Horsman Graeme, Lyle James R
Teesside University, United Kingdom.
National Institute of Standards and Technology, United States.
Forensic Sci Int Digit Investig. 2021 Sep;38. doi: 10.1016/j.fsidi.2021.301264. Epub 2021 Jul 29.
As the digital forensic field develops, taking steps towards ensuring a level of reliability in the processes implemented by its practitioners, emphasis on the need for effective testing has increased. In order to test, test datasets are required, but creating these is not a straightforward task. A poorly constructed and documented test dataset undermines any testing which has taken place using it, eroding the reliability of any subsequent test results. In essence, given the time, effort and knowledge required to generate datasets, the field must guide those carrying out this task to ensure that it is done right at the first instance without wasting resources. Yet, there are currently few standards and best practices defined for dataset creation in digital forensics. This work defines three categories of dataset which typically exist in digital forensic - tool/process evaluation datasets, actions datasets and scenario-based datasets, where the minimum requirements for their creation are outlined and discussed to support those creating them and to help ensure that where datasets are created, they offer maximum value to the field.
随着数字取证领域的发展,为确保该领域从业者所实施的流程具有一定程度的可靠性而采取的措施不断增加,对有效测试的需求也日益凸显。为了进行测试,需要测试数据集,但创建这些数据集并非易事。构建不佳且记录不全的测试数据集会破坏使用它所进行的任何测试,削弱任何后续测试结果的可靠性。从本质上讲,考虑到生成数据集所需的时间、精力和知识,该领域必须指导执行这项任务的人员,以确保首次就把它做好,避免资源浪费。然而,目前数字取证中针对数据集创建所定义的标准和最佳实践很少。这项工作定义了数字取证中通常存在的三类数据集——工具/流程评估数据集、行动数据集和基于场景的数据集,概述并讨论了创建它们的最低要求,以支持创建这些数据集的人员,并有助于确保在创建数据集时,它们能为该领域提供最大价值。
