Risk
2/18/2009
05:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Forensic Science System In U.S. Needs Overhaul

Digital evidence examiners have no agreed-upon certification program or list of qualifications, in addition to other issues, a report to Congress points out.

The forensic science system -- digital or otherwise -- in the United States is badly fragmented and needs a major overhaul, a congressionally mandated report said Wednesday.

The National Research Council report, "Strengthening Forensic Science in the United States: A Path Forward," was started in 2007 when Congress authorized an independent committee to study forensic practices in the United States.

The report finds that the forensic science system, upon which criminal and civil litigation depends, lacks adequate resources, talent, standards, and governance.

"The forensic science system in the United States has serious problems that can only be addressed by a national commitment to overhaul the current structure that supports the forensic science community," said committee co-chair Harry T. Edwards, senior circuit judge and chief judge emeritus of the U.S. Court of Appeals for the District of Columbia Circuit, in a Webcast press conference.

The report urges Congress to authorize and fund a new federal entity, the National Institute of Forensic Science, or NIFS, to oversee how forensic science is practiced in the United States. It also makes 12 other recommendations to strengthen the standards and practices of forensic science.

Forensic science goes beyond DNA analysis. It includes toxicology, projectile marks and tool marks, document analysis, controlled substance analysis, fire investigation analysis, trace evidence, impression analysis, blood pattern analysis, crime-scene investigation methods, "medicolegal" death investigation, and digital evidence.

Yet it's only DNA analysis that stands firmly grounded in science when it comes to linking individuals to evidence. "[N]o forensic method other than nuclear DNA analysis has been rigorously shown to have the capacity to consistently and with a high degree of certainty support conclusions about 'individualization' (more commonly known as 'matching' of an unknown item of evidence to a specific known source)," the report states.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.