Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.3.165

Reliability Verification of Evidence Analysis Tools for Digital Forensics  

Lee, Tae-Rim (Interdisciplinary Program of Information Security, Pukyong National University)
Shin, Sang-Uk (Interdisciplinary Program of Information Security, Pukyong National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.3, 2011 , pp. 165-176 More about this Journal
Abstract
In this paper, we examine the reliability verification procedure of evidence analysis tools for computer forensics and test the famous tools for their functional requirements using the verification items proposed by standard document, TIAK.KO-12.0112. Also, we carry out performance evaluation based on test results and suggest the way of performance improvement for evidence analysis tools. To achieve this, we first investigate functions that test subjects can perform, and then we set up a specific test plan and create evidence image files which contain the contents of a verification items. We finally verify and analyze the test results. In this process, we can discover some weaknesses of most of analysis tools, such as the restoration for deleted & fragmented files, the identification of the file format which is widely used in the country and the processing of the strings composed of Korean alphabet.
Keywords
Reliability verification; Evidence analysis tools; Digital forensics; Computer forensics;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 김건우, 홍도원, "고속 디지털 포렌식 기술," 한국정보보호학회, 정보보호학회 논문지, 제19권 제5호, pp.45-51, 2009년 10월.
2 한국정보통신기술협회, "컴퓨터 포렌식을 위한 디지털 데이터 수집도구 검증," 표준번호: TTAK. KO-12.0075, 2008년 12월.
3 한국정보통신기술협회, "컴퓨터 포렌식을 위한 디지털 증거 분석도구 요구사항," 표준번호: TTAK.KO-12.0081, 2008년 12월.
4 National Institute of Justice, "Forensic Examination of Digital Evidence: A Guide for Law Enforcement," NIJ Special Report, April 2004.
5 Brian Carrier, "Open Source Digital Forensics Tools : The Legal Argument," @stake Research Report, 2002.
6 Computer Forensic Reference Data Sets (CFReDS) Project, http://www.cfreds. nist.gov/
7 Digital Forensic Tool Testing Images(DFTTI), http://dftt.sourceforge.net/
8 한국정보통신기술협회, "컴퓨터 포렌식을 위한 디지털 데이터 수집도구 요구사항," 표준번호: TTAK.KO-12.0057, 2007년 12월.
9 NIST CFTT, "Forensic String Searching Tool Requirements Specification," Public Draft 1 of Version 1.0, January 24, 2008.
10 NIST CFTT, "Deleted File Recovery Tool Specification," Draft for SC Review of Version 1.0, January 19, 2005.
11 Computer Forensics Tool Testing(CFTT) Project, http://www.cftt.nist.gov/
12 Anthony Reyes and Jack Wiles, The Best Damn Cybercrime and Digital Forensics Book Period, Syngress, Oct. 2007.
13 손정환, 김귀남, "국내 디지털 포렌식 기술 현황과 발전 방안," 한국사이버테러정보전학회, 정보보안 논문지, 제5권 제1호, pp.11-18, 2005년 3월.
14 한국정보통신기술협회, "컴퓨터 포렌식을 위한 디지털 증거 분석도구 검증," 표준번호: TTAK.KO- 12.0112, 2009년 12월.
15 길연희, 홍도원, "디지털 포렌식 기술과 표준화 동향," TTA Journal, IT Standard & Test, No.118, pp.75-81, 2008년 8월.
16 Amber Schroader and Tyler Cohen, Alternate Data Storage Forensics, Syngress, May. 2007.
17 Albert J. , Marcella, Menendez and Doug, Cyber Forensics:A Field Manual for Collecting, Examing, and Preserving Evidence of Computer Crime, CRC Press, Aug. 2007.