Daubert Standard an...
 
Notifications
Clear all

Daubert Standard and Open Source/Proprietary Tools

13 Posts
6 Users
0 Reactions
3,586 Views
(@andrefowler)
New Member
Joined: 10 years ago
Posts: 1
Topic starter  

Hello,

I'm a Digital Forensics major at Chestnut Hill college. I'm writing a research paper on computer forensic tools and the Daubert Standard and I was wondering if you guys would help me out by taking a survey about Open Source and Proprietary tools and how well you think each one fits the Daubert (or Frye) standard. Thanks!!

https://www.surveymonkey.com/s/MR6Z89T


   
Quote
(@joachimm)
Estimable Member
Joined: 16 years ago
Posts: 181
 

Your survey is unlikely to give the answers you want. You focus a lot on open source versus propriety commercial software. Though that should be open source versus closed source software, IMO. Since there are a lot of free tools out there that are closed source as well.

Another point is that you do not take into account that a closed source program still can be adequately transparent to provide admissible evidence.


   
ReplyQuote
jhup
 jhup
(@jhup)
Noble Member
Joined: 16 years ago
Posts: 1442
 

Take a look at DC3 DCCI and NIST and how they test software.


   
ReplyQuote
(@thefuf)
Reputable Member
Joined: 16 years ago
Posts: 262
 

Take a look at DC3 DCCI and NIST and how they test software.

And how they miss important issues -)


   
ReplyQuote
jhup
 jhup
(@jhup)
Noble Member
Joined: 16 years ago
Posts: 1442
 

I welcome your constructive criticism of their protocols.

Take a look at DC3 DCCI and NIST and how they test software.

And how they miss important issues -)


   
ReplyQuote
jaclaz
(@jaclaz)
Illustrious Member
Joined: 17 years ago
Posts: 5133
 

I welcome your constructive criticism of their protocols.

What about non-constructive criticism on the amount of tests they make? roll

http//www.forensicfocus.com/Forums/viewtopic/p=6569805/#6569805

wink

jaclaz


   
ReplyQuote
(@thefuf)
Reputable Member
Joined: 16 years ago
Posts: 262
 

I welcome your constructive criticism of their protocols.

Take a look at DC3 DCCI and NIST and how they test software.

And how they miss important issues -)

1. They (NIST guys) don't test "dirty" file systems on purpose (they did only ONE test with a file system that was not unmounted properly, and got an interesting result, but they didn't repeat this in other tests) – they miss several source data modification issues when testing SMART Linux and PALADIN.
2. They don't test file systems both on HDDs and SSDs – some forensic software acts differently when evidentiary data is located on SSD, not on HDD.
3. They don't test Live CDs by booting them from different media types – it is known that some forensic live distributions alter the source data only when booting from USB HDD (and not from CD or USB Flash).

And so on.


   
ReplyQuote
(@Anonymous 6593)
Guest
Joined: 16 years ago
Posts: 1158
 

1. They (NIST guys) don't test "dirty" file systems on purpose (they did only ONE test with a file system that was not unmounted properly, and got an interesting result, but they didn't repeat this in other tests) – they miss several source data modification issues when testing SMART Linux and PALADIN.

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?

2. They don't test file systems both on HDDs and SSDs – some forensic software acts differently when evidentiary data is located on SSD, not on HDD.

As far as I recall, (and as far as a quick refresher of their documents show), their test specifications are quite clear that they test hard disk drives.

3. They don't test Live CDs by booting them from different media types – it is known that some forensic live distributions alter the source data only when booting from USB HDD (and not from CD or USB Flash).

Again I'm lost. Since when does the CFTT test live CDs at all? I suddenly feel very much out of touch…


   
ReplyQuote
jaclaz
(@jaclaz)
Illustrious Member
Joined: 17 years ago
Posts: 5133
 

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?

http//www.cftt.nist.gov/disk_imaging.htm
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-40

Test Results for Digital Data Acquisition Tool Paladin 4.0
National Institute of Standards and Technology
May, 2014

This document reports the results from testing Paladin 4.0 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0, available at the CFTT Web site. Paladin 4.0 is a modified Live Linux distribution designed to simplify the process of creating forensic images in a forensically sound manner. Paladin 4.0 is designed to image, clone and restore data from hard drives and other secondary storage.

https://cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-asr-data-smart-version-2010-11-03

Test Results for Digital Data Acquisition Tool ASR Data SMART version 2010-11-03
National Institute of Standards and Technology
September, 2012

This NIJ Special Report presents the results from testing Digital Data Acquisition Tool ASR Data SMART version 2010-11-03. This document reports the results from testing the ASR Data SMART version 2010-11-03 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0.

jaclaz


   
ReplyQuote
(@thefuf)
Reputable Member
Joined: 16 years ago
Posts: 262
 

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?

https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-asr-data-smart-version-2010-11-03
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-206
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-30
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-40


   
ReplyQuote
Page 1 / 2
Share: