Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: monne642
New Today: 1
New Yesterday: 2
Overall: 29618

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 How much can be found?
 Computer Forensic in responding to Data Breach issues
 A bunch of numbers about digital evidences collection
 Computer forensic issue
 A Survey on the Internet of Things Digital Forensic Research

Computer Forensics World Forums


Pages Served
We received
58156253
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - How to get Court Presidence on Forensic Software?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How to get Court Presidence on Forensic Software?

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues
View previous topic :: View next topic  
Author Message
xaberx
Newbie
Newbie


Joined: Apr 15, 2008
Posts: 15

PostPosted: Tue Nov 17, 2009 10:05 am    Post subject: How to get Court Presidence on Forensic Software? Reply with quote

I have been developing Forensic Software for quite some time now, I now have a complete forensic toolkit. As I draw near to completing my application I will need to have my software tested in the field and undergo scrutiny of the prosecution to have it stand up in court, is there any method to have my software undergo these test to become Certified for forensic investigations? I am familiar with several people in the local BCI, Should I contact them to test it alongside programs like FTK for use in court to validate its performance?




Brief Overview of the Application
- Tested for High performance Carving and string searching of Large Images
- Provides File system Analysis such as Thumbs.db files, Internet History, P2P File analysis, File Search with Hashing abilities, Recycle Bin Analysis(both Vista + XP + 7) , Windows Prefetch.
- Write Protection through USB
- Clone Drives, Wipe Drives, Image, etc
- Forensic Automation and Removal of Known Benign files(based on Nist Databases)



Thanks for any guidance on this matter

Ryan Manley
Xabersoft
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Tue Nov 17, 2009 1:13 pm    Post subject: Reply with quote

I think the perception that the "big boys" are somehow certified by the courts does a disservice to other developers. Harlan Carvey writes many useful programs that are not really certified, and unless you read his books are probably not well known.

The one program of his I use regularly is RegRipper. At best all I have had to do is explain the use for the program.

I am sure someone in Richfield or London would use your tool.
Back to top
View user's profile
athulin
Newbie
Newbie


Joined: Oct 19, 2007
Posts: 241

PostPosted: Tue Nov 17, 2009 6:37 pm    Post subject: Reply with quote

PreferredUser wrote:
I think the perception that the "big boys" are somehow certified by the courts does a disservice to other developers.


I'm of the opposite opinion: the concept that there should be thorough and impartial testing at some stage is a very bracing thought, and should be encouraged.

It's unfortunate that such testing far too seldom is done.

If a tool that came with a test design, and test cases, and perhaps even test protocols -- that is a tool I would tend to trust enough to take on for a test.

Somewhere or other I once found an excellent test suite for tar archives (a German project, I think). Of course I tried it out on archive unpackers, AV-software, forensic viewers, etc., with rather disappointing results. That kind of perverse delight in creating tests that crashed so many tar unpackers/viewers is just what the area of computer forensic software needs a bit more of. Even some of the big boys seem to have an very relaxed attitude to quality assurance.
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Tue Nov 17, 2009 10:26 pm    Post subject: Reply with quote

athulin wrote:
I'm of the opposite opinion: the concept that there should be thorough and impartial testing at some stage is a very bracing thought, and should be encouraged.
I guess I was not clear in my comments. I agree that there should be a way to test and validate software. My comment was that there is some perception that only the few "major" products are the only tools certified by the courts thus stifling development by smaller vendors. The courts do not certify anything. The courts are presented with the results of what an examiner has performed, how it was performed and the tools used to perform the work, then a ruling is made to accept or reject the evidence/testimony. The courts never say, Tool 2.0 is not worthy because it crashes too often and may not produce valid, repeatable results, however Tool 3.0 looks promising.
Back to top
View user's profile
xaberx
Newbie
Newbie


Joined: Apr 15, 2008
Posts: 15

PostPosted: Thu Nov 19, 2009 2:31 am    Post subject: after asking arouind Reply with quote

I spoke with my Professor yesterday whom is involved in HTCIA, It is true that the courts do not certify a program, just the evidence they produce. I guess im looking for some testers to use my application alongside FTK to prove that the evidence it produces is accurate and usable in court. Developing software and gaining this kind of testing is discouraging but since I have been working on this program for over 2 years i will see it through. The only concern I have is my program has a faster carving engine than FTK and ran faster on less resources. which may cause some concern if it is really as accurate as the big boys(even though my program often found more files )

1TB on FTK 3 would take 19.5 hrs on a Core i7 Quad core 16gb Ram

I did a 1TB on 8gb of ram AMD X2 Dual Core (running Windows 7) in 13hrs

I have a sight concern that if my program proves faster than the big boys than speculation will occur on the vailidty of the evidence...so i guess the best way to verify it is to have testers in the field.

Thanks everyone for the advice sofar.
Back to top
View user's profile
dthstker
Newbie
Newbie


Joined: Aug 05, 2008
Posts: 82
Location: Colorado

PostPosted: Thu Nov 19, 2009 12:56 pm    Post subject: Reply with quote

I have been a beta tester for several forensic products including FTK, and would be willing to test your software.

email me at dthstker @ yahoo and I'll provide you more information and try to help if I can.

DL
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.