Friday 16 March 2012

Are digital forensics tools forensically sound?

I think almost every hard core IT users experienced software bugs. I myself had gone through it several times.

Why?

Every software development isn’t perfect. Some were deployed and sold inrush. As a result, it got poor feedbacks from the end users.

Why is this happening?

I think it has become a “standard” for the users to be part of the testing mechanism (the best way).

This is not part of the deal. The users are supposed to get a complete product. They are the customers. They paid and bought the item so that it performs accordingly.

In regard to Digital Forensics, I read an article by Carrier [1] titled “Open Source Digital Forensics Tools The Legal Argument” and I think it is relevant.

It relates back to my contention as I start writing this topic.

Well, in any legal proceeding you are bound to explain on the reliability of tools being used in your digital forensics work.

In any of the digital forensics processes, be it identification, preservation or analysis, a digital forensics practitioner will need a tool to ease their work.

Without a tool, the work can be very tedious (I totally agree about this).

But, are the digital forensics tools forensically sound?

You don’t know isn’t?

Unless the tools behaving weirdly and giving outrages results. If not it is quite difficult to notice it.

Furthermore, it is going to be extremely tough when the court ask you (expert witness) if the tools being used were forensically sound.

You might need to refer to NIST/others if the answer is available. If not, you are in trouble.

So, even though the open source tools are “free” and you can download it at anytime doesn’t mean it is substandard. Above all, with the source code availability; the open source tools might give you better assurance then the closed source tools (anyone can run through and improves the codes). This is the argument written in Carrier’s paper and it is a good read for digital forensics communities.

That’s why I highly encourage digital forensics practitioners/researchers to do some coding on their own or to study the open source tools source code. You will learn a lot from it.

For the closed source, I hope more third parties (e.g. NIST) would be able to conduct rigorous testing and provide some references (for assurance) to us, the digital forensics practitioners/researchers.

If not the software bug or glitch issue will be the main line of argument in the court of law.

[1] B.Carrier. “Open Source Digital Forensics Tools The Legal Argument.” Internet: http http://www.digital-evidence.org/papers/opensrc_legal.pdf.