The Association of Digital Forensics, Security and Law (ADFSL)


The growth in the computer forensic field has created a demand for new software (or increased functionality to existing software) and a means to verify that this software is truly forensic i.e. capable of meeting the requirements of the trier of fact. In this work, we review our previous work---a function oriented testing framework for validation and verification of computer forensic tools. This framework consists of three parts: function mapping, requirements specification and reference set development. Through function mapping, we give a scientific and systemized description of the fundamentals of computer forensic discipline, i.e. what functions are needed in the computer forensic investigation process. We focus this paper on the functions of media preparation, write protection and verification. Specifically, we complete the function mapping of these functions and specify their requirements. Based on this work, future work can be conducted to develop corresponding reference sets to test any tools that possess these functions.


Alfred J. M., Paul C. O., and Vanstone S. A., (2001) “Handbook of Applied Cryptography”, Fifth printing, CRC Press.

Jason B., and Jill S., (2007) “Digital Forensics: Validation and Verification in a Dynamic Work Environment”, Proceedings of the 40th Annual Hawaii International Conference on System Sciences, Hawaii.

Brian C., (2005) “File System Forensic Analysis”, Addison-Wesley Upper Saddle River, New York.

Brian C., (2009) “Digital Forensics Tool Testing Images”, http://dftt.sourceforge.net/, Sep. 1 2009.

Charlie K., Radia P., and Speciner M., (2002) “Network Security: Private Communication in a Public World”, Second Edition. in computer networking and distributed systems, Prentice Hall PTR.

Garfinkel S.L., and Shelat, A. (2003), “Remembrance of data passed: a study of disk sanitization practices”, IEEE Security and Privacy, Vol.1 (Issue 1): Page 17-27.

George M., Alison A., Byron C., Olivier D. V., and Rodney M., (2003) “Computer and intrusion forensics”, Artech House, Boston.

Yinghua G., Jill S., and Jason B., (2009), “Validation and verification of computer forensic software tools--Searching Function”, Digital Investigation, Vol. 6: PageS12-S22.

Yinghua G., and Jill S., (2010) “Data Recovery Function Testing for Computer Forensics Investigation Tools”, Advances in Digital Forensics VI (Springer, 2010).

Gutmann P., (1996), “Secure Deletion of Data from Magnetic and Solid-State Memory” http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html, June 2007

Hosmer C., (2002) “Proving the Integrity of Digital Evidence with Time,” International Journal of Digital Evidence Vol.1 (1).

Hughes G. F., Coughlin, T., and Commins D. M., (2009), “Disposal of Disk and Tape Data by Secure Sanitization,” IEEE Security and Privacy, Vol.7 (Issue 4): Page 29-34.

Kissel R., Scholl M., Skolochenko S., and Li X., (2006), “Guidelines for media sanitization”, NIST SP 800-88.

NIST, (2009) “Computer Forensics Tool Testing (CFTT)”, www.cftt.nist.gov, Oct. 11 2009.

Rodney M., (1999) “What is Forensic Computing?”, Australian Institute of Criminology, Trends and Issues Technical Report.

Wright C., Kleiman D., and Shyaam S. R. S., (2008). “Overwriting Hard Drive Data: The Great Wiping Controversy”, Lecture Notes in Computer Science (Springer Berlin / Heidelberg).

Roubos D., Palmieri L., Kachur R. L., Herath S., Herath A., and Constantino D., (2007). “A study of information privacy and data sanitization problems: student paper”, Journal of Comput. Small Coll. 22, 4 (Apr. 2007), 212-219.




To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.