Daubert Standard an...
 
Notifications
Clear all

Daubert Standard and Open Source/Proprietary Tools

13 Posts
6 Users
0 Likes
2,793 Views
AndreFowler
(@andrefowler)
Posts: 1
New Member
Topic starter
 

Hello,

I'm a Digital Forensics major at Chestnut Hill college. I'm writing a research paper on computer forensic tools and the Daubert Standard and I was wondering if you guys would help me out by taking a survey about Open Source and Proprietary tools and how well you think each one fits the Daubert (or Frye) standard. Thanks!!

https://www.surveymonkey.com/s/MR6Z89T

 
Posted : 08/11/2014 4:16 am
joachimm
(@joachimm)
Posts: 181
Estimable Member
 

Your survey is unlikely to give the answers you want. You focus a lot on open source versus propriety commercial software. Though that should be open source versus closed source software, IMO. Since there are a lot of free tools out there that are closed source as well.

Another point is that you do not take into account that a closed source program still can be adequately transparent to provide admissible evidence.

 
Posted : 08/11/2014 10:46 am
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

Take a look at DC3 DCCI and NIST and how they test software.

 
Posted : 10/11/2014 7:35 am
thefuf
(@thefuf)
Posts: 261
Reputable Member
 

Take a look at DC3 DCCI and NIST and how they test software.

And how they miss important issues -)

 
Posted : 10/11/2014 2:11 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

I welcome your constructive criticism of their protocols.

Take a look at DC3 DCCI and NIST and how they test software.

And how they miss important issues -)

 
Posted : 10/11/2014 7:23 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I welcome your constructive criticism of their protocols.

What about non-constructive criticism on the amount of tests they make? roll

http//www.forensicfocus.com/Forums/viewtopic/p=6569805/#6569805

wink

jaclaz

 
Posted : 10/11/2014 7:47 pm
thefuf
(@thefuf)
Posts: 261
Reputable Member
 

I welcome your constructive criticism of their protocols.

Take a look at DC3 DCCI and NIST and how they test software.

And how they miss important issues -)

1. They (NIST guys) don't test "dirty" file systems on purpose (they did only ONE test with a file system that was not unmounted properly, and got an interesting result, but they didn't repeat this in other tests) – they miss several source data modification issues when testing SMART Linux and PALADIN.
2. They don't test file systems both on HDDs and SSDs – some forensic software acts differently when evidentiary data is located on SSD, not on HDD.
3. They don't test Live CDs by booting them from different media types – it is known that some forensic live distributions alter the source data only when booting from USB HDD (and not from CD or USB Flash).

And so on.

 
Posted : 10/11/2014 8:17 pm
athulin
(@athulin)
Posts: 1144
Noble Member
 

1. They (NIST guys) don't test "dirty" file systems on purpose (they did only ONE test with a file system that was not unmounted properly, and got an interesting result, but they didn't repeat this in other tests) – they miss several source data modification issues when testing SMART Linux and PALADIN.

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?

2. They don't test file systems both on HDDs and SSDs – some forensic software acts differently when evidentiary data is located on SSD, not on HDD.

As far as I recall, (and as far as a quick refresher of their documents show), their test specifications are quite clear that they test hard disk drives.

3. They don't test Live CDs by booting them from different media types – it is known that some forensic live distributions alter the source data only when booting from USB HDD (and not from CD or USB Flash).

Again I'm lost. Since when does the CFTT test live CDs at all? I suddenly feel very much out of touch…

 
Posted : 11/11/2014 12:09 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?

http//www.cftt.nist.gov/disk_imaging.htm
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-40

Test Results for Digital Data Acquisition Tool Paladin 4.0
National Institute of Standards and Technology
May, 2014

This document reports the results from testing Paladin 4.0 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0, available at the CFTT Web site. Paladin 4.0 is a modified Live Linux distribution designed to simplify the process of creating forensic images in a forensically sound manner. Paladin 4.0 is designed to image, clone and restore data from hard drives and other secondary storage.

https://cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-asr-data-smart-version-2010-11-03

Test Results for Digital Data Acquisition Tool ASR Data SMART version 2010-11-03
National Institute of Standards and Technology
September, 2012

This NIJ Special Report presents the results from testing Digital Data Acquisition Tool ASR Data SMART version 2010-11-03. This document reports the results from testing the ASR Data SMART version 2010-11-03 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0.

jaclaz

 
Posted : 11/11/2014 12:54 am
thefuf
(@thefuf)
Posts: 261
Reputable Member
 

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?

https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-asr-data-smart-version-2010-11-03
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-206
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-30
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-40

 
Posted : 11/11/2014 3:35 am
athulin
(@athulin)
Posts: 1144
Noble Member
 

What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?

http//www.cftt.nist.gov/disk_imaging.htm
https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-paladin-40

Thanks … I double-checked that page, and still didn't see it. Must be getting rusty …

 
Posted : 11/11/2014 11:29 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

NIST & DCCI protocols can be used as a template to develop one's own overview for "how well [one] think each one fits the Daubert (or Frye) standard" - irrelevant of these organizations' overall productivity, or quality of their works.

I felt my response in the other thread was a reasonable answer considering it provided two answers to questions that came up in the thread, and a solution to the original post. Indeed, it did not need the editorial oops .

I welcome your constructive criticism of their protocols.

What about non-constructive criticism on the amount of tests they make? roll

http//www.forensicfocus.com/Forums/viewtopic/p=6569805/#6569805

wink

jaclaz

 
Posted : 12/11/2014 7:47 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I felt my response in the other thread was a reasonable answer considering it provided two answers to questions that came up in the thread, and a solution to the original post. Indeed, it did not need the editorial oops .

Maybe there has been a misunderstanding ? , I made the note NOT to criticize the contents of your referenced post (which I actually appreciated personally ) ), on the contrary I wanted to highlight how even non-constructive criticism may be interesting and/or appreciated.

jaclaz

 
Posted : 12/11/2014 9:57 pm
Share:
Share to...