Validation and verification of computer forensic software tools-Searching Function

The process of using automated software has served law enforcement and the courts very well, and experienced detectives and investigators have been able to use their well-developed policing skills, in conjunction with the automated software, so as to provide sound evidence. However, the growth in the computer forensic field has created a demand for new software ( or increased functionality to existing software) and a means to verify that this software is truly "forensic'' i.e. capable of meeting the requirements of the 'trier of fact'. In this work, we present a scientific and systemical description of the computer forensic discipline through mapping fundamental functions required in the computer forensic investigation process. Based on the function mapping, we propose a more detailed functionality orientated validation and verification framework of computer forensic tools. We focus this paper on the searching function. We specify the requirements and develop a corresponding reference set to test any tools that possess the searching function. (C) 2009 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved.