critics argue that the certifications and qualifications of individual expert witnesses are typically at issue and lab accreditation is rarely an issue.

Continuous Improvement: The accreditation process typically encourages labs to engage in ongoing training and improvement of their processes[3].

Cons of Accreditation

Cost and Resources: The accreditation process can be expensive and time-consuming, potentially diverting resources from actual forensic work[1].

Bureaucratic Overhead: Some argue that accreditation introduces unnecessary bureaucracy that may slow down forensic processes without significantly improving quality.

Limited Scope: Accreditation typically focuses on specific processes and may not cover all aspects of digital forensics work, potentially leaving gaps in quality assurance.

Rapid Technological Change: The fast-paced nature of digital technology can make it challenging for accreditation standards to keep up with new forensic techniques and tools.

Research on the Impact of Accreditation

The claim that accreditation results in increased confidence in the work of a digital forensics lab is not strongly supported by conclusive quantitative research. Most available evidence is qualitative or based on surveys, which provide insights but lack rigorous statistical proof.

Quantitative Research:

• A 2017 Forensic Focus survey found that only 11.4% of respondents' organizations were accredited, with nearly half preparing for accreditation. While this suggests a trend towards accreditation, it doesn't directly prove increased confidence[3].

• A 2018 UK survey indicated that 62% of respondents agreed on the necessity of formal standardization in digital forensics, suggesting a belief in the potential benefits of accreditation[4].

Qualitative Research:

• The NIST report (2022) identified significant issues with current quality management systems in digital forensics labs and suggested that accreditation could address these issues, indirectly supporting the idea that accreditation may boost confidence[1].

• A ForensicMag opinion article discussed how accreditation strengthens digital evidence handling and can lead to increased acceptance of digital evidence in court, indicating enhanced confidence in accredited labs[2].

Conclusion

While there is some consensus within the forensic community that accreditation may improve standardization and potentially enhance the credibility of digital forensics labs, there is a lack of definitive quantitative research proving that accreditation results in increased confidence in a lab's work. The available evidence is largely qualitative and based on opinions rather than rigorous statistical analysis.

The benefits of accreditation in terms of standardization and quality management are plausible, but the direct link to increased confidence remains more of a theoretical assumption than a proven fact. Further research, particularly quantitative studies, would be beneficial to substantiate the claims about the impact of accreditation on confidence in digital forensics laboratories.

References

ForensicMag. (n.d.). How the audit accreditation process strengthens digital evidence. https://www.forensicmag.com/592952-How-the-Audit-Accreditation-Process-Strengthen-Digital-Evidence/ 

Forensic Focus. (2018). Findings from the Forensic Focus 2018 survey. https://www.forensicfocus.com/articles/findings-from-the-forensic-focus-2018-survey/ 

National Institute of Standards and Technology. (2022). Report of the Digital Evidence Task Group Quality Study. https://www.nist.gov/system/files/documents/2022/12/19/OSAC%20DE%20Quality%20Task%20Group%20Report_Dec2022.pdf Tully, G., 

Cohen, N., Compton, D., Davies, G., Isbell, R., & Watson, T. (2020). Quality standards for digital forensics: Learning from experience in England & Wales. Forensic Science International: Digital Investigation, 32, 300374. https://www.sciencedirect.com/science/article/abs/pii/S2666282519300374

Citations:

[1] https://www.nist.gov/system/files/documents/2022/12/19/OSAC%20DE%20Quality%20Task%20Group%20Report_Dec2022.pdf

[2] https://www.forensicmag.com/592952-How-the-Audit-Accreditation-Process-Strengthen-Digital-Evidence/

[3] https://www.forensicfocus.com/articles/findings-from-the-forensic-focus-2018-survey/

[4] https://www.sciencedirect.com/science/article/abs/pii/S2666282519300374

Budgeting for a Digital Forensics Lab

The Rising Costs of Establishing a Digital Forensics Lab

With the surge in cybercrime and the growing importance of digital evidence, having a dedicated digital forensics laboratory has become a necessity for many organizations. However, setting up and operating such a facility is a significant financial undertaking, requiring substantial investments in equipment, software, personnel, and other resources. The costs can range from tens of thousands to millions of dollars, depending on the lab's scale and requirements.

Equipment and Software Expenses

• High-performance forensic workstations and servers
• Specialized forensic software suites (e.g., EnCase, FTK, X-Ways)
• Forensic imaging systems and write-blockers
• Network attached storage (NAS) for evidence storage
• Backup and disaster recovery solutions
• Printers, Routers, and peripheral devices 

Ongoing Maintenance and Upgrades

• Regular software and hardware upgrades to keep pace with technological advancements
• Subscription fees for software licenses and support
• Replacement of aging or obsolete equipment
• Costs for secure off-site data storage and backups

Personnel Costs

• Highly skilled and experienced digital forensic examiners and analysts
• IT support staff for maintaining lab infrastructure
• Administrative and management personnel
• Competitive salaries and benefits to attract top talent
  

Facility and Infrastructure Costs

• Secure laboratory space with controlled access
• Robust power backup and cooling systems
• High-speed internet connectivity
• Physical and cybersecurity measures (e.g., firewalls, encryption)
• Janitor, Water, Sewer, Trash, Power, Security, Alarms, Fire Supression 
  

Additional Expenses

• Accreditation and certification fees (e.g., ANAB/LAB, ISO 17025)
• Continuing education and training for personnel
• Legal, accounting and consulting services
• Insurance and liability coverage
• Overtime as a Fringe Benefit 

Establishing a comprehensive digital forensics lab requires a substantial upfront investment and ongoing operational costs. Careful budgeting and planning are crucial to ensure the lab has the necessary resources to handle the ever-increasing demand for digital forensic services effectively.

References

Noblett, M. G., Pollitt, M. M., & Presley, L. A. (2000). Recovering and examining computer forensic evidence. Forensic Science Communications, 2(4). https://archives.fbi.gov/archives/about-us/lab/forensic-science-communications/fsc/oct2000/computer.htm

Pollitt, M. M. (2007). An ad hoc review of digital forensic models. In Systematic Approaches to Digital Forensic Engineering (SADFE'07) (pp. 1-8). IEEE. https://doi.org/10.1109/SADFE.2007.1

Digital Forensics Laboratory Accreditation: Considerations

Dr. Frank Kardasz, MPA, Ed.D.  July 19, 2017.  Revised July 19, 2024

Introduction

The accreditation process for digital forensics laboratories is complicated and time-consuming. Accreditation processes have been in place for decades, and in recent years accreditation has been applied not only to traditional labs that conduct fingerprint, blood, drug and other analyses; but also to the discipline of digital forensics.

Accreditation, as it applies to laboratories, should not be confused with certifications that apply to individuals, or to certifications that apply to items of equipment and software. The National Voluntary Laboratory Accreditation Program describes the difference as follows:

"The terms "accreditation" and "certification" are sometimes used interchangeably, however, they are not synonymous. Certification is used for verifying that personnel have adequate credentials to practice certain disciplines, as well as for verifying that products meet certain requirements."

See: https://www.nist.gov/nvlap/accreditation-vs-certification

This work explores a few of the considerations that organizational leaders should think about when contemplating whether or not to seek laboratory accreditation.

Regulations, Policies, and Standards

The International Organization for Standardization

The International Organization for Standardization researches, develops, and publishes (for a fee) requirements and guidance for various industries with the motto, "Great things happen when the world agrees". At least two of the regulations, ISO/IEC 17025:2017 and ISO/IEC 17020:2012, provide guidance to many digital forensics laboratories. The regulations are available for purchase at the ISO web site: https://www.iso.org/standard/66912.html

ISO/IEC 17025:2017 and ISO/IEC 17020:2012 include requirements for testing, calibration, and inspection of laboratories, digital and otherwise. 17025 is generally considered to be more applicable to the daily work of a digital forensics lab. Compliance with the requirements is recognized by ANSI and A2LA towards the accreditation of digital forensics laboratories. Compliance with the ISO's requires specific management activities, record-keeping, policy-writing, and document control.

Selected Topics from 17025 and 17020

Below are some of the topics from the contents section of ISO/IEC 17025:2017 for testing and calibration of laboratories. The topics give you an idea about the number of requirements; each of which must be supported by an organizational policy, detailed record-keeping and periodic audits.

Below are some of the topics from the contents section of ISO/IEC 17020:2012 - requirements for inspecting laboratories.

The Business of Providing Accreditation Services

Two of the organizations that assist agencies (for a fee) towards completing the accreditation process are ANSI and A2LA. The ISO/IEC 17025:2017 standard is typically used to guide accreditation. The organizations are briefly described below:

The American National Standards Institute (ANSI, also ANAB)

The National Accreditation Board is a non-governmental organization that provides accreditation services to public and private-sector organizations for a fee. ANAB is jointly owned by the American National Standards Institute (ANSI) and the American Society for Quality (ASQ). Their services are funded by the accreditation fees charged to member organizations.

