±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34183
New Yesterday: 2 Visitors: 149

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Daubert Standard and Open Source/Proprietary Tools

Discussion of legislation relating to computer forensics.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Daubert Standard and Open Source/Proprietary Tools

Post Posted: Mon Nov 10, 2014 7:09 pm

- thefuf
1. They (NIST guys) don't test "dirty" file systems on purpose (they did only ONE test with a file system that was not unmounted properly, and got an interesting result, but they didn't repeat this in other tests) – they miss several source data modification issues when testing SMART Linux and PALADIN.


What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?


2. They don't test file systems both on HDDs and SSDs – some forensic software acts differently when evidentiary data is located on SSD, not on HDD.


As far as I recall, (and as far as a quick refresher of their documents show), their test specifications are quite clear that they test hard disk drives.


3. They don't test Live CDs by booting them from different media types – it is known that some forensic live distributions alter the source data only when booting from USB HDD (and not from CD or USB Flash).


Again I'm lost. Since when does the CFTT test live CDs at all? I suddenly feel very much out of touch...  

athulin
Senior Member
 
 
  

Re: Daubert Standard and Open Source/Proprietary Tools

Post Posted: Mon Nov 10, 2014 7:54 pm

- athulin

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?


www.cftt.nist.gov/disk_imaging.htm
www.cyberfetch.org/gro...paladin-40

Test Results for Digital Data Acquisition Tool: Paladin 4.0
National Institute of Standards and Technology
May, 2014

This document reports the results from testing Paladin 4.0 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0, available at the CFTT Web site. Paladin 4.0 is a modified Live Linux distribution designed to simplify the process of creating forensic images in a forensically sound manner. Paladin 4.0 is designed to image, clone and restore data from hard drives and other secondary storage.


cyberfetch.org/groups/...2010-11-03

Test Results for Digital Data Acquisition Tool: ASR Data SMART version 2010-11-03
National Institute of Standards and Technology
September, 2012

This NIJ Special Report presents the results from testing Digital Data Acquisition Tool: ASR Data SMART version 2010-11-03. This document reports the results from testing the ASR Data SMART version 2010-11-03 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0.



jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Daubert Standard and Open Source/Proprietary Tools

Post Posted: Mon Nov 10, 2014 10:35 pm

- athulin
What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?


www.cyberfetch.org/gro...2010-11-03
www.cyberfetch.org/gro...aladin-206
www.cyberfetch.org/gro...paladin-30
www.cyberfetch.org/gro...paladin-40  

thefuf
Senior Member
 
 
  

Re: Daubert Standard and Open Source/Proprietary Tools

Post Posted: Tue Nov 11, 2014 6:29 pm

- jaclaz
- athulin

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?


www.cftt.nist.gov/disk_imaging.htm
www.cyberfetch.org/gro...paladin-40


Thanks ... I double-checked that page, and still didn't see it. Must be getting rusty ...  

athulin
Senior Member
 
 
  

Re: Daubert Standard and Open Source/Proprietary Tools

Post Posted: Wed Nov 12, 2014 2:47 pm

NIST & DCCI protocols can be used as a template to develop one's own overview for "how well [one] think[s] each one fits the Daubert (or Frye) standard" - irrelevant of these organizations' overall productivity, or quality of their works.

I felt my response in the other thread was a reasonable answer considering it provided two answers to questions that came up in the thread, and a solution to the original post. Indeed, it did not need the editorial Embarassed .

- jaclaz
- jhup
I welcome your constructive criticism of their protocols.


What about non-constructive criticism on the amount of tests they make? Rolling Eyes

www.forensicfocus.com/...5/#6569805

Wink

jaclaz
 

jhup
Senior Member
 
 
  

Re: Daubert Standard and Open Source/Proprietary Tools

Post Posted: Wed Nov 12, 2014 4:57 pm

- jhup

I felt my response in the other thread was a reasonable answer considering it provided two answers to questions that came up in the thread, and a solution to the original post. Indeed, it did not need the editorial Embarassed .


Maybe there has been a misunderstanding Confused , I made the note NOT to criticize the contents of your referenced post (which I actually appreciated personally Smile ), on the contrary I wanted to highlight how even non-constructive criticism may be interesting and/or appreciated.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 

Page 2 of 2
Go to page Previous  1, 2