I was watching the Babes-in-the Wood Murders last night on TV, involving Nicola Fellows and Karen Hadaway who were murdered by the, then 20-year-old Russell Bishop who was tried, and acquitted in 1987 – sadly, Bishop having been released went on to reoffend again some years later with the abduction, assault, and attempted murder of a 7 year old female in 1990, leaving her for dead at Devils Dyke on the South Downs – it was thankful that the young girl survived and was able to pick Bishop out on an Identity Parade.
With the introduction of Double-Jeopardy, based on Police Intelligence and the fact they were convinced Bishop was the offender in both cases, this allowed Law Enforcement Agencies to again look at Bishop with a view to the Babes-in-the-Woods Murders of which he had been acquitted – enter the new science of DNA profiling.
Given the Police still had custody of all Babes-in-the Wood case related materials and artifacts, including a Sweat Shirt which had been dumped at a local Railway Station, and had been subsequently linked to Bishop – and given the proximity of material-to-body contact, this was subjected to DNA acquisition and analysis. However, down to Bishops savvy arrogance and cunning, he argued that any BIO DNA traced which had been discovered on the cuff of the garment was the result of transferred cross-contamination in the Lab. His challenge was enough to place doubt on a key artifact which linked him with the garment. However, the determination of the Investigative Team located other sources of DNA, which provided a successful match between Bishop and the Babes-in-the Wood Murders, resulting in him being found guilty and finally being brought to justice by the underpin and technological achievement in the field of DNA.
Having watched this case on TV, prompted a consideration of the most basic facets required when handing any form of evidential materials or artifacts – no matter Biological or Logical based, one area of paramount importance is the application of process. As one Barrister from a London Inn commented:
‘The easiest approach to discrediting any form of evidence is to find a gap in process’
Thus, if robust Handling Processes are not applied, conjoined with the documented control of Bag-and-Tag it could be that any evidence, artifact, or observations acquired and made during the First Responder engagement could be rendered inadmissible or indeed worthless.
As if by some spookiness, the TV documentary was aired on the very same day I had an article published in the eForensics Magazine which focused on the importance of the First Responder, and any associated CSIRT (Computer Security Incident Response Team) engagement which introduced the concept of secure and encrypted storage for controlling access to any valuable evidential materials and artifacts, assuring that robust access control and accountability has been fully accommodated. See Fig 1 below:
Fig 1 – CSIRT on a Secure Drive
With this approach, if the incumbent First Responding Professional applies the correct set of applicable robust process on each occasion, they engage an assignment, and utilize robust and secure storage facilities, such an approach will accommodate rigidity in and engagement they take up – give a higher degree of a successful outcome, and of course reduce the opportunities for legal challenge.
ISO 17025
Reflecting on the case of Bishop as outlined above, it is also equally important that when handing any for of evidence, or artifacts, again stressing be they BIO or Logical it is absolutely essential that the handling, processing, and storage elements are fully robust and, as far is practically achievable are beyond reproach. It is here where consultation with, and application of the ISO 17025 will form the basis of understating the requirements of running a robust facility.
- Improving the image of the laboratory
- The data quality and effectiveness are subject to continuous improvements
- Provides a fundamental basis for other quality systems related to laboratories such as GMP (Good Manufacturing Practices and GLP (Good Laboratory Practices)
- It is the recognition of testing competence
- It protects the laboratory’s data integrity in case of legal implications
- It enables the assessment of relative quality and capability of other accredited laboratories
Conclusion
As a concluding comment – to be wise before the event can pay dividends – to learn that you should have been wise after the fact can both be professional and case adverse!
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.