See: http://webstore.ansi.org/RecordDetail.aspx?sku=ISO%2fIEC+17025%3a2005

The American Association for Laboratory Accreditation

The American Association for Laboratory Accreditation (A2LA) describes itself as a nonprofit, non-governmental, public service, membership society. They are an independent, non-profit accreditation service. A2LA offers programs for the accreditation of inspection bodies, proficiency testing providers, reference material producers and product certification bodies. Their motto is, "A better world through accreditation."

See: https://www.a2la.org

National Institute of Standards and Technology

The US Department of Commerce, National Institute of Standards and Technology (NIST), National Commission on Forensic, Science Subcommittee on Accreditation and Proficiency Testing published a document titled: Critical Steps to Accreditation. The document outlines some of the requirements of a quality management system. According to the report (p.1):

"Accreditation helps to ensure both ongoing compliance to industry standards and continual improvement of an FSSP's operations. Accreditation assesses an FSSP's capacity to generate and interpret results. Accreditation criteria are based on accepted industry standards and applicable international standards."

The NIST report (pp. 2-3) recommends the following steps towards accreditation:

1. Written procedures for evidence (security/control/handling)
2. Written reports
3. Technical and administrative review of reports and supporting records
4. Testimony monitoring
5. Note taking
6. Technical procedures
7. Training program
8. Proficiency testing
9. Corrective and preventive action process

The full NIST report can be found at this link:

http://www.ascld.org/wp-content/uploads/2016/01/Views-Doc-Critical-Steps-to-Accreditation.pdf

Quality Manager

A key person in any organization that implements ISO's 17020 and 17025 is the designated quality manager. The quality manager is tasked with ensuring that the management system is maintained and that the requirements are adhered to.

Audits

Audits are sometimes a source of consternation for managers. Below is an excerpt from ISO/IEC 17025 regarding audits:

4.14 Internal audits

4.14.1 The laboratory shall periodically, and in accordance with a predetermined schedule and procedure, conduct internal audits of its activities to verify that its operations continue to comply with the requirements of the management system and this International Standard. The internal audit program shall address all elements of the management system, including the testing and/or calibration activities. It is the responsibility of the quality manager to plan and organize audits as required by the schedule and requested by management. Such audits shall be carried out by trained and qualified personnel who are, wherever resources permit, independent of the activity to be audited.

NOTE The cycle for internal auditing should normally be completed in one year.

Audit Nonconformities

Audits are a time-consuming and sometimes difficult, albeit necessary, process. Accrediting organizations perform audits to monitor compliance among their member-agencies. According to the ANAB, the top ISO/IEC 17025 non-conforming audit findings in 2015 were:

5.6 Measurement traceability

• Missing procedures
• Lack of document traceability to national standards 
• Labs using other non-accredited labs for equipment calibration

4.6 Purchasing services and supplies 

• Incomplete procedures
• No procedure for purchasing calibration services

4.15 Management reviews

• Incomplete procedures - lack of scheduling of management reviews
• Failure to record actions arising from management review or time scales

4.14 Internal audits

• No predetermined schedule, failed to address all elements of IOS/IEC 17025 
• No follow-up, No close-out of corrective action

5.2 Personnel

• Lack of training and education records 
• Competency testing - authorization to perform work 
• Lack of training plans

5.5 Equipment 

• Equipment records not maintained
  
• Instructions not readily available 
• Log books

4.13 Control of Records 

• Lab not following it's own procedures 
• Data not recorded as required 
• Corrections to data not properly recorded

4.1.5 Organization and Management

• Lack of required policies 
• Failure to document responsibilities of the Quality Manager

4.3 Document Control

• Failure to control documents 
• Revision identifiers obsolete or absent 
• Lack of document review

5.4 Test and Calibration Methods and Method Validation

• Lack of procedure or incomplete procedure 
• Lack of validation records

The list of nonconformities above provides a sobering reminder to quality managers that there is LOT to think about regarding compliance with the accreditation requirements. For criminal and civil case purposes, opposing counsel might use non-conforming audit findings to attack the credibility of work-product originating from a lab.

The Scientific Working Group on Digital Evidence

In 2017, The Scientific Working Group on Digital Evidence (SWGDE) produced a document titled: MYTHs and FACTs about Accreditation for Digital and Multimedia Evidence Labs. Some information from that document (pp. 5-7) is provided below:

MYTH: "Accreditation is unaffordable."

MYTH: "Everyone can afford accreditation."

FACT: If an organization does not currently employ personnel to write and enforce quality assurance policy, there may be a significant cost associated with the accreditation process. There is a financial cost to be paid to the accrediting body (application fee, on-site visit(s), and annual fee).

All accreditation related costs vary based upon the size of the laboratory and the choice of implementation (p.5).

MYTH: "Accreditation will require more personnel resources."

