Professional Documents
Culture Documents
Digital
Forensics
BJ Gleason
Associate Professor
University of Maryland
Overview
~ Daubert criteria
• “Whether it [a scientific theory or technique] can be
(and has been) tested”
• “Whether the theory or technique has been subjected to
peer review and publication”
• “Consider the known or potential rate of error... and the
existence and maintenance of standards controlling the
technique's operation”
• “The technique is ‘generally accepted’ as reliable in the
relevant scientific community”
~ These criteria have been recognized worldwide
Open Source and Daubert
~ Testing
• Closed source relies on the vendor
~ Peer review and publication
• Open source allows more experts to examine the code
~ Error Rate
• Closed source – “Black Box” testing is not conclusive
• Open Source software were determined to be more
reliable than commercial software in a study designed
to test failure rates of software utilities
~ General Acceptance
• Used and recommended by National White Collar
Crime Center, SANS and many others
Problems with Closed Source
~ Evidence collection
• Correct legal processes
• Accepted techniques and tools
• Properly trained personnel
~ Chain of custody
~ Establishing provenance
~ Corroboration
~ Validation and Verification
Some Questions
BJ Gleason
University of Maryland
bjgleason@asia.umuc.edu
References and Websites
~ Open Source - http://www.opensource.org
~ Open Source Digital Forensics - http://www.opensourceforensics.org/
~ Carrier, Brian. Open Source Software in Digital Forensics.
http://www.digital-evidence.org/papers/opensrc_legal.pdf
~ Preservation of Fragile Digital Evidence by First Responders.
http://www.dfrws.org/2002/papers/Papers/Jesse_Kornblum.pdf
~ Incident Response Homepage - http://www.incidentreponse.org
~ Sleuthkit, Autopsy, and mac-robber - http://www.sleuthkit.org
~ Remote Data Acquisition - http://www.md5sa.com/downloads/rda
~ Foundstone tools - http://www.foundstone.com
~ Gatekeeping Out Of The Box: Open Source Software As A
Mechanism To Assess Reliability For Digital Evidence
http://www.vjolt.net/vol6/issue3/v6i3-a13-Kenneally.html
~ Helix – http://www.e-fense.com/Helix
~ GPL and other licenses - http://www.opensource.org/licenses/
~ THE FARMER’S BOOT CD - http://www.forensicbootcd.com