StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Validation of Forensic Tools and Software - Coursework Example

Cite this document
Summary
The paper "Validation of Forensic Tools and Software"  explains how the tools are validated and the information required in a tool validation report. A forensic tool validation report focuses on how the report could be used to support the findings of a forensic examination.
 
             …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95% of users find it useful
Validation of Forensic Tools and Software
Read Text Preview

Extract of sample "Validation of Forensic Tools and Software"

Forensic Tools Forensic tools Forensic tools are used in investigating security issues in various ways. One can use them to collect information in a research. It can also used in the evaluation of software in order to find out their effectiveness in performing an attack or defense. The tools are mostly useful by forensic examiners and attorneys. This report explains the importance of validating forensic tools. It also explains how the tools are validated and the information required in a tool validation report. A summary of a forensic tool validation report has also been provided in the paper with the focus on how the report could be used to support the findings of a forensic examination. a. Why forensic tools need to be validated The tools need to be validated to ensure reliability (Brunty, 2011). They are highly trusted by the community that deals with legal issues. For instance, judges highly trust forensic tools the way scientists trust scientific processes to make their study results consistent and verifiable. Forensic tools should not be used as scientific processes because they are not scientific in nature. They have to be validated before being used. Validation enables the legal community to match a forensic tool with the nature of investigation and types of data to be collected. The validation is also important because it increases one’s confidence when using the tools. The process is vital when giving evidence in court that the tools used are effective before presenting the digital proof. Validation increases the competitiveness of a forensic examiner. Without it, the reputation of even the most experience examiner can be destroyed. Validation of the tools is also necessary because it ensures repeatability. When using the same tool, one should be able to obtain the same results after conducting the same test. This proves that the information presented in the tools is of high quality (Evans, Bond & Bement, 2004). In addition, validation ensures reproducibility when using the tools. This means that when using the tools one can obtain the same results even if the same tests are carried out in different settings. b. Organizations that undertake the validation of forensic tools One of the organizations that undertake the validation of the tools is the National Institute of Standards and Technology (NIST) (NSRL, 2001). This organization conducts various projects in laboratories. The aim of the organization entails establishing methodologies for testing the effectiveness of the forensic tools. For instance, the organization develops the tools specifications and tests sets. It also identifies the general test procedure and standards. The results of the projects conducted by the organization helps the tool users to improve their tools and make effective decisions. The organization also has projects that help with the identification of reference data. The process is vital because it prevents the tool users from using many review files. An additional organization that deals with the validation process is the National Institute of Justice (NIJ). Among the aims of the organization includes setting of technical standards for the technologies used in forensic issues. The organization also provides new solutions in order to improve the quality and processes of forensic science (NIST, 2013). The other organization that deals with the tool validations is the Technical Support Working Group (TSWG). The organization uses similar procedures used in NIST when testing and validating the tools. The organization also supports the validation process by funding the NIST projects. c. The processes and tests used to validate forensic tools The initial process of validating the tools is the development of plan (Brunty 2011). This involves defining the functions of the tools. This process also involves creating a clear outline of the steps used in the testing process and the tools required in each step. During the process, one should also identify the tests that will be used in the evaluation process. For instance, for the tests used in validating forensic imaging tools, the tests should include those that determine the effectiveness of the tool in authenticating baseline image. One can get information about the functions of the tools from the sources found in NIST departments. The departments have validation reports of the tools. The reports can be helpful at this stage since they provide guidance on drafting of internal protocols. The plan should contain information such as the type of tool, the testing manufactures, and the intervals of conducting the test. The next validation process is the creation of controlled information set (Brunty 2011). This is usually the most complicated part of the validation process. It involves putting in place devices and baseline images that will be used in the process. The stage also involves performance of acquisitions and recording of each of the data added to the areas of the tool. This helps in the validation of the basic tools. Examples of basic tools may include hard drive and mobile phones depending on the types of tools to be validated. Apart from self-built baseline images, one may obtain more information from other published disk images. The subsequent step after creating and testing the baseline images should be the documentation of the image contents. Another process includes carrying out the test in a specific setting. This involves conducting internal validity tests of the tools used in the test (Watson & Jones, 2013). This process helps in confirming if the tools are repeatable and reproducible. One should avoid using validation reports from other laboratories. Carrying out one’s validation test enhances the integrity of the evidence while protecting one’s credibility. An additional process entails comparing the test findings with the known and expected results for further validation (Brunty 2011). The comparison process should be done based on the standards of the tool as specified by the validation organizations. In order to ensure that the tools are valid, the test must be repeatable. This should be after conducting at least three tests. In addition, one should ensure that the test is reproducive by comparing the test results with those performed in other settings. This can be done using the peer reviews. d. Information