FACT: Personnel involved in quality assurance procedures will vary based on the size of the laboratory. Larger laboratories may require personnel dedicated to working within a quality system, whereas smaller laboratories may not require dedicated personnel. There are successful approaches for small and one-person laboratories to implement quality systems (p.5).

MYTH: "The accreditation process can be completed within a few months."

FACT: The process of developing and implementing a quality management system by a laboratory that can meet accreditation requirements may take 1- 3 years depending on the size and resources of the laboratory (p.5).

MYTH: "Accreditation means a laboratory or work product is perfect."

FACT: The work product produced by non-accredited laboratories may be as good or better than accredited laboratories. factors, such as human error or faulty equipment, exist regardless of whether a laboratory is accredited. Accreditation requires that laboratories have processes to document, address, and correct problems (p.6).

MYTH: "Accreditation creates unnecessary work."

FACT: The accreditation process can identify areas for increased efficiencies, quality control, and promote consistency within the laboratory. Additional documentation that is required in accredited laboratories can improve repeatability and reproducibility within the laboratory and foster communication across laboratories (p.7).

Considerations

Initial accreditation and the maintenance of accreditation involves a commitment of personnel, time, and money. Some of the questions to consider regarding accreditation include the following:

• Is accreditation required by a sponsoring or governing organization?
• What is the budget impact of the accreditation process?
• What are the application fees?
• What are the Inspector site-visit costs?
• What are the time and labor costs for in-house personnel throughout the process?
• What are the follow-up and ongoing costs?
• Who will be assigned as Quality Manager?
• Will the assignment be a full-time position or a subordinate duty?
• Who else in the organization must be actively involved in the accreditation process?
• What policies need to be devised, written, published and enforced?
• Who will author, revise and monitor policies and procedures?
• What will the process be for non-compliance and who will be involved in the administration?
• How many person-hours will be needed to complete the accreditation process?
• Over what period of time will the accreditation process occur?
• Will successful accreditation act as a protective shield or mitigator in the event of civil lawsuit against the organization?
• In the event of failure to obtain accreditation, will the reputation of the organization suffer?
• Will the organizations' failure to accredit work as an aggravating factor in future civil lawsuits against the organization?
• Is a "de minimis" policy practice preferred because it opens the organization up to fewer legal attacks?
• Will accreditation improve the lab's profit-margin? (Cost/benefit analysis; applicable to for-profit labs)
• Could the lab simply obtain and follow the regulations without enduring the formal accreditation process?

As investigative caseloads increase and budgets shrink, digital forensic lab managers are finding less time and money to conduct the administrative duties required by accreditation. Some are eschewing accreditation altogether while arguing that their employees are trained and certified, their equipment and software tools are validated, and consequently, overall lab accreditation is an unnecessary additional burden.

The decision about whether or not to pursue accreditation is important and sometimes controversial. Some argue that digital forensics examiners should be trained and certified, but it is not necessary to accredit digital forensics labs. Critics of lab accreditation also posit that court cases are not won or lost based on lab accreditation but instead upon the individual work, training, certification and expertise of the examiner. Proponents of accreditation believe that the process helps to improve the work-product and improves the quality of lab operations.

=-=-=-=-=-=

Additional Information Sources re: Accreditation

ANAB

What Sets ANAB Apart for Forensic Accreditation?  https://www.anab.org/forensic-accreditation

Forensic Focus

ISO 17025 For Digital Forensics – Yay Or Nay? https://articles.forensicfocus.com/2018/01/24/iso-17025-for-digital-forensics-yay-or-nay/

A2LA

American Association for Laboratory Accreditation Frequently Asked Questions
https://www.a2la.org/

=-=-=-=-=-=-=-=-=-=-=-=

Champlain College - DIM550 / DFS565 - Computer Forensics Laboratory Operations and Management

Champlain College offers a  Master of Science Degree in Digital Forensics.  DIM550 / DFS565 - Computer Forensics Laboratory Operations and Management. 

 

Excerpts from students' comments for DIM550 / DFS565

"I can honestly say that before taking this class, I knew little to zero about what goes on in managing the operation of a forensic lab. It was an eye opener to see how complex and difficult it can be for a manager running a forensic lab, and how many things they have to deal with. What is clear to me is how important it is for managers to both know and treat his/her workers well. Some of the key aspects of social interactions were respect, honesty, trust and motivation. I believe that without treating others the way you would want to be treated, chaos would result in the work place. I was satisfied with the course."

"I found that the way that the course was created it is far superior than traditional courses. I was engaged in conversation with everyone. I learned from others who had more experience and also provided input of my own. I just feel the traditional book knowledge doesn't really assist in the overall learning that was done. Each night I would go through all the posts, links and read all the comments. This was more valuable than the book to me."

