Title :
A Common Scheme for Evaluation of Forensic Software
Author :
Hildebrandt, Mario ; Kiltz, Stefan ; Dittmann, Jana
Author_Institution :
Dept. of Comput. Sci., Otto-von-Guericke Univ., Magdeburg, Germany
Abstract :
We introduce a first common evaluation scheme for forensic software. Therefore, we investigate potential attacks on forensic software to derive preliminary attacker models. We use the Federal Rules of Evidence and the Daubert Challenge of the US jurisdiction to investigate the legal fundamentals for forensic software and to show tendencies for other countries. Furthermore, current approaches for the validation and verification of forensic software are summarized. Subsequently, our proposed evaluation scheme is used for the exemplary evaluation of the forensic duplication application dcfldd and the forensic toolkit EnCase Forensic. Furthermore, it is used to create a preliminary framework for the development of forensic software. The formalization of our evaluation scheme classifies the forensic application according to the model of the forensic process of Kiltz et al. This scheme is intended to be extensible and to support the benchmarking of forensic applications.
Keywords :
computer forensics; law; program verification; EnCase Forensic; forensic duplication application; forensic software evaluation; forensic software validation; forensic software verification; forensic toolkit; preliminary attacker model; Documentation; Forensics; Hardware; Software; Testing; IT-Forensics; evaluation; requirements of forensic software;
Conference_Titel :
IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on
Conference_Location :
Stuttgart
Print_ISBN :
978-1-4577-0146-7
DOI :
10.1109/IMF.2011.11
