By Emma Tiernan, Solutions Consultant, Magnet Forensics
Undergoing ISO 17025 accreditation can be a major undertaking for any digital forensics lab, regardless of its size. The ISO 17025 standard scope covers “general requirements for the competence, impartiality and consistent operation of laboratories.” Requirements for lab processes, equipment, documentation, and facilities and environmental conditions are covered.
In the UK, the Forensic Science Regulator (FSR) mandated ISO 17025 accreditation for all forensic science activity by October 2017. Recently, the UK’s Transforming Forensics group published an extensive report in July 2020 titled Digital Forensic Science Strategy where they detail their plan to modernize digital forensics in the UK. In this report, it was stated that “Less than 20% of processes requiring accreditation have achieved it, not because of lack of commitment from DFUs [digital forensic units] but because the pace at which digital forensics is changing and the lack of capacity makes it very challenging for forces to achieve quality accreditation.”
Magnet AUTOMATE can help make achieving ISO 17025 accreditation faster and easier for lab managers in five important ways. Read on to learn more about how we believe automation and orchestration can support your standardization efforts.
1. Improved oversight and control of the operating procedure, software, and hardware usage
The standard states that defective equipment must be isolated, marked, and taken out of service so that the defective equipment isn’t used to acquire and process evidence.
The AUTOMATE stats & management dashboards enable you to gain a quick view of all working nodes so that a faulty node can easily be identified and taken offline. Bringing a node back online is simple once any fault is rectified.
This ensures that only functioning, validated workflows, software, and hardware are utilised on all cases.
Also, lab management can grant access to AUTOMATE to those examiners who have been assessed as competent to do so within their training and competency plans, with or without administrative privileges. Only users with administrative privileges can see the Configuration and Settings panels giving them the ability to edit and manage workflows, node configuration, applications, users, as well as view case logs, user activity and more.
2. Quickly validate that your software and hardware is operating as expected using automated “Validation Workflows”
The validation process of your workflows and equipment can be time consuming. For example, typically you’ll need to test every single type of drive, common devices, and common data sets through every workflow you’ve included in the scope for accreditation.
When I was responsible for lab standards in my previous role at a law enforcement agency in the UK, validation frequently took weeks, or even months, to complete. During validation, our equipment needed tobe taken offline. This oftentimes happened outside of business hours to reduce impact to the lab’s productivity which increased overtime costs for examiners who need to stay late or come in on the weekend.
Additionally, each time there wasany change to our tools, including software updates, we needed to re-validate the workflow (specifically, the part impacted by the change) to ensure all was still running smoothly and as expected.
We believe that creating an efficient and repeatable validation process that doesn’t require significant time investment from an examiner is essential to the long-term productivity of your lab.
Magnet AUTOMATE allows you to create automated validation processes and workflows to expedite the validation process. Instead of requiring examiners to run the validation process manually in their evenings or weekends, allow the system to do this instead. You can easily setup the case queue to automate and run all validation workflows over the weekend without any examiner intervention.
Also, a quicker validation process means you are more able to keep on top of your software upgrades so that you and your examiners always have the features you need.
3. Create automated and standardized workflows so that standard operation procedures (SOPs) are consistently followed every time, reducing the chance of human error or variation.
The ISO 17025 standard describes the need for up-to-date and readily available standard operating procedures for the lab’s personnel and that methods and procedures should only be created by capable personnel. This is where we think AUTOMATE really shines. Creating your lab’s own standardized workflows in AUTOMATE’s highly configurable drag-and-drop Workflow Builder, your senior examiners can create workflows that can be easily kicked off by junior examiners.
In AUTOMATE, once an automated workflow is validated and signed off by the Technical Manager, only those workflows are available for usage by examiners and technicians. Without AUTOMATE, examiners and technicians would need to follow a written work instruction where a step could be missed, or inconsistent tools are used or changed.
Let technology handle processes and workflows that require consistency, so you can free up your examiners to focus on complex tasks such as review and analysis. Utilising a set of standardised and automated workflows can significantly reduce workflow non-conformities, ensures evidence processing is reliable with less requirement for examiners and technicians to follow a work instruction exactly and without variation.
4. Meet service level agreements, constantly improve efficiency, and address department risks as a department (turnaround times, risk of the unknown held in backlogs of work)
Specifically, in section 8.5 of the standard, its stated that the lab shall consider areas of risk and opportunity. In this section, it’s specifically cited that labs shall:
- “Give assurance that the management system achieves its intended results”
- “Enhance opportunities to achieve the purpose of and objectives of the lab,” which is to assist investigators prevent and detect crime and safeguard victims
- “Prevent, or reduce, undesired impacts and potential failures in the lab activities” (such as failing to meet SLAs, not getting data to court in time, risk to victims with long turnaround times)
- “Achieve improvement”
Helping you to improve SLA times, getting evidence into hands of investigators quicker and reducing non-conformities are all examples of how you can show improvement using AUTOMATE.
AUTOMATE can not only ensure you meet your Service Level Agreements but can help improve these to better aide an investigation by delivering an initial report into the hands of the investigator faster than non-automated methods.
This reduces many of the common risks associated with Digital Forensic Units such as risk of the unknown within backlogs or being able to deliver fast, initial results while suspects are in custody.
5. Seamlessly audit using the AUTOMATE dashboard and backend database of record logs
There are several sections throughout the standard that call out the need for auditing and thorough record-keeping for all labs processes and workflows (such as sections, 6.6.2, 7.1.8, 7.7, 7.8 and 8.8.)
AUTOMATE makes these requirements easier to meet. The AUTOMATE dashboard and backend database keep a record of logs covering the workflow used, node(s) used, tools and tool versions, technician details, and more against each case processed through the system.
With AUTOMATE carrying out most of the processing in your SOP, auditing is less resource intensive because key data is captured by the system. Additionally, AUTOMATE can provide audit logs for each case to show which workflow and nodes were used and by which examiner or technician.
Achieving ISO 17025 accreditation doesn’t have to be (so) painful. If you have questions or would like to learn more about Magnet AUTOMATE and how it can help your digital forensics lab become more easily accredited, feel free to contact me at firstname.lastname@example.org .
Head over to the Magnet AUTOMATE page to learn more about AUTOMATE and to request a free consultation with one of our experts.
Technical Advice Disclaimer
Magnet Forensics is dedicated to engaging with the DFIR community through our blogs and whitepapers. However, properly addressing technological issues often includes numerous variables that require independent assessment and strategies designed for each specific circumstance. Since Magnet Forensics cannot have complete insight into all variables involved in a specific situation, this blog/whitepaper is for informational purposes and should not be read as professional advice recommending techniques or technologies to address your specific situation. We do not accept responsibility for any omission, error, or inaccuracy in this blog/whitepaper or any action taken in reliance thereon.