Lessons Learned Writing Computer Forensics Tools and Managing a 30TB Digital Evidence Corpus
Abstract
Writing digital forensics (DF) tools is difficult because of the diversity of data types that
needs to be processed, the need for high performance, the skill set of most users, and the
requirement that the software run without crashing. Developing this software is
dramatically easier when one possesses a few hundred disks of other people's data for
testing purposes. This paper presents some of the lessons learned by the author over the
past 14 years developing DF tools and maintaining several research corpora that currently
total roughly 30TB.
Description
DFRWS 2012, Aug. 6-8, 2012, Washington, DC.
The article of record as published may be found at http://dx.doi.org/10.1016/j.diin.2012.05.002
Refereed Conference Paper