Digital Forensic Investigator -- Court approved tools
-
During the course, Sean often refers to tools that are "Court approved" or something like that. I assume that these tools have been used in court and accepted. Is there a comprehensive list of these tools (even a partial list would be good)? How can I find out if I tool is "Court Approved". I like the hashing tool Fsum (http://www.slavasoft.com/fsum/index.htm), is there a way to find out if this is court approved (This is a general question, not specific to Fsum. However specific info on Fsum would be nice).
Thank you for your time
Dan Long, CISSP -
There really isn't a list of court approved tools. It's more about producing forensically sound data, which means given a set of data, another investigator should be able to generate the same results, with another tool. Using a tool that has been used in court before might make it easier to prove that it produces forensically sound results, may be more familiar to the judges and attorneys, and less likely to be called into question. But it still comes down to the investigator being able to prove the results gathered using the tool are valid and reproducable. It's kind of like saying a crime scene photo will only be accepted if it was taken with a Kodak camera.
I will check with Sean and see if he has any more information on the subject.
Hope this helps,
Mike