Saturday 11 August 2012

Can you trust your digital forensics tools?

It has been a while I’ve not posted a new topic in my digital forensics blog. I was busy with writing…experimenting…revising and writing again. It was time consuming but you need to ensure as little mistake as possible (nobody is perfect though!). Well, I’m not going to bore you with my researcher’s life.

Umh, what is so interesting on this topic?

It is about digital forensics tools!

Do you trust your tool 100%?

Well, we know that some reputable digital forensics tools were evaluated by NIST.

But, did you really put an effort to evaluate it yourself (or this could be done by your own digital forensics laboratory research team)?

Yes, all of us have gone through lots of trainings conducted in a conducive environment, no technical problem (perhaps a bit of glitches) and the tool seems to be perfect.

This scenario might not be the same when you start using it! Trust me.

It is not my intention to create an issue here (with the people who developed the digital forensics tool; I’m also a developer) but merely to share on the little knowledge that I have on this matter especially with the digital forensics practitioners.

If you are a digital forensics practitioner (only managing cases and have no time for research), you may feel dejected if your tool did not work as per you expectation. It is even more frustrating if the tool cost you a ‘bomb’ (expensive).

This is quite normal. As I said before nobody is perfect and no tool is perfect too. Yes it works but on certain condition it will not (I’m not going to mention which tool and describe the condition in details).

What I want to advise is you must personally put an effort to evaluate your tools as much as possible (or at least refer to those who have used it). Not a simple evaluation but the toughest that you could think off. Just like pushing yourself in a 100 meter run (follow Usain Bolt of Jamaica).

You must be like a hacker not a cracker, know the vulnerability, exploit it and develop a tool/software. Have an in depth understanding of the tool and it will be useful especially when you are called as an expert witness in the court of law.

If not your adversary on the other side of the court will give you the toughest time that you could ever imagine and it going to be dreadful.

So think over and over again on this topic.

It is not easy to be a digital forensics analyst. Loads of certification is not a guarantee.

It is how good you know your field that is DIGITAL FORENSICS.