Week 3 Project:
Tool Testing/Validation Project:
It is very
important to test and validate your digital forensic tools before use. This not only gives you the confidence in
your tools but allows you to testify in court that your tools were working
properly before exposing important digital evidence to them. Try your hand at developing a simple testing
plan based on a specific software or hardware tool. For example, you may decide
you want to test the forensic acquisition functionality of FTK Imager (which is
available for free from http://www.accessdata.com/support/product-downloads);
you may want to visit a site that provides free forensic software tools (like http://forensiccontrol.com/resources/free-software/) and
test one you find there; or you could even choose something as simple as your
own word processing software. Pick just
ONE specific aspect of the tool you choose (such as the ability of FTK Imager
to capture physical memory, or the ability of your word processor to view a
documentâ€™s properties or metadata), and design a simple step-by-step method to
test or validate that aspects of the toolâ€™s process.
testing and validation plan is not difficult; we do this type of thing in our
daily lives all the time without knowing it. The basic question is: “How
do I know that my ______ is working properly?” That’s it… Bottom line.
For example, consider something as simple as a pair of scissors. If you were
going to test a pair of scissors, what types of question would you ask
1. What are
scissors for? Cutting, of course.
2. What could I
use them for? Of what are they capable? Cutting paper. Cutting fabric. Cutting
meat. Opening beer.
3. Could I
design a test to validate that these scissors can, in fact, cut paper? Yes.
4. What will I
need for this test? Scissors. 5 pieces of paper. About 5 minutes.
5. What action
will I take to test this function? 1) Pick up scissors. 2) Pick up paper. 3)
Open scissors. 4) Insert paper between blades. 5) Close scissors.
6. What is my
standard for a completed test? That the two blades of the scissors came
together in a scissoring motion when I closed the scissors.
7. What result
would validate that these scissors can successfully be used for cutting? The
paper was cut into two separate pieces along the points where the blades of the
8. How do I know
this isn’t a fluke or a coincidence? Repeat 4 more times. If same result, then
the ability of the scissors to cut paper is confirmed. Meaning, I can say that
I tested them, and I’d be confident using them in the future and reasonably sure
I would get the same result.
It is that
simple. Obviously, your testing of a
forensic tool should be presented in a more “official” and formal way
than just a serious of questions and short answers, but you get the idea…