Abstract
The field of Digital Forensics (DF) has become a centerpiece in criminal law cases where a suspect used technology to commit a crime. As such, there is a vast library of software tools available to DF practitioners. Practitioners must trust a developer’s claims that their tools execute functions as advertised due to a lack of publicly available documentation. While the likelihood that the forensic investigation tools are robust and function appropriately is high due to widespread usage, the lack of documentation for verification and validation (V+V) methodologies results in an assumed trust rather than a formally tested trust. This situation places a heavy burden on forensic laboratories as they must either assume the tool works or create their own tests. Although performing V+V tests is optimal, widely accepted tools are distributed as closed-source software (CSS). Public testing efforts, including the NIST Computer Forensic Tool Testing (CFTT) project, have released their own test reports on popular tools. Those tests, however, are accomplished from a black box approach. This research project proposes a change in that paradigm by leveraging open-source software (OSS) libraries known to be used in CSS toolkits. This goal will be explored by reviewing the Apache Lucene libraries present in major DF tools that utilize a keyword search and index function to create test case suites that glean on that source code. These tests will then be used against two OSS tools, Autopsy and IPED. Reports on these validation tests will then be generated for industry consumption. The intended outcomes for this research are twofold: (1) Fuel a change in the approach used to test CSS DF software tools; (2) Motivate private forensic tool developers to increase transparency in their V+V test and methodologies to formally increase public trust in their products.