athulin wrote:
Though I think I disagree somewhat (only somewhat, mind) with the statement that validation isn't possible with closed source: it's possible to cook up hostile testing data to stress the tools in question.
I find the original statement a little more subtle:
Quote::
Since it’s closed source, the community at large can’t validate the tools either. If investigators aren’t doing their homework to individually validate the artifacts on every case (and subsequently provide feedback to the software manufacturer), the consequences could mean bolding and underlining is mine.
A closed source, commercial only (and possibly additionally LE only) tool has definitely less users (as sheer numbers) and thus less chances to be run on "random" or simply "more" data and more people, and there are of course less chances that a bug (if any) is found.
I read it more like a way to say (not entirely without reason) that the forensic investigators should be more proactive (or less lazy <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" /> , it depends on whether you see the glass half full or half empty) and that the makers of the software (of course not all, but a few of them surely) could be more careful in the tests and more reactive to reports.
jaclaz
↧