contained in forensic tool validation reports A validation report is usually divided into several parts depending on the procedures for testing an item. One of the contents of part A of forensic validation report is the test plan and design (NIST, 2014). This includes a description of the tool to be tested. This includes the function of the tool and the specific functions to be tested. The report also contains methodologies that were used in testing. The first part also contains a description of a controlled environment in which the test was carried out. This should include a description of the primary tools used in the test. For instance, one should specify the hardware and software used in the test. The second part of the report contains the variances and anomalies. Variances and anomalies are the expected finding of a test and the actual finding (Jansen & Delaitre, 2009). It is also the difference between the findings of a test and the finding in peer reviews. The third part of the report is the summary of the results. This part the report contains a description of observations made during and after the test. For instance, observation made on the repeatability of tests should be made. The inconsistencies of the test should be clearly specified at this stage. This part of the report also contains actual results of the test. e. How a forensic tool validation report could be used to defend the findings in a report of a forensic examination A forensic tool validation report shows the result of the effectiveness of tool in conducting an investigation (Liu, Singhai & Wijesekera, 2012). The report is an effective way through which examiners communicate their findings to requesters. They can defend or attack the results of forensic examination depending on the findings of a test. For instance, if the report shows that test was reputable, the report can defend the effectiveness of the tool. However, the inconsistency of the test can be used examiners to support their arguments against the use of a specific tool in conduction the investigation. The report also helps forensic examiners to know the relevance of the tool to the case (Carroll, Brannon & Song, 2008). This means that forensic examiners can know if the tool will give the best results in the case investigation by analyzing the report. The report also gives forensic examiners the confidence to defend a finding since it gives them enough information about a forensic tool. Without the report, examiners would not be very sure about the reliability of the tools. Defending or attacking the finding using a report as evidence makes examiners to sound more convincing. f. Summary of a NIST forensic tool validation report a. Overview of the tool This is a validation report of Forensic Software Testing Support Tools (FS-TST 2.0). The forensic software helps with testing the tools for disk imaging which is used when carrying out investigations (NIST, 2005). It also helps forensic examiners compare disk pairs, and alterations in disk contents. The tool also initializes disks drives. b. How the tool was tested The tool was tested for its effectiveness in performing it functions (NIST, 2005). The test was conducted in a controlled environment that was the National Institute of Standards and Technology (NIST). The test included interaction of the software with MS-DOS operating system. Testing of the supporting tools was also done. The hardware used in the test included the host computers and hard disk drives (NIST, 2005). The software used was Disk Editor VERSION 8.0 and Partition Magic version 6.0. c. Results of the testing The results showed that apart from only two programs that showed inconsistency, other tools passed the test. There were also no anomalies observed in the test. The code review report also shows that all results of the tests were valid. Conclusion Validation is important because it ensures that the forensic tools used in carrying out specific investigations are reliable and accurate. In addition, it helps in increasing the quality of the investigation results. Forensic examiners should create reports after conducting the validation tests so that they will be used to attack and defend the findings of forensic examinations. The validation of forensic tools can only be conducted by trusted organizations. An example of such organizations is the National Institute of Standards and Technology (NIST). Such organization set standards for the procedures and methodologies of the forensic tool s tests. They also create reports of the validation tests. An example of such reports includes one for FS-TST 2.0 that indicates the effectiveness of the tools used in initializing and detecting changes in disk drives. References Brunty, J. (2011). Validation of forensic tools and software: A quick guide for the digital forensic examiner. Digital Forensic Investigator. Retrieved from: http://www.dfinews.com/articles/2011/03/validation-forensic-tools-and-software-quick- guide-digital-forensic-examiner Carrol, O., Brannon, S. & Song, T. (2008). Computer forensic. United States Attorneys, 56 (1). Retrieved from: http://www.justice.gov/usao/eousa/foia_reading_room/usab5601.pdf Evans, D. Bond, J. & Bement, A. (2004). PDA Forensic tools: An overview an Analysis. Retrieved from: http://csrc.nist.gov/publications/nistir/nistir-7100-PDAForensics.pdf Jansen, W. & Delaitre, A. (2009). Mobile forensic reference materials: A methodology and reification. Retrieved from: http://csrc.nist.gov/publications/nistir/ir7617/nistir-7617.pdf Liu, C., Singhai, A. & Wijesekera, D. (2012). A model towards using evidence from security events for network attack analysis. Retrieved from: http://www.nist.gov/itl/upload/WOSIS_2014_with-NIST-comments.pdf National Software Reference Library. (2001). Computer forensics Guidance. NSRL. Retrieved from: http://www.nsrl.nist.gov/itlbulletin.html NIST. (2005). FS-TST 2.0: Forensic software testing support tools. Retrieved from: http://www.cftt.nist.gov/diskimaging/fs-tst%20B%20report.pdf NIST. (2013). Welcome to the computer forensic toll testing (CFTT) Project Web Site. Retrieved from: http://www.cftt.nist.gov/ NIST. ( 2014). CFTT Methodology overview. Retrieved from: http://www.cftt.nist.gov/Methodology_Overview.htm Watson, D., & Jones, A. (2013). Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Forensic Tools Research Paper Example | Topics and Well Written Essays - 1750 words”, n.d.)
Forensic Tools Research Paper Example | Topics and Well Written Essays - 1750 words. Retrieved from https://studentshare.org/information-technology/1659066-forensic-tools
(Forensic Tools Research Paper Example | Topics and Well Written Essays - 1750 Words)
Forensic Tools Research Paper Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/1659066-forensic-tools.
“Forensic Tools Research Paper Example | Topics and Well Written Essays - 1750 Words”, n.d. https://studentshare.org/information-technology/1659066-forensic-tools.
  • Cited: 0 times

