
doi: 10.1109/imf.2011.11
We introduce a first common evaluation scheme for forensic software. Therefore, we investigate potential attacks on forensic software to derive preliminary attacker models. We use the Federal Rules of Evidence and the Daubert Challenge of the US jurisdiction to investigate the legal fundamentals for forensic software and to show tendencies for other countries. Furthermore, current approaches for the validation and verification of forensic software are summarized. Subsequently, our proposed evaluation scheme is used for the exemplary evaluation of the forensic duplication application dcfldd and the forensic toolkit EnCase Forensic. Furthermore, it is used to create a preliminary framework for the development of forensic software. The formalization of our evaluation scheme classifies the forensic application according to the model of the forensic process of Kiltz et al. This scheme is intended to be extensible and to support the benchmarking of forensic applications.
| selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | 3 | |
| popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network. | Average | |
| influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | Top 10% | |
| impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network. | Average |
