Domain Description

The use of standards and controls in scientific experiments is a fundamental axiom of the scientific method.  In forensic science, scientific principles and practices are employed to obtain results.  Although the analysis of physical evidence differs somewhat from scientific experimentation, it still must follow the principals and methodology of the scientific method.  This is necessary to ensure accuracy, reliability, repeatability, and to assist courts in determining whether or not examiner expert testimony can meet the admissibility requirements of Frye or Daubert.

All digital and multimedia physical evidence must be analyzed using methods and procedures that have previously been validated or verified with the use of appropriate standards and controls.  The National Academy of Sciences recent report titled “Strengthening Forensic Science in the United States: A Path Forward,” also recognized the need for scientific methodology to be used in all the forensic sciences “… to develop tools for advancing measurement, validation, reliability, information sharing, and proficiency testing in forensic science and to establish protocols for forensic examinations, methods, and practices. Standards should reflect best practices and serve as accreditation tools for laboratories and as guides for the education, training, and certification of professionals.”

Appropriate standards and controls must be used when analyzing digital and multimedia evidence as a means to demonstrate that scientific principles and quality assurance practices were followed.  A standard is “a prepared sample that has known properties that is used as a control during forensic analyses.” A control is defined as “a test performed in parallel with experimental samples that is designed to demonstrate that a procedure is working correctly and the results are valid.” Essentially, controls are samples with known results. The use of standards and controls will ensure that the methods, procedures, and instrumentation are functioning correctly, and that the results obtained are accurate, reliable, and repeatable.  If they are not used, it would be extremely difficult or impossible to scientifically assess the validity of the results obtained from the analysis of the physical evidence.

    There are a number of different standards and controls that can be used during the analysis of digital and multimedia evidence.  These would minimally include several different types of hard drives and flash media cards, a USB flash drive, a CD/DVD, a floppy disk, and several GSM, CDMA, and PDA’s, all of which contain known files. The prepared standards and controls are analogous to the different types of evidentiary digital media that could be submitted for examination. These are validated prior to being used in casework and before analyzing physical evidence. For example, if a standard and control fails to provide the correct hash value or is not recognized by the forensic computers operating system or its forensic software, this is an indication that something is amiss.  It then becomes incumbent upon the examiner to determine if the standard and control itself was defective or if there are hardware and/or software problems associated with the forensic computer. Only then should the examiner analyze the physical evidence.