"This has been the course with the best discussions of the topics I have ever taken. I would not change a thing. I also appreciate the interjected items, it is hard to see all the connecting parts of the issues we discuss in class."

"Thank you so much for your leadership and for teaching us how to be a good Lab Manager!"

"Also would like to thank you for teaching a great class. I feel I learned a lot from the discussions and course material. "

"I can honestly say, this course ROCKS!!! I like your teaching style, the challenging questions, the weekly discussions, and your prompt attention to our questions!!! "

"Thanks for a great class."

"Thank you for a great semester. I really enjoyed this class and would love to cross paths again!"

"Thank you for the valuable feedback and experience you shared with the class. I learn a lot."

"Thanks for a wonderful class and randomly giving me a great group. Attached you will find my team evaluation. Thanks again sir and have a wonderful holiday."

"Thanks for a great class and I hope to learn from you or have the opportunity to collaborate with you out in the real world."

"Thank you again for a great class!"

================================

CHAMPLAIN COLLEGE - Master of Science in Digital Forensics - Digital Investigations Management

http://www.champlain.edu/online-masters-programs/ms-computer-forensics

DIM550 DFS565 - COMPUTER FORENSICS LAB OPERATION & MANAGEMENT -
This course focuses on the management of a digital forensics laboratory. Topics will include best practices in lab operation, policies and procedures, case management, evidence management and personnel training and certification. Issues related to workflow, information storage technology, equipment, and security of evidence and other information will also be integrated into activities about operating a modern computer forensics lab. Laboratory accreditation and compliance with standards such as ISO 17025 will also be discussed. Eight Weeks. On-line.  Prerequisite(s): DIM-500. Credit(s): 3

================================

 

Cybersecurity - Disgruntled Employee & Computer Crimes: City of San Francisco & Terry Childs

In 2008, the City of San Francisco suffered a costly and embarrassing loss of computer network services when a disgruntled IT employee refused to permit anyone access to the system.  Terry Childs, the network administrator, refused to reveal the password for the system, thus denying access to the City of San Francisco's FiberWAN.

Childs was subsequently arrested and served time in prison for his network tampering misdeeds.  The incident provides an interesting case study and lesson for IT managers and to leaders of organizations that employ data professionals.

Writer Paul Venezia authored an informative article about the Terry Childs incident.  The article discusses the motives that may have driven Childs to become a "Network Kidnapper". 

The incident begs several questions including:

• What can be done to prevent a lone-wolf employee from disrupting a network in the future?
• What, if any, hiring practices might identify and prevent a problem employee from getting the job in the first place?
• What oversight should leaders who are not technical experts leaders exercise over their technical-expert staff?
• How should passwords be handled between supervisors and subordinates?
• In the San Francisco case, what characteristics did Terry Childs exhibit that might have been clues to potential problems?

References

Van Derbeken, J. (July, 15, 2008). S.F. officials locke out of computer network. SFGATE. Retrieved from http://www.sfgate.com/bayarea/article/S-F-officials-locked-out-of-computer-network-3205200.php

Venezia, P. (July 21, 2008). Why San Francisco's network admen went rogue: An inside source reveals details of missteps and misunderstandings in the curious case of Terry Childs, network kidnapper. CIO. Retrieved from https://www.infoworld.com/article/2653004/why-san-francisco-s-network-admin-went-rogue.html

===========================

http://kardasz.blogspot.com/2015/02/disgruntled-employee-computer-crimes.html

Cybersecurity - Is Digital Currency a Concern for Computer Forensics Lab Managers?

Frank Kardasz,  March 13, 2014. Editor: Ava Gozo.

Computer forensics, lab management, and Bitcoin:  I don't know if those items belong together, but my sense is that it is a good idea for lab managers to have at least a basic understanding  about digital currencies.  Alternative forms of currency have always been avenues for theft, fraud, drug sales, and other crimes.  Bitcoin is no exception.  If you have not already encountered a case involving some sort of digital currency you probably will.  Here are just a few "nice-to-know" items of basic information about digital currencies and Bitcoin.

What is digital currency?
Digital currency, sometimes also called cryptocurrency, is a form of money or medium of exchange that is electronically created and stored.  Some digital currencies are cryptocurrencies for example Bitcoin, others are not, like the Ven.  Like traditional monies, these currencies can be used to buy physical goods and services (1).

What is Bitcoin?

Bitcoin is a form of digital currency that is computer-generated and held electronically.  No regulatory agency controls it.  Bitcoins aren’t printed, like dollars or euros, they are produced by people running computers all around the world, using software that solves mathematical problems. (2).