CHECK THESE SAMPLES OF Validation of Forensic Tools and Software

Case Projects in Computer Forensics

The validation of forensic tools is conducted to verify that they did not alter, add or delete any of the original data.... In order to determine the validity of the findings in question, it is vital to determine from the police investigator the exact procedure he/she took as well as all the forensic tools he/she used in examining the computer data.... Preservation entails forensic copy, verification, write protection and media sanitation while analysis involves the processes of searching, file rendering, data recovery, decryption, file identification, processing, temporal data, and process automation (Guo et al 2009, pp....
3 Pages (750 words) Essay

Forensic Software Testing Support Tools (FS- TST)

This paper ''Forensic software Testing Support Tools (FS- TST)'' explains the measures and procedures that the software tools should follow to perform its functions effectively, for instance the function of copying and also the imaging of the hard disk drives.... Loading of the testing software……………………………….... 2 Introduction Quality insurance is the process of testing the functionality, effectiveness, and detection of any defects of a computer software....
10 Pages (2500 words) Research Proposal

Interest in Computer Forensics

Expect the training to be a pretty even mix of Computer Science (Operating Systems, Programming, and software) along with several semester hours in law (Business and Criminal Law, procedures, ethics, etc.... Part 2 Almost every occupation has an organization dedicated to its betterment and computer forensics is no exception, for theirs is The International Society of forensic Computer Examiners (ISFCE).... Honestly WinHex was a software program I had never heard of....
4 Pages (1000 words) Essay

Organizations Digital Investigation Process

The second stage involves application of different forensic tools to retrieve data from the computer memory.... Analysis The data flow diagram above show a simplified process of forensic investigation.... The tools used should enable the CFA to retrieve deleted data from the recycle bin.... Before the information is analyzed, the forensic expert should check the accuracy, integrity and...
5 Pages (1250 words) Essay

Organizations digital investigation process

The purpose of the paper “Organization's digital investigation process” is to examine digital investigation as the process of preserving, collecting, validating, identifying, analyzing, interpreting, documenting, and presenting of digital evidence from digital sources.... hellip; The author explains that digital investigations for an organization differ to digital investigation for law enforcement because of the procedure adopted....
5 Pages (1250 words) Essay

Quality Insurance of the Forensic Software Testing Support Tools

inally, the test plan ought to define the test tools and also the requirements that are necessary to conduct the FS-TST tests.... The following test plan for the software of forensic software testing support tools, FS-TST, has to fulfill the objective of detailing the main activities that are necessary for the preparation and for conducting the testing of the FS-TST.... The paper " Quality Insurance of the Forensic software Testing Support Tools" proposes a test plan for the project on the development of a hard disk drive" a summary of the quality insurance objectives as well as the quality metrics,  the areas of the application that will be undergoing testing....
11 Pages (2750 words) Term Paper

Current and Future Cybercrime Threats

The paper "Current and Future Cybercrime Threats" highlights that the members of the task force will be required to work as a team and also partner with the public as well as other federal agencies and private organizations so that it can accomplish its mission of fighting the cybercrime menace.... hellip; In order to help the tax force to carry out its duties, some legislation will have to be passed at the state level to facilitate the fight against cybercrime in St Louis County....
10 Pages (2500 words) Coursework

Assessing Forensics Tools

To ensure that the results of a forensic examination are authentic, proper testing, analysis, and validation of the technology used in building the systems are very crucial (Hunt & Zeadally, 2012).... Further it also applicable in the drafting stage of the software.... This essay "Assessing Forensics tools" presents computer forensics that is a very particular field of computing dealing with acquiring information that will be as evidence on handling cases related to administrative issues, criminal and civil....
1 Pages (250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us