Category Archives: Class

a little less confused now.

So, I went and looked things up on my own, in regards to my last post about being a little confused on Digital Forensics and Open Source Tools. Like usual, Google is your friend.

The search term I used was: “digital forensics open source tools court approved”, without the quotes. Which returned this page: https://www.google.com/search?q=digital+forensics+open+source+tools+court+approved

I think the best line out of everything I read was:

Saying that one tool is court approved and another is not, is like saying you can take crime scene photos with a Nikon, but not a Kodak. It’s just silly, and it’s a myth perpetuated by those who seek to benefit from the existence of such a rumor.

The Digital Standard
That really does make sense. When you think about it, it is the person on the stand and their testimony that is being checked. Yes, methodology and procedure go with the testimony but why would one tool matter, as long as it gets the same results as the expert from the other side. Does it have to have all the fancy bells and whistles, or does it just have to get the job done?

One thing that has bothered me about the “No open source tools” argument is that DD for raw disk copies is acceptable. Most of the other tools doe the same work and then add compression or other bells and whistles, but really are based off it. So why is it O.K. to use some of the tools but not all.

A little confused about Digital Forensics and the tools to use

So I took Digital Forensics 1 at Eastern. The professor that taught the class owns his own forensics business. One of the things the professor kept repeating through out the semester: “You can’t use Open Source Tools for Forensics, it won’t stand up in court”. “You have to use Court approved tools, tools that the court has accepted in previous trials”.

Tonight, we started Digital Forensics 2. It’s a different professor. This one does Digital Forensics for a living as well for the Department of Justice. He said that you can use Open Source tools for Forensics, does so regularly, and testifies in court for it. This professor said there are no such thing as court approved tools, even though that Encase claims otherwise in their marketing material.

So I’m confused. Can you or can you not use Open Source tools Digital Forensics? I know there are books on the subject like Digital Forensics with Open Source Tools by Cory Altheid, but don’t know how it’s viewed over all when using Open Source tools.