Uni to develop computer forensics standards to help cops nab crims

Researchers from the University of South Australia are aiding police in the fight against online crime by developing a set of forensic computing standards.

With the help of an Australian Research Council (ARC) grant to the value of $500 000, Associate Research Professor Jill Slay and two of her PhD students expect to have the criteria set by the end of 2009.

The standards will allow law enforcers to validate evidence gathered from computers. Presently, the lack of standards means that the reliability of software used to draw evidence from a suspect's computer can be questioned in court. "Computer forensics has grown as an art, not a science" Professor Slay said. "It is currently a product, not standards driven area."

Once developed, the computer forensics standards will allow software developers to create their own forensics tools, and by testing them against the criteria, legally demonstrate that the evidence extracted through the tools is reliable.

According to Professor Slay, this means that by following the benchmarks, the police will be able to present files taken from a computer to a court, and demonstrate how the forensic tools used explain how the file got onto the computer. This will help to scientifically separate the genuine claims of Trojan placement of files from a false use of the defence in a manner the courts can accept as reliable.

The idea for the research came into fruition when one of Professor Slay's students needed to test some forensic tools, only to discover there was no point of reference to validate the success of the tools.

Currently there are no similar standards existing elsewhere in the world.

Professor Slay explained that while millions of dollars has been spent on research in the US, American forensics standards are not yet complete. This is despite a great deal of literature on the subject stating the importance of developing standards.

For the research, Professor Slay is working with the National Institute of Forensic Science, the NSW Police State Electronic Evidence Branch, the Australian Federal Police and the South Australian Police. Once finalised, the standards will be used Australia-wide, by both the state and federal police, as well as other bodies with the power to seize computers, such as the Australian Tax Office and Customs.