Post-DNA World,72 illustrates this problem:
Because two police crime laboratories would not declare
a positive bootprint match in the infamous Rolando
Cruz prosecution, prosecutors sought out a third expert,
Dr. Louise Robbins, who declared a match. A detective,
who resigned because he believed the wrong people had
been charged, later observed: “The first lab guy says it’s
not the boot. . . . We don’t like that answer, so there’s
no paper [report]. We go to a second guy who used to
do our lab. He says yes. So we write a report on Mr. Yes.
Then Louise Robbins arrives. This is the boot, she says.
That’ll be $10,000. So now we have evidence.”73
Another less frequent issue may arise when a digital forensics examiner encounters evidence during a non-criminal
investigation and reports the findings to law enforcement.
If law enforcement fails to obtain a warrant on probable
cause to seize the media but instead gives directives to the
examiner to search for additional corroborating evidence,
the examiner may, in effect, be regarded as “deputized.” As
an agent of the state, the examiner’s search—absent a valid
warrant exception—may be in violation of the suspect’s
Fourth Amendment rights from unreasonable searches, and
any evidence procured therefrom may be inadmissible.
As an example, one certifying body, the (ISC) 2® Committee, has recognized that it has a responsibility to provide
guidance for “resolving good versus good, and bad versus
bad, dilemmas,” and “to encourage right behavior,” such as:
research; teaching; identifying, mentoring, and sponsoring
candidates for the profession; and valuing the certificate.
The Committee also has the responsibility to discourage
certain behaviors, such as: raising unnecessary alarm, fear,
uncertainty, or doubt; giving unwarranted comfort or
reassurance; consenting to bad practice; attaching weak
systems to the public network; professional association with
non-professionals; professional recognition of or association
with amateurs; or associating or appearing to associate with
criminals or criminal behavior. But, because no code of
ethics or law can prescribe the appropriate handling of the
myriad ethical dilemmas the cyber forensics examiner will
certainly confront, the examiner may need to obtain counsel, and ultimately must apply the ethical decision making
principles of honesty, prudence, and compliance with the
law and professional norms.
View references at www.dfinews.com/articles/2014/05/
Sean Harrington is a cyber security policy analyst and information security risk assessor in the banking industry, as well as a
digital forensics examiner in private practice.