| In order to present digital evidence in court, one must prove that a series of legal standards were met when said evidence was collected or generated. In order for an open source software tool to meet these standards, the tool must be reviewed in the following ways: the tool's source code must be reviewed and must reflect the author(s) claims as to what the tool does and no more; the tool must be compiled and sandboxed to confirm the binary's functionality; and the tool must be stress tested to confirm consistency of output. These three steps will be accomplished during the course of this paper which will provide a general template applicable to any OSS tool. The tool will be compiled and tested inside of a sandbox to ensure that no suspicious processes are run, and no suspicious ports are opened, etc. The tool will then be tested in extreme conditions i.e. on huge, tiny, corrupted, encrypted, or illegitimate files and the resultant output will be evaluated. The goal is to equip an investigator with documentation that can be used in court to prove the legitimacy of the tool and its methods. The investigator will then learn how the tool works and when it doesn't. This understanding as well as the documentation backing up the tool will shield the investigator from common legal attacks levied from the other side of the bench. Keywords: Cybersecurity, Professor Cynthia Gonnella, open source forensic tools, Daubert standard, PDFiD. |
