The following is a concept map (not the only one to be sure) of the cyber forensics world and it’s relationship to the forensic discipline. In summary forensic science is a sub discipline of law. Cyber forensics is a sub discipline of forensic sciences.
This is a rudimentary concept map of the cyber discipline. The map was made as a work product for my course but it aliterates a few different problems. (Click to make larger)
There are a few interesting items that I found thinking this through. First, was the idea that in cyber/computer forensics we place more emphasis on the idea of cyber/computer than on the forensics portion. Since by definition even if not realized by most who practice in the discipline the concept is law. This is a bit troubling. There are numerous other sciences that have a forensics component but most if not all place emphasis on the litigative property rather than the science property.
Personally I like the idea of cyber as a literal label for the practical tools, techniques and procedures found in the discipline of cyber forensics. I do think there are issues with the current concept of cyber forensics. I’m working on a paper that likely won’t get published anywhere detailing the case for advancing the principles of a new discipline. I’m definitely not the first to do this. This work is done on the shoulders of notables like Benniger, Ronfeldt, Wiener, and others. The science is cyberology and it is inclusive of several things. In an email to one of my c0-authors I put it to him this way. What happens when a historian-lawyer and a technologist-law enforcement officer get together? They write a book on cyber conflict. That is cyberology. My PhD advisor is a sociologist-law enforcement officer, my wife a historian-anthropologist-technologist, A good friend is a soldier-historian, and all of that makes up cyberology. What brings us together is the micro-to-macro effects of information upon society. Specifically how the creation, transmission, processing, and storage of information is cognitively utilized by man, processed by machine, and even understood by artificial intelligence.
Inherently I am looking at this as a component to redefine cyber forensics to Forensic Cyberology. Why would that be necessary? I see significant issues in the lack of empirical quantitative analysis that meets with the forensic legal requirements of extensive case and legal procedure. There is more to cyberology than forensics, but it is the domain I see that needs more adherence to first principles of the science to be applied when dealing with the forensic component. There are very few people in the practitioner category who are being used as expert witnesses for cyber forensics that can even discuss cyber first principles.
I believe and would like to see a study done that looks at the discipline of cyberology so that things like information theory and social media analysis might be brought together into a cohesive architecture of a science. This is not about anybody giving anything up, but of bringing together the disparate groups that should be talking together. In my studies of cyber conflict I see extensive discussions by political scientists that are grounded in their discipline but have little to no applicability within the technical infrastructures. Similarly I see technical sophisticates who have an abysmal understanding of policy and law doing and saying things that are diametrically opposed to reality.
The following is a few of my notes on this issue as applied to cyber forensics.
This is my notes on dealing with the issues of cyber forensics when looked at holistically within the forensic science discipline. As a work product it is my questions and assertions (uncited) so that I can have a point to work from. (click to make larger)