Inconsistent Tool Performance Impacts Evidence

Digital forensic tools are relied upon to collect evidence for the investigation report and potential submission to legal processes for scrutiny and use. These tools vary widely in their origins. Some standardised tools have become more acceptable than others, and other non-standardised tools less so. The result is that public confidence has been built around consistent acceptance of evidence that has been produced by particular tools. A big debate rages around open source tools and proprietary tools, as to which is the more reliable. In practice proprietary tools have greater acceptance but may not be able to do all the tasks required for evidential extraction in particular situations. The evolving nature of information technology and the innovation of many different data presentation and storage types, such as social networking, cloud, and the Internet of things, is exacerbating the necessity of mixing open source tools with proprietary tools. Regardless of the tools being used we have observed in laboratory testing that different versions of the same tool can provide different evidence from the same target source.

Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.