KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Digital Forensics Tool Evaluation -- Data Acquisition

Domain:Digital Forensics

Status: Active

Contact Person(s): Shuja Ahmed , Shahzad Saleem

Tool evaluation is a process aiming at measuring the capability, functionality, and stimulating that users achieve the required results. It is sometimes used to verify the reliability, correctness and usability of the system. The process can be handy to find either the tool delivers the complete required functionality or not. In tool evaluation process we have a defined test plan having different types of test cases and test assertions (developed by NIST). A test assertion can be described as “a verifiable condition or logic” used to check one aspect of the system. While testing a specific tool, two or more test assertions can be applied depending on the features of the tool but not necessarily applying all the assertions and cases to a single tool. In the past decade NIST has tested multiple digital forensics tools of different categories under their project CFTT which is a joint project of NIJ, U.S department of justice and NIST. They generate detailed reports having every aspect of the tool usage corresponds to particular tool tested in a phase, and also made publicly available at https://cyberfetch.org.

This project has a wide range of scope while there is a continuously development in digital forensics tools, we have to assure that our tools work properly, produce reliable and efficient results. In this project some open source data acquisition tools will be evaluated on the basis of test specification and test plan developed by NIST which are not previously tested. The results of our test would provide information that is necessary and useful for tool developers to review and improve their tools, for applicable users to make their choice i.e. choose any tool which seems to be a right one for them, and for law enforcement, legal community and others to understand the capabilities and potential functionalities of the tools.