Can computer forensic tools be trusted in digital investigations?
Saved in:
| Title: | Can computer forensic tools be trusted in digital investigations? |
|---|---|
| Authors: | Bhat WA; Faculty of Computer & Information Systems, Islamic University of Madinah, Saudi Arabia; Department of Computer Sciences, University of Kashmir, India. Electronic address: wab.cs@uok.edu.in., AlZahrani A; Faculty of Computer & Information Systems, Islamic University of Madinah, Saudi Arabia. Electronic address: a.alzahrani@iu.edu.sa., Wani MA; Department of Computer Sciences, University of Kashmir, India. Electronic address: ahtishamwani@gmail.com. |
| Source: | Science & justice : journal of the Forensic Science Society [Sci Justice] 2021 Mar; Vol. 61 (2), pp. 198-203. Date of Electronic Publication: 2020 Oct 28. |
| Publication Type: | Journal Article; Research Support, Non-U.S. Gov't |
| Language: | English |
| Journal Info: | Publisher: Elsevier Country of Publication: England NLM ID: 9508563 Publication Model: Print-Electronic Cited Medium: Internet ISSN: 1876-4452 (Electronic) Linking ISSN: 13550306 NLM ISO Abbreviation: Sci Justice Subsets: MEDLINE |
| Imprint Name(s): | Publication: London : Elsevier Original Publication: Harrogate, North Yorkshire, UK ; Middlesex, NJ : The Society, c1995- |
| MeSH Terms: | Forensic Medicine* , Forensic Sciences*/methods, Computers ; Crime ; Humans |
| Abstract: | This paper investigates whether computer forensic tools (CFTs) can extract complete and credible digital evidence from digital crime scenes in the presence of file system anti-forensic (AF) attacks. The study uses a well-established six stage forensic tool testing methodology based on black-box testing principles to carry out experiments that evaluate four leading CFTs for their potential to combat eleven different file system AF attacks. Results suggest that only a few AF attacks are identified by all the evaluated CFTs, while as most of the attacks considered by the study go unnoticed. These AF attacks exploit basic file system features, can be executed using simple tools, and even attack CFTs to accomplish their task. These results imply that evidences collected by CFTs in digital investigations are not complete and credible in the presence of AF attacks. The study suggests that practitioners and academicians should not absolutely rely on CFTs for evidence extraction from a digital crime scene, highlights the implications of doing so, and makes many recommendations in this regard. The study also points towards immediate and aggressive research efforts that are required in the area of computer forensics to address the pitfalls of CFTs. (Copyright © 2020 The Chartered Society of Forensic Sciences. Published by Elsevier B.V. All rights reserved.) |
| Contributed Indexing: | Keywords: Anti-forensics; Black-box testing; Computer forensic tools; File systems; Forensics |
| Entry Date(s): | Date Created: 20210319 Date Completed: 20220414 Latest Revision: 20220414 |
| Update Code: | 20250114 |
| DOI: | 10.1016/j.scijus.2020.10.002 |
| PMID: | 33736854 |
| Database: | MEDLINE |
Full Text Finder 
Nájsť tento článok vo Web of Science Be the first to leave a comment!