This is the mobile-friendly web version of the original article.
Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools
Journal of Digital Forensics, Security and Law
Volume 15, Article 3
10-27-2020
Ian M. Kennedy
The Open University, ian.m.kennedy ‘at’ open.ac.uk
Blaine Price
The Open University
Arosha Bandara
The Open University
Video: Open University 101: Beginners guide to studying with open university
Recommended Citation Kennedy, Ian M.; Price, Blaine; and Bandara, Arosha (2020) “Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools,” Journal of Digital Forensics, Security and Law: Vol. 15 , Article 3. DOI: https://doi.org/10.15394/jdfsl.2020.1691 Available at: https://commons.erau.edu/jdfsl/vol15/iss2/3
This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of Scholarly Commons. For more information, please contact [email protected].
ABSTRACT
Following a series of high profile miscarriages of justice in the UK linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008. The main objective of this role is to improve the standard of practitioner competencies and forensic procedures. One of the key strategies deployed to achieve this is the push to incorporate a greater level of scientific conduct in the various fields of forensic practice. Currently, there is no statutory requirement for practitioners to become accredited to continue working with the Criminal Justice System of England and Wales. However, the Forensic Science Regulator is lobbying the UK Government to make this mandatory. This paper focuses on the challenge of incorporating a scientific methodology to digital forensic investigations where malicious software (‘malware’) has been identified. One aspect of such a methodology is the approach followed to both select and evaluate the tools used to perform dynamic malware analysis during an investigation. Based on the literature, legal, regulatory, and practical needs, we derive a set of requirements to address this challenge. We present a framework, called the ‘Malware Analysis Tool Evaluation Framework’ (MATEF), to address this lack of methodology to evaluate software tools used to perform dynamic malware analysis during investigations involving malware and discuss how it meets the derived requirements.
Keywords: malware forensics, digital forensics, tool testing, expert evidence, trust, requirements
Table of contents
- 1. INTRODUCTION
- 2. BACKGROUND AND RELATED WORK
- 3. REQUIREMENTS FOR CONDUCTING MALWARE FORENSICS
- 4. DESIGN OF THE FRAMEWORK
- 5. DISCUSSION
- 6. CONCLUSIONS AND FURTHER WORK
- 7. REFERENCES