Hello,
I'm a Digital Forensics major at Chestnut Hill college. I'm writing a research paper on computer forensic tools and the Daubert Standard and I was wondering if you guys would help me out by taking a survey about Open Source and Proprietary tools and how well you think each one fits the Daubert (or Frye) standard. Thanks!!
https://
Your survey is unlikely to give the answers you want. You focus a lot on open source versus propriety commercial software. Though that should be open source versus closed source software, IMO. Since there are a lot of free tools out there that are closed source as well.
Another point is that you do not take into account that a closed source program still can be adequately transparent to provide admissible evidence.
Take a look at DC3 DCCI and NIST and how they test software.
Take a look at DC3 DCCI and NIST and how they test software.
And how they miss important issues -)
I welcome your constructive criticism of their protocols.
Take a look at DC3 DCCI and NIST and how they test software.
And how they miss important issues -)
I welcome your constructive criticism of their protocols.
What about non-constructive criticism on the amount of tests they make? roll
http//www.forensicfocus.com/Forums/viewtopic/p=6569805/#6569805
wink
jaclaz
I welcome your constructive criticism of their protocols.
Take a look at DC3 DCCI and NIST and how they test software.
And how they miss important issues -)
1. They (NIST guys) don't test "dirty" file systems on purpose (they did only ONE test with a file system that was not unmounted properly, and got an interesting result, but they didn't repeat this in other tests) – they miss several source data modification issues when testing SMART Linux and PALADIN.
2. They don't test file systems both on HDDs and SSDs – some forensic software acts differently when evidentiary data is located on SSD, not on HDD.
3. They don't test Live CDs by booting them from different media types – it is known that some forensic live distributions alter the source data only when booting from USB HDD (and not from CD or USB Flash).
And so on.
1. They (NIST guys) don't test "dirty" file systems on purpose (they did only ONE test with a file system that was not unmounted properly, and got an interesting result, but they didn't repeat this in other tests) – they miss several source data modification issues when testing SMART Linux and PALADIN.
What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?
2. They don't test file systems both on HDDs and SSDs – some forensic software acts differently when evidentiary data is located on SSD, not on HDD.
As far as I recall, (and as far as a quick refresher of their documents show), their test specifications are quite clear that they test hard disk drives.
3. They don't test Live CDs by booting them from different media types – it is known that some forensic live distributions alter the source data only when booting from USB HDD (and not from CD or USB Flash).
Again I'm lost. Since when does the CFTT test live CDs at all? I suddenly feel very much out of touch…
What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?
http//
https://
Test Results for Digital Data Acquisition Tool Paladin 4.0
National Institute of Standards and Technology
May, 2014This document reports the results from testing Paladin 4.0 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0, available at the CFTT Web site. Paladin 4.0 is a modified Live Linux distribution designed to simplify the process of creating forensic images in a forensically sound manner. Paladin 4.0 is designed to image, clone and restore data from hard drives and other secondary storage.
https://
Test Results for Digital Data Acquisition Tool ASR Data SMART version 2010-11-03
National Institute of Standards and Technology
September, 2012This NIJ Special Report presents the results from testing Digital Data Acquisition Tool ASR Data SMART version 2010-11-03. This document reports the results from testing the ASR Data SMART version 2010-11-03 against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0.
jaclaz
What test exactly are you referring to? Don't see any test of either of those two products on their site? What am I missing?
https://
https://
https://
https://