Abstract
Many digital forensic tools used by investigators were not originally designed for forensic applications. Even in the case of tools created with the forensic process in mind, there is the issue of assuring their reliability and dependability. Given the nature of investigations and the fact that the data collected and analyzed by the tools must be presented as evidence, it is important that digital forensic tools be validated and verified before they are deployed. This paper engages a systematic description of the digital forensic discipline that is obtained by mapping its fundamental functions. The function mapping is used to construct a detailed function-oriented validation and verification framework for digital forensic tools. This paper focuses on the data recovery function. The data recovery requirements are specified and a reference set is presented to test forensic tools that implement the data recovery function.
Chapter PDF
Similar content being viewed by others
References
J. Beckett and J. Slay, Digital forensics: Validation and verification in a dynamic work environment, Proceedings of the Fortieth Annual Hawaii International Conference on System Sciences, p. 266, 2007.
Y. Guo, J. Slay and J. Beckett, Validation and verification of computer forensic software tools – Searching function, Digital Investigation, vol. 6(S1), pp. S12–S22, 2009.
E. Huebner, D. Bem and C. Wee, Data hiding in the NTFS file system, Digital Investigation, vol. 3(4), pp. 211–226, 2006.
D. Hurlbut, Orphans in the NTFS world, AccessData, Lindon, Utah (www.accessdata.com/media/en_US/print/papers/wp.NT_Orphan_Files.en_us.pdf), 2005.
R. McKemmish, What is forensic computing? Trends and Issues in Crime and Criminal Justice, no. 118 (www.aic.gov.au/publications /tandi/ti118.pdf), 2002.
G. Mohay, A. Anderson, B. Collie, O. de Vel and R. McKemmish, Computer and Intrusion Forensics, Artech House, Norwood, Massachusetts, 2003.
National Institute of Standards and Technology, Computer Forensics Tool Testing Program, Gaithersburg, Maryland (www.cftt.nist.gov).
A. Pal and N. Memon, The evolution of file carving, IEEE Signal Processing, vol. 26(2), pp. 59–71, 2009.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 International Federation for Information Processing
About this paper
Cite this paper
Guo, Y., Slay, J. (2010). Data Recovery Function Testing for Digital Forensic Tools. In: Chow, KP., Shenoi, S. (eds) Advances in Digital Forensics VI. DigitalForensics 2010. IFIP Advances in Information and Communication Technology, vol 337. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15506-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-15506-2_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15505-5
Online ISBN: 978-3-642-15506-2
eBook Packages: Computer ScienceComputer Science (R0)