How do Bitcoin transactions work?

Bitcoin transactions are sent to and from electronic Bitcoin wallets, and are digitally signed for security. Everyone on the network knows about a transaction, and the history of a transaction can be traced back to the point where the bitcoins were produced.  There are no actual physical coins, only electronic records of Bitcoin transactions (3).

How do criminals use Bitcoin?

Bitcoins are popular among criminals because of the anonymity associated with the currency.  Although transactions are recorded and published, the identity of the person associated with the exchange is not recorded.  This anonymity makes the cryptocurrency popular among criminals.

What was Silkroad?

Silkroad was an on-line illegal drug brokerage organization that used bitcoins and the TOR network  for transactions.  An undercover investigation brought down Silkroad, but other similar nefarious businesses will likely rise to replace it (4).

What is Mt. Gox and what happened to them?

Mt. Gox was a Japan-based Bitcoin holding and exchange organization that was responsible for approximately 850,000 Bitcoins worth an estimated $474 million dollars.  Mt. Gox filed for bankruptcy after claiming that Bitcoins were stolen from them (5).

What prevents double-spending of Bitcoins?

Here is the abstract from a longer paper written by Bitcoin creator Satoshi Nakamoto:  Bitcoin is a peer-to-peer version of electronic cash that allows online payments to be sent directly from one party to another without going through a financial institution.  Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.  Bitcoins provide a solution to the double-spending problem using a peer-to-peer network.  The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work.  The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power.  As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers.  The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone (6).

Tutorial - How to Steal Bitcoins.

The following link leads to a tutorial about how to steal Bitcoins.  I suggest you don’t try this at home…or anywhere (7): http://www.theverge.com/2013/12/19/5183356/how-to-steal-bitcoin-in-three-easy-steps

References

1. Digital Currency. (March 13, 2014). Wikipedia. Retrieved from http://en.wikipedia.org/wiki/Digital_currency

2. Coindesk. (February 21, 2014). What is bitcoin? Retrieved from http://www.coindesk.com/information/what-is-bitcoin/

3. Coindesk. (March 6, 2014). How do bitcoin transactions work? Retrieved from http://www.coindesk.com/information/how-do-bitcoin-transactions-work/

4. Goldstein, M. (March 4, 2014). Silk Road, Shut down  in fall, had digital outpost in Pennsylvania. Dealbook. New York Times. Retrieved from http://dealbook.nytimes.com/2014/03/04/silk-road-had-digital-outpost-in-pennsylvania/?_php=true&_type=blogs&_r=0

5. Farivar, C. (February 25, 2014). Mt. Gox, once the world's largest Bitcoin exchange, shuts down. arstechnica.  Retrieved from http://arstechnica.com/business/2014/02/mt-gox-once-the-worlds-largest-bitcoin-exchange-shuts-down/

6. Nakamoto, S. (n.d.). Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved from https://bitcoin.org/bitcoin.pdf

7. Jeffries, A. (December 19, 2013). How to steal Bitcoins in three easy steps. The Verge. Retrieved from http://www.theverge.com/2013/12/19/5183356/how-to-steal-bitcoin-in-three-easy-steps

Cybersecurity - Dr. Richard B. Weinblatt - Ten Social Networking Tips for Police Officers

Interesting advice below from Dr. Richard B. Weinblatt concerning things to think about related to your off-duty use of social networking sites.

1) No gun glorification. While this may upset Second Amendment supporters out there, the reality is that a many members of the public do not like to see firearms glorified in pictures of law enforcers. Several officers have lost their jobs after posing with weaponry in a way perceived as offensive or too "warrior oriented." While the depiction of guns in the course of their normal scope and use is not problematic, aiming the gun at the camera triggers problems. Images of officers engaged in their normal course of fire at the gun range have not brought about a backlash. Posing with weaponry, involving either the officer or (worse yet) a civilian, has been problematic for the employee.

2) No alcohol. Officers have also found themselves in the hot seat after posting pictures of themselves partying and drinking alcohol. Many agencies view this to be contrary to a professional image. Of greater concern is that sometimes others identified in the pictures turn out to be minors in possession of alcohol which opens up another can of issues.

3) Watch your comments. Posted comments on social networking sites are being dragged into legal proceedings especially when use of force is involved. Comments that imply the officer enjoys using force on people, especially certain groups of people, are being seized on by criminal defense and civil plaintiffs attorneys to show the officer had a pre disposition to be physical or has a documented bias against their client. Remember that discussion boards and the like are a public written record of your communication. Like reports and radio dispatch conversations, they can be discovered and frame your actions in a context that you may not like. Much like reports, if you don't want it dragged into the legal arena, don't type it online.

