Authors: Simson Garfinkel, Ph.D. (Naval Postgraduate School)
DFRWS USA 2012
Abstract
Writing digital forensics (DF) tools is difficult because of the diversity of data types that need to be processed, the need for high performance, the skill set of most users, and the requirement that the software is run without crashing. Developing this software is dramatically easier when one possesses a few hundred disks of other people’s data for testing purposes. This paper presents some of the lessons learned by the author over the past 14 years developing DF tools and maintaining several research corpora that currently total roughly 30TB.