Authors: Yinghua Guo, Jill Slay (La Trobe University), and Jason Beckett
DFRWS USA 2009
Abstract
The process of using automated software has served law enforcement and the courts very well, and experienced detectives and investigators have been able to use their welldeveloped policing skills, in conjunction with the automated software, so as to provide sound evidence. However, the growth in the computer forensic field has created a demand for new software (or increased functionality to existing software) and a means to verify that this software is truly “forensic” i.e. capable of meeting the requirements of the ‘trier of fact’. In this work, we present a scientific and systemical description of the computer forensic discipline through mapping fundamental functions required in the computer forensic investigation process. Based on the function mapping, we propose a more detailed functionality orientated validation and verification framework of computer forensic tools. We focus this paper on the searching function. We specify the requirements and develop a corresponding reference set to test any tools that possess the searching function.