4) Avoid bashing the department. Another area that has gotten some officers into trouble - the First Amendment freedom of speech not withstanding - are comments which bash the agency. Depending on how it's framed, it could open you up to administrative charges and possibly civil liability. More and more bloggers and online posters are being held responsible for their critical speech online. Especially if it is later proved that the postings lack a factual basis and are intended to damage the target of the criticism. At the very least, launching such a site or contributing to an existing Web site that bashes the agency does not endear you to the powers that be or position you as a "team player" ripe for promotion.

5) Restrict personal information. Much like we can use Facebook and the like as a tool to find people and research information, so can the bad guys. Be judicious in the posting of information and pictures. For example, some officers will not use pictures of their family members or going even further, of themselves. Others withhold their cell phone number.

6) Picture Choice. Make sure that the pictures that you do choose to post don't have any of the aforementioned problem areas or have nudity. Many officers, including myself, have shirtless bodybuilding or fitness oriented photos online. That is not a problem. The topless woman drinking at the party with you exemplifies what is a problem.

7) Minimize status update complaints. In this year of economic contraction, there are many people waiting in line for your spot in the agency. Administrators know this. This goes back to number four above, but we've all seen the officers that post their status with complaints about the shift, their sergeant, or the job. Some supervisors, after reading such negatively tinged status updates, say, "OK, let so and so find another job if they are so unhappy here." While not every job is going to be great each and every day, gripes should not be aired via status updates. The agency may be perfectly happy to find someone else that would appreciate them.

8) Highlight accomplishments. Many look to Facebook, Linkedin, and the like as electronic resumes. Take advantage of that and use it to highlight your professional accomplishments. Post pictures of you learning some new technique (being careful not to show scores or other information). Post status updates of that advanced training course you take.

9) Manage your privacy settings. While I have my online presence open to the public, many have privacy settings that restrict access to family and friends that you have predetermined. While not foolproof, the settings should keep most interlopers locked out of your pages.

10) When in doubt, leave it out. I have long coached academy students and officers to pretend that I am perched on their shoulder and watching what they are doing. In the same vein, they could have their mother hovering overhead. If you wouldn't want us to see it or if either of us would be displeased with what is being contemplated to go online, it probably is not a good idea to upload it.

CSAM & Predators - Arizona - Maricopa County Attorney rebuts the distorted ABC 20/20 story of Matthew Bandy

From FoxNews.com on-line version -

Defense In Child Porn Case Distorts the Truth Sunday, January 28, 2007

By Rachel Alexander, Deputy County Attorney, Maricopa County 

Recent media reports, including a Jan. 23 column by FOXNews.com columnist Wendy McElroy, and a Jan. 19 broadcast of the ABC news program 20/20, have portrayed the prosecution of an Phoenix, Ariz., teenager in an Internet child pornography case as an overzealous prosecution by the Maricopa County Attorney's Office. 

The Maricopa County Attorney's office would like to make clear our contention that these reports grossly misrepresented the facts involved, and that the characterization of this case in the media is the result of the juvenile defendant's parents denial of the evidence of their son's guilt and unfortunate initiation of a media disinformation campaign. 

The Bandy’s even hired Bernstein Crisis Management to design a web site attacking County Attorney Andrew Thomas and further spread disinformation. The “experts” quoted on the website were not given the specific facts of Bandy’s situation; they were simply asked broad questions about viruses hijacking a computer. This case was not about adult pornography, nor was it about a computer virus surreptitiously downloading child pornography to your computer-- as the media, family and defense counsel have portrayed it. 

The prosecution of then 16-year old Matt Bandy was about an investigation that yielded overwhelming evidence of the defendant viewing, downloading, uploading and sharing pornographic images of children being sexually abused, and burning them to a CD. Matt Bandy admitted to detectives that he visited pornographic websites as well as an online group known for sharing pornographic images of children. 

A burned CD was found in his home, which contained the same pornographic images of children found on his computer. The images were saved in a file named "Lolita," which is a term used by child pornographer traffickers to refer to underage images. Bandy’s defense attorney asserted that a “virus” or “trojan” must have downloaded the child pornography to Bandy’s computer without his knowledge. Even if this were true, it is the County Attorney's contention that a virus could not have burned those images to a CD, titled them “Lolita,” then physically removed the CD from the computer and place it elsewhere within the family home. 

The fact that child pornography was found on the CD at his home cannot be ignored. The investigation was initiated by the Phoenix Police Department after Yahoo! reported the transfer of child pornography to the Center for Missing and Exploited Children, as required by law. 

Evidence subpoenaed from Yahoo! revealed that pornographic images of children had been uploaded from a username “mrbob1980hoopdu” to a Yahoo! online group called “beth_lard9.” Beth_lard9 was an online group created for exchanging child pornography. 

Bandy admitted to the Phoenix police detectives assigned to the case that he participated in this online group, and said his username was “joebean1988hoopdu.” Yahoo! provided information showing that the username that uploaded the child pornography, “mrbob1980hoopdu,” was registered as “Ms. Joe Bean”-- a clear link to Bandy. In addition, both the IP address assigned to the Bandy computer by the Bandy’s Internet service provider Cox and the MAC address of the Bandy computer were matched to the newsgroup postings by “mrbob1980hoopdu.” 

Ms. McElroy's column reported the defense assertion that the prosecution refused to perform a forensic analysis of the juvenile’s computer, and that a forensic analysis found that “nine images were probably downloaded without his knowledge onto his hard drive by a virus.” This is not accurate. The prosecution’s forensic examiner, a detective with over 400 hours of training in computer forensics who is certified by the International Association of Computer Investigative Specialists, the leading organization in this area, performed a lengthy analysis of Bandy’s computer. The results of this examination were detailed in a report over 100 pages long. This detective found 72 images of child pornography on the computer, stored in folders created on his computer entitled “…kidlolitagood ones. 

The Bandy family hired their own forensic examiner, whose resume does not indicate she is certified with IACIS and whose expertise and training is seriously questioned by the prosecutors. This examiner is responsible for the claim that a virus probably downloaded the images without the juvenile’s knowledge. (Fox News Editor's note: each side in this case disputes the expertise and qualifications of the forensic examiner used by the other side.) If this were the case, what would stop anyone accused of downloading child porn from using that excuse? 

That excuse has been used with little success in the past by defendants. Last summer, in U.S. v. O’Keefe, the 11th Circuit Court of Appeals upheld the child pornography conviction of a defendant who blamed a virus for placing child pornography on his computer. In that case, the prosecution’s forensic analysis of his computer indicated there were viruses on his computer, but they were not capable of downloading child pornography. If the analysis by the forensic analyst hired by Bandy provided exculpatory evidence, it should have been presented during the prosecution of the case. 

The only report that has been provided to our office was a seven-page document consisting of some conclusions; there was no report on scanning for viruses, no mention of the CD that was found or the work the examiner performed – no mention of any viruses supposedly responsible for the activities described or the CD. In fact, our office’s forensic examiner who examined the computer acknowledged after the case blew up in the media that there were child porn images present on the computer nine months before the viruses infected the computer, so the viruses could not have been solely responsible. 

It is a prosecutor’s responsibility to try cases where there is a reasonable likelihood of conviction. Bandy’s defense attorney has publicly acknowledged that there was an “80 percent” chance of conviction if the case went to trial. 

The plea agreement reached in this case has been misrepresented as an indication that we did not have a strong case. This too is not accurate. Arizona has one of the toughest child pornography laws in the nation, requiring a minimum sentence of 10 years in prison for each image of child pornography, and multiple counts must be served consecutively. By these laws, Bandy could have faced 90 years in prison. Our office never intended to ask for a sentence of 90 years in prison, as has been so greatly exaggerated, and the plea reflects our office efforts to avoid giving the juvenile 90 years in prison. Our office has a duty to examine each case on its own merits and reach a result which is just. In light of the circumstances surrounding this case -- such as the age of the juvenile and his lack of prior criminal conduct -- we felt 90 years was disproportionately harsh and offered a plea bargain allowing Bandy to plead guilty to the lesser charge of distributing pornography to minors. Bandy accepted this agreement. 

The victim in this case is not Matt Bandy. The victims are the children who are exploited and made virtual sex slaves. Some of the children in the images found on his computer and CD were recognized as past victims of exploitation, and some were under 10 years old. This case is not about pornography, it is about child pornography. 

Child pornography sexualizes children for profit. If you can justify a crime as horrible as child pornography, you can justify any heinous crime. Our office did what it thought was right in this situation, and a media disinformation campaign cannot change the overwhelming evidence of Bandy’s guilt. Unfortunately, the court removed the sex offender registration terms from Bandy’s guilty plea, so he will not receive the treatment he needs to avoid this happening again. 

Individuals who become involved in child pornography have a hard time breaking free from it. We can only hope that Bandy does. Rachel Alexander is the deputy county attorney with the Maricopa County Attorney’s Office, Maricopa County, Arizona. Retrieved January 29, 2006 from http://www.foxnews.com/story/0,2933,247903,00.html