Elsevier

Digital Investigation

Volume 8, Issues 3–4, February 2012, Pages 145-146
Digital Investigation

Editorial
Editorial - Cutting the Gordian knot: Defining requirements for trustworthy tools

https://doi.org/10.1016/j.diin.2012.02.001Get rights and content

Section snippets

Where we came from

In the early days of digital forensics, tools were developed to meet immediate needs, and there was little time to follow a formal software development process. Furthermore, many of the authors of these tools were digital investigators rather than professional software developers. As a result, many of the tools that we rely on are not built on a solid foundation and are not well-documented from a software development standpoint.

Over the years, software bugs in digital forensic tools continue to

ISO standards

ISO/IEC 27041 proposes a three stage process for assessing digital forensic software, using the terms Verification, Validation and Acceptance as discussed by Angus Marshall in the previous issue of this Journal (Standards, regulation & quality in digital investigations: The state we are in). This portion of the standard refers to a formal software development process. In this context, verification is a confirmation that a forensic tool conforms to its requirements specification.

A

Defining requirements

One goal of a software specification is to describe a tool’s functionality in sufficient detail to enable testers to confirm that it satisfies all of its documented requirements. Writing a testable requirement can be challenging at the best of times, but it becomes even harder when the desired behavior is not clearly defined. This situation applies to digital forensic tools in particular because the community has not developed a standardized approach to certain routine tasks.

For example, take

Competitive advantage

Software developers that provide evidence that their tool meets the requirements established by digital forensic laboratories will have a competitive advantage because digital investigators and digital forensic laboratories will favor those tools that can be evaluated objectively and thoroughly.

In addition to putting themselves in a strong position to meet emerging standards, software developers who provide verification evidence along with their tool will greatly enhance subsequent tool testing

References (0)

Cited by (2)

  • Standardization of file recovery classification and authentication

    2019, Digital Investigation
    Citation Excerpt :

    In addition to putting themselves in a strong position to meet standards related to digital forensics, software developers who provide verification documentation along with their tool will greatly enhance subsequent tool testing efforts. Comprehensively tested software helps find and fix bugs, reduces the risk of errors reaching the courtroom, and increases the trust in digital forensics as a discipline (Casey, 2012). The NIST Computer Forensic Tool Testing (CFTT) program developed the Federated Testing Project, to allow for more widespread testing of digital forensic tools by outside forensics laboratories.

  • Certificates for verifiable forensics

    2014, Proceedings of the Computer Security Foundations Workshop
View full text