Digital Forensic Tools Validation: The Software Engineering Principles Approach

By

CHAPTER 3: METHODOLOGY APPROACH1

Aim1

Objectives1

Forensic Requirements Categories1

Forensic Requirements Specification2

Test Assertions3

Test Cases4

Test Method4

Risks to Digital Memory5

CHAPTER 4: DISCUSSION ANALYSIS7

Overview7

A call for standards-errors in forensic science8

Standards8

Adoption of Digital Forensics in an Archival Context10

Network Forensic Analysis Tools13

CHAPTER 5: RESULTS22

The digital forensics models22

Digital forensics and accreditation23

Challenges for digital forensic laboratory accreditation24

Education24

Validation and verification of tools25

Digital Conservation, Digital Archaeology28

Admissibility of digital evidence30

Digital Wiretaps32

CHAPTER 6: CONCLUSION37

Emerging Problems37

Computer Forensic Science39

Recovering and Discovering Information41

Examining Computer Evidence47

Authentication of Evidence49

Information-Assurance Services50

Information Assurance Applied to Digital Evidence51

Digital Video Evidence System52

REFERENCES54

CHAPTER 3: METHODOLOGY APPROACH

Aim

To develop a set of appropriate software engineering principles for digital forensics tools' development.

Objectives

To review literature to determine current state of validation of digital forensics tools.

To identify the current lapses and limitations in these validation procedures.

To investigate the strengths and weaknesses of various software engineering principles with particular focus on their influence on digital forensic tools.

To determine the software engineering principles most suitable for the development of digital forensics tools.

To examine and identify the software engineering principles that are currently employed in the development of digital forensic tools

To ascertain the efficiency of the developed set of principles, by comparing them with current digital forensic tools validation frameworks.

Forensic Requirements Categories

Digital forensics is associated in many people's minds primarily with the investigation of crime. However, it has also emerged in recent years as a promising source of tools and approaches for facilitating digital preservation and curation, specifically for protecting and investigating evidence from the past. This report provides a broad overview of digital forensics with pointers to resources and tools that may benefit the preservation of digital cultural heritage. More specifically, the report focuses on the application of digital forensics to the curation of personal digital archives. Personal digital archives are very complex: the diversity of objects and intricacy of their structural relationships present significant challenges to curation.

The nature of personal digital archives reflects both the evolution of technology and its associated social and political impact. Almost anything may appear in a personal digital archive, from emails and poet's drafts, through an astronomer's datasets, to digital workings of the mathematician, and notes of the political reformer. Forensic procedures tested and developed in this context may well be transferable to other areas of digital preservation and scholarship. With their diverse content, organization and ancestry, personal digital archives are the epitome of unstructured information and may serve as a test bed for refining forensic techniques in a curatorial context, as well as being an invaluable primary source of information for analysis..

Forensic Requirements Specification

The current emphasis on automation in digital forensic research is of particular significance to the curation of cultural heritage, where this capability is increasingly essential in a digital universe that continues to expand exponentially. Current research is directed at handling large volumes efficiently and effectively using a variety of analytical techniques. Parallel processing, for example, through purpose-designed Graphics Processing Units (GPUs), and high performance computing can assist processor-intensive activities such as full search and indexing, filtering and hashing, secure deletion, mining, fusion and ...