A Common Scheme for Evaluation of Forensic Software

Author

Hildebrandt, Mario ; Kiltz, Stefan ; Dittmann, Jana

Author_Institution

Dept. of Comput. Sci., Otto-von-Guericke Univ., Magdeburg, Germany

fYear

2011

fDate

10-12 May 2011

Firstpage

92

Lastpage

106

Abstract

We introduce a first common evaluation scheme for forensic software. Therefore, we investigate potential attacks on forensic software to derive preliminary attacker models. We use the Federal Rules of Evidence and the Daubert Challenge of the US jurisdiction to investigate the legal fundamentals for forensic software and to show tendencies for other countries. Furthermore, current approaches for the validation and verification of forensic software are summarized. Subsequently, our proposed evaluation scheme is used for the exemplary evaluation of the forensic duplication application dcfldd and the forensic toolkit EnCase Forensic. Furthermore, it is used to create a preliminary framework for the development of forensic software. The formalization of our evaluation scheme classifies the forensic application according to the model of the forensic process of Kiltz et al. This scheme is intended to be extensible and to support the benchmarking of forensic applications.

Keywords

computer forensics; law; program verification; EnCase Forensic; forensic duplication application; forensic software evaluation; forensic software validation; forensic software verification; forensic toolkit; preliminary attacker model; Documentation; Forensics; Hardware; Software; Testing; IT-Forensics; evaluation; requirements of forensic software;

fLanguage

English

Publisher

ieee

Conference_Titel

IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on

Conference_Location

Stuttgart

Print_ISBN

978-1-4577-0146-7

Type

conf

DOI

10.1109/IMF.2011.11

Filename

5931115