Anti-forensic implications of software bugs in digital forensic tools
Homewood, Alain Jared
MetadataShow full metadata
The digital forensic community relies on a small number of complex tools to analyse digital evidence. These digital forensic tools have greatly improved the accuracy and efficiency of investigations. However, the reliance on tools may be a weakness that can be exploited to prevent or disrupt investigations. Counter-measures to digital forensic techniques, known as anti-forensics, have typically been focussed on techniques to hide or prevent the creation of evidence. The concern of the author is that anti-forensic techniques may soon be focussed on exploiting software bugs in digital forensic tools. The tools used by the digital forensic community are complex with many different functions, which may contain software bugs. The risk of such software bugs is that digital forensic investigations could be compromised. This research evaluates the potential anti-forensic risk and implications of software bugs in digital forensic tools. This research first presents a literature review of areas of digital forensics related to anti-forensic risk such as anti-forensic techniques, tool testing methodologies and legal issues. This research then develops a suitable methodology to identify software bugs in digital forensic tools with potential anti-forensic risk. The methodology consists of six test cases designed to test various function areas of digital forensic tools for the presence of software bugs. Each test case has associated with it a number of reference sets to be used as input, which contain deliberately malformed data created through the process of file fuzzing. Acceptance spectrums ranging from “critically unacceptable” to “exceeds expectations” were developed to evaluate the anti-forensic risk caused by the identified software bugs. The research was successful in identifying a number of software bugs, the majority of which resulted in the digital forensic tools crashing. The software bugs identified were evaluated for anti-forensic risk and four test cases were determined to pose an unacceptable anti-forensic risk. Two test cases were determined to exceed expectations due to no software bugs being identified. The conclusion of the research is that software bugs in complex function areas of digital forensic tools pose an unacceptable anti-forensic risk. No critically unacceptable risks could be identified by this research. There is potential for further research into the anti-forensic implications of such software bugs.