What Forensic Software do you recommend if buying personally
There are two issues in the reference to the EnCase Legal Journal neither of which applies to open source forensic tools.
The first issue, related to iLook, was the fact that because the software is restricted to LE and the format proprietary, the defense was not given the opportunity to verify the data in the form that the prosecution intended to present it.
That's just what I thought it would be. A disclosure issue.
Your second point is well put. 'Custom' can mean many things but where you can actually manipulate the output to suit what you want the evidence to be is certainly walking the fine line or perjury if you insist the output is reliable and can be reproduced with other tools. I believe that Mark Menz at some point mentioned that he had to develop a bunch of custom tools back in the day because nothing was available to do the job . Other custom tools such as the Coroner's Tool Kit, were developed because a need existed and no tool was available for Unix. So when the court took exception with 'custom' tools it would seem that it was only saying that it wasn't going to put blind reliance on something that had unknown characteristics and could be manipulated to falsify results. I agree that the very nature of open source and the vetting it receives makes it reliable. I am not sure if you deal with TSK at all, but every time Brian tweaks it there is a lot of chatter on the mailing list of issues and bugs that show up, usually within hours of the new source code being posted. Open source tools such as TSK receive more scrutiny by people such as Simson Garfinkel, Eoghan Casey and the like, than any commercial packages.
Yeah, I found it funny that EnCase/Guidance publishes a suggestion that a programmer is needed to verify a product when their own code isn't open for inspection by the general public. Now if they suggested that a forensic examiner is required to validate the tool, then they'd have a point, but Guidance always seems to go with the "trust us, don't trust them" approach rather than the "validate everything including us" approach which any honest tool vendor should suggest.