Security Summit: SA's digital forensics practitioners 'kinda suck'
South African digital forensics practitioners "kinda suck", says Jason Jordaan, principal forensic scientist and MD of DFIRLABS.
Jordaan told delegates at ITWeb Security Summit 2017 that a lack of effective training and little ongoing professional development meant many South African digital forensics practitioners were ill-equipped to properly investigate cases or provide valid evidence.
"We have people practising in SA who are getting things wrong, and innocent people could go to prison and have their lives destroyed as a result," he said.
Jordaan referred to research conducted for the Security and Networks Research Centre at Rhodes University into the capacity and capabilities of digital forensics practitioners in SA.
"While international organisations such as the Scientific Working Group on Digital Evidence and ISO standards now recommend forensics practitioners should have at least an undergraduate degree in computer science or engineering - preferably a post-graduate qualification - and participate in ongoing professional development, we do not see these standards enforced in South Africa," noted Jordaan.
"The research found that 41% of digital forensics practitioners in SA have no undergraduate qualification, and only 43% have an undergraduate degree in the recommended subject areas. Only 23% have postgraduate qualifications in the subject areas recommended for the practice of digital forensics."
Global standards also require formal technical digital skills training - another area where SA is falling short.
"Nearly a third of the digital forensics practitioners we surveyed have not undergone formal digital forensics training and none have undergone any form of competency training. The implications are that too many digital forensics practitioners are dependent on their tools, and they do not have the skills to tell if their tools aren't working."
We have people practising in SA who are getting things wrong.Jason Jordaan, principal forensic scientist and MD of DFIRLABS
He said vendors tended to push their training, resulting in competence in using the tools, but little useful digital forensics skills development.
Jordaan added that no South African universities had formal digital forensics programmes. "This has to change. Hopefully, the situation will be addressed in the new Cybersecurity Bill, since we are increasingly reliant on digital evidence for solving crimes."