Towards a validation framework for forensic computing tools in Australia
Date
2005
Authors
Wilsdon, T.W.
Slay, J.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
Proceedings of the 4th European Conference on Information Warfare and Security, 2005, pp.409-414
Statement of Responsibility
Conference Name
(11 Jul 2005 : University of Glamorgan, UK)
Abstract
This paper explores the various issues impeding the adoption of existing system administrator tools within forensic computing investigations. Before such software can be utilised it is imperative that a national standard and certification program can sanction the validity of its operation, this is with particular respect to Australian environment and legislation. Currently the various forensic computing investigation teams are utilising expensive commercial software (such as Guidance's Encase) which is legally admissible only by precedence rather than certification. Such commercial tools usually emulate other less expensive or open source tools which perform in a similar manner, thus reducing the cost of an investigation and encouraging the progression of forensic computing for civil disputes. This paper proposes the need for a program similar to that of National Institute of Standards and Technology (NIST) Computer Forensics Tool Testing program established in America to be developed within Australia. It also proposes a framework which will allow for future software developers to engineer software within this frameworks requirement to provide a standard which will hasten the time from development to approval for forensic computing tools. This is crucial in an era where specific tool development is unable to keep pace with devices being utilised to perform illegal and/or criminal activities. This research area has been discussed previously, both within Australia by Armstrong in 2003, and worldwide by Giordano & Maciag in 2002, due to a lack of standardised processes to validate forensic computing tools across jurisdictions, and criminal or civil proceedings.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright status unknown