Professional Documents
Culture Documents
Digital
Forensics
BJ Gleason
Associate Professor
University of Maryland
Overview
~ Daubert criteria
Whether it [a scientific theory or technique] can be
(and has been) tested
Whether the theory or technique has been subjected to
peer review and publication
Consider the known or potential rate of error... and the
existence and maintenance of standards controlling the
technique's operation
The technique is generally accepted as reliable in the
relevant scientific community
~ These criteria have been recognized worldwide
Open Source and Daubert
~ Testing
Closed source relies on the vendor
~ Peer review and publication
Open source allows more experts to examine the code
~ Error Rate
Closed source Black Box testing is not conclusive
Open Source software were determined to be more
reliable than commercial software in a study designed
to test failure rates of software utilities
~ General Acceptance
Used and recommended by National White Collar
Crime Center, SANS and many others
Problems with Closed Source
~ Evidence collection
Correct legal processes
Accepted techniques and tools
Properly trained personnel
~ Chain of custody
~ Establishing provenance
~ Corroboration
~ Validation and Verification
Some Questions
BJ Gleason
University of Maryland
bjgleason@asia.umuc.edu
References and Websites
~ Open Source - http://www.opensource.org
~ Open Source Digital Forensics - http://www.opensourceforensics.org/
~ Carrier, Brian. Open Source Software in Digital Forensics.
http://www.digital-evidence.org/papers/opensrc_legal.pdf
~ Preservation of Fragile Digital Evidence by First Responders.
http://www.dfrws.org/2002/papers/Papers/Jesse_Kornblum.pdf
~ Incident Response Homepage - http://www.incidentreponse.org
~ Sleuthkit, Autopsy, and mac-robber - http://www.sleuthkit.org
~ Remote Data Acquisition - http://www.md5sa.com/downloads/rda
~ Foundstone tools - http://www.foundstone.com
~ Gatekeeping Out Of The Box: Open Source Software As A
Mechanism To Assess Reliability For Digital Evidence
http://www.vjolt.net/vol6/issue3/v6i3-a13-Kenneally.html
~ Helix http://www.e-fense.com/Helix
~ GPL and other licenses - http://www.opensource.org/licenses/
~ THE FARMERS BOOT CD - http://www.forensicbootcd.com