EditorialEditorial - Cutting the Gordian knot: Defining requirements for trustworthy tools
Section snippets
Where we came from
In the early days of digital forensics, tools were developed to meet immediate needs, and there was little time to follow a formal software development process. Furthermore, many of the authors of these tools were digital investigators rather than professional software developers. As a result, many of the tools that we rely on are not built on a solid foundation and are not well-documented from a software development standpoint.
Over the years, software bugs in digital forensic tools continue to
ISO standards
ISO/IEC 27041 proposes a three stage process for assessing digital forensic software, using the terms Verification, Validation and Acceptance as discussed by Angus Marshall in the previous issue of this Journal (Standards, regulation & quality in digital investigations: The state we are in). This portion of the standard refers to a formal software development process. In this context, verification is a confirmation that a forensic tool conforms to its requirements specification.
A
Defining requirements
One goal of a software specification is to describe a tool’s functionality in sufficient detail to enable testers to confirm that it satisfies all of its documented requirements. Writing a testable requirement can be challenging at the best of times, but it becomes even harder when the desired behavior is not clearly defined. This situation applies to digital forensic tools in particular because the community has not developed a standardized approach to certain routine tasks.
For example, take
Competitive advantage
Software developers that provide evidence that their tool meets the requirements established by digital forensic laboratories will have a competitive advantage because digital investigators and digital forensic laboratories will favor those tools that can be evaluated objectively and thoroughly.
In addition to putting themselves in a strong position to meet emerging standards, software developers who provide verification evidence along with their tool will greatly enhance subsequent tool testing
References (0)
Cited by (2)
Standardization of file recovery classification and authentication
2019, Digital InvestigationCitation Excerpt :In addition to putting themselves in a strong position to meet standards related to digital forensics, software developers who provide verification documentation along with their tool will greatly enhance subsequent tool testing efforts. Comprehensively tested software helps find and fix bugs, reduces the risk of errors reaching the courtroom, and increases the trust in digital forensics as a discipline (Casey, 2012). The NIST Computer Forensic Tool Testing (CFTT) program developed the Federated Testing Project, to allow for more widespread testing of digital forensic tools by outside forensics laboratories.
Certificates for verifiable forensics
2014, Proceedings of the Computer Security Foundations Workshop