Tool validation
Earlier, we discussed potential attacks on you, your exam, and your findings. The opposing counsel will focus on how you did the exam and what tools you used to perform the exam. Your ability to mitigate the opposing counsel attacks is directly related to your preparation and the documentation you created during the exam. Being aware and following best practices is critical in your ability to successfully defend your actions. How do you do this? By continuing your education. