Friday, 16 March 2012

Are digital forensics tools forensically sound?

I think almost every hard core IT users experienced software bugs. I myself had gone through it several times.


Every software development isn’t perfect. Some were deployed and sold inrush. As a result, it got poor feedbacks from the end users.

Why is this happening?

I think it has become a “standard” for the users to be part of the testing mechanism (the best way).

This is not part of the deal. The users are supposed to get a complete product. They are the customers. They paid and bought the item so that it performs accordingly.

In regard to Digital Forensics, I read an article by Carrier [1] titled “Open Source Digital Forensics Tools The Legal Argument” and I think it is relevant.

It relates back to my contention as I start writing this topic.

Well, in any legal proceeding you are bound to explain on the reliability of tools being used in your digital forensics work.

In any of the digital forensics processes, be it identification, preservation or analysis, a digital forensics practitioner will need a tool to ease their work.

Without a tool, the work can be very tedious (I totally agree about this).

But, are the digital forensics tools forensically sound?

You don’t know isn’t?

Unless the tools behaving weirdly and giving outrages results. If not it is quite difficult to notice it.

Furthermore, it is going to be extremely tough when the court ask you (expert witness) if the tools being used were forensically sound.

You might need to refer to NIST/others if the answer is available. If not, you are in trouble.

So, even though the open source tools are “free” and you can download it at anytime doesn’t mean it is substandard. Above all, with the source code availability; the open source tools might give you better assurance then the closed source tools (anyone can run through and improves the codes). This is the argument written in Carrier’s paper and it is a good read for digital forensics communities.

That’s why I highly encourage digital forensics practitioners/researchers to do some coding on their own or to study the open source tools source code. You will learn a lot from it.

For the closed source, I hope more third parties (e.g. NIST) would be able to conduct rigorous testing and provide some references (for assurance) to us, the digital forensics practitioners/researchers.

If not the software bug or glitch issue will be the main line of argument in the court of law.

[1] B.Carrier. “Open Source Digital Forensics Tools The Legal Argument.” Internet: http

Wednesday, 7 March 2012

Is research in digital forensics getting harder?

There is no need for me to introduce some of the prominent digital forensics research communities i.e. DFRWS unless you are really unfamiliar with digital forensics subject or you are totally from other profession.

It is known DFRWS has been established for more than ten years. Its vast contribution in digital forensics research is priceless. If you read the DFRWS literatures from year 2001 and up until the recent publications, you are able to notice the progress of research quality. It is indeed beneficial for the digital forensics communities.

For those who are new and want to start their interest in digital forensics research, I would recommend them to visit DFRWS website and read the free downloadable literatures or you can subscribe to a database e.g. ScienceDirect. This is important for you to get some ideas on the development, standard, writing method, activities and for you to choose a research topic.

Interesting isn’t? Mmm…, well, it depends.

When you finish doing some information gathering, most probably you would hesitate to venture into it or do not know where to begin (I had received some enquiries on which topic to pick up for their PhD). Not easy yeah…!


It is no longer ten years back. This field of research is getting crowded with the world best digital forensics researchers, mostly from the United States of America, Australia and Europe (sorry if I miss someone from other country…I’ve read your literatures…almost anything about digital forensics…and getting more headache).

To worsen the situation, some of the renowned personalities such as Brian Carrier (his book is a must for every digital forensics analyst), Simson Garfinkel, Jill Slay et al. and all in DFRWS recently are writing a much more complicated papers. And, the world best researchers are writing more and more papers…(I know in the academia there is a saying "write or perish". I wish I could reverse the “timestamp” and go back to the practitioner world but what the heck…everybody has their own problem and challenges…pray to god there is light at the end of digital tunnel).

So, it is going to be harder for a newbie to penetrate this so called “market”.

I’m not demotivating you but this is a reality. The Golden Age of computer forensics is coming to an end, as said by Garfinkel [1] (read his paper to get some insights). I guess it applies in research and practice.

Not only digital forensics research is getting harder but as a practitioner, you are in dilemma in each day of your work. Computer is ubiquitous, cloud computing, small electronic devices, terabytes hard disk and the list goes on and on…

Sometimes I was hoping the late Steve Jobs or Bill Gates would design their products to have digital forensics features. With the touch of a button, the required digital evidence is acquired in a forensically sound manner.

With the above facts, do you agree digital forensics research is getting harder?

If yes, we need to do something about it.

[1] S.Garfinkel. “Digital forensics research: The next 10 years.” The Journal of Digital Investigation, vol. 7, pp. 64-73, 2010.