Friday, 5 April 2013

Standard Operating Procedures (SOPs) on Digital Forensic

On this occasion, I'd like to discuss about SOPs on Digital Forensic. As we know, digital forensic is a branch of computer specialization which grows up significantly at this time with high demands in computer market. All over the world, to find out a professional digital forensic analyst/investigator is not as easy as another computer fields, as their number in each country is not much, compared to another computer fields.

To be a good and professional digital forensic analyst/investigators, it needs good technical and academic background, as well as it is supported by good software and hardware. Besides that, it also requires good SOPs in order to guide steps of digital forensic examination/analysis to be done properly. Without good SOPs, the analyst/investigator could be wrong in their examination/analysis. They just rely on hardware/software like ordinary operator. When it hits the wall, they will give up. They becomes not creative to find out the best solution for their problem.

The SOPs are also designed  for accountable examination/analysis. When the results are questionable, it can be re-examined/analyzed by third party of digital forensic analyst/investigator. With the same SOPs, the results should be the same. The SOPs  are also established to show that the proper scientific steps are still better and more valuable than hardware/software. Hardware/software is just tools for the analyst/investigator. They must need it, but they should not put it on the most top sky like God. There is a good phylosophy followed by me and my team: "No system is perfect" and "No hardware/software is perfect". Each of them has their own strengths and weaknesses. That's why a digital forensic analyst/investigator should have many good hardware/software, then they can use it with a proper way to find out which one has the best results for the examination/analysis. The proper ways are the steps guided in SOPs.

A good SOPS should not contain or mention name of hardware/software. It just contain steps of examination/analysis. How to apply it by using hardware/software, it depends on the analyst/investigator to choose which hardware/software which can give the best results. The analyst/investigator plays role as a good chef who can choose which ingredients (without brand name) is the best in order to cook a meal with delicious taste. The ingredients here are hardware/software, and the SOPs are as recipe.

At my digital forensic lab of Indonesian Police Forensic Lab Centre, I've already developed 15 SOPs for digital forensic examination/analysis. They are:

SOP 1 about Digital Forensic Analysis Procedures

SOP 2 about Working Hours Commitment

SOP 3 about Digital Forensic Reporting

SOP 4 about Receiving Electronic/Digital Evidence

SOP 5 about Submitting Electronic/Digital Evidence

SOP 6 about Triage Forensic

SOP 7 about Live Acquisition

SOP 8 about Acquisition on Harddisk, Flashdisk and Memory Card

SOP 9 about Analysis on Harddisk, Flashdisk and Memory Card

SOP 10 about Acquisition on Handphone and Simcard

SOP 11 about Analysis on Handphone and Simcard

SOP 12 about Audio Forensic Analysis

SOP 13 about Video Forensic Analysis

SOP 14 about Digital Image Analysis

SOP 15 about Network Forensic Analysis

The SOPs above have already been implemented at my lab since 2 years ago. We are not rigid on adopting new techniques/methodologies for making our SOPs become better. Since implemented, the SOPs had already been reviewed three times, following the latest technology/methodology. The number of SOPs is most probably to increase. For instance, at this moment, we are in progress to make a new SOP about expert witness. Our SOPs are not confidential. They are based on scientific way and legal, that's why our SOPs are also used by several digital forensic labs of governments and companies in Indonesia. They adopt our SOPs to be implemented at their own labs.


  1. Are you planning on posting them so other people can use them?

  2. As It seems your SOP to be good and helpful to others, can you publish them

  3. Iya pak, share donk...., network forensic analysis boleh juga tuh di share....