2011-06-30

5 reasons why you should use open source tools for computer forensics investigations

In some ways computer forensics is a scientific process, you need to prove facts with a reproducible process.
Scientists use open source software all the time and they have good reasons that also apply for you, computer forensics.


1. The tool itself is publicly available

If another expert is called in, he can always download the tools you used and reproduce your findings without having to buy an often very expensive license for possibly a one shot third party tool.


2. The code is open.

Any doubt about the tool itself, you can show the source code and tell exactly what the software has done. You have to rely to documentation and explanations from a third party if you use closed source tools.


3. You (often) can go back in time.

Old versions are often available in public source repositories
Legal processes are really long. They can probably span several versions of any piece of software you used during your investigations. What if the publisher won't publish the old version anymore ?


4. Steps to reproduce your findings are easily documented.

Open source tools are often backed by command line tools. So in your report, you can just copy paste all the commands you used and all the outputs.
Any other expert can pop in, redo the same thing and check the output is exactly the same.


5. They are customizable and flexible

One of the mantra of linux for example is that one tool does one simple thing but does it right so you can combine them to fulfill your need.

The golden hammer never exists and sometime you miss just one little thing/feature to be able to accomplish a specific task. Open source rocks in this case, you have the source code, you can hack it to accomplish your task.

And ... why not sharing your hack back to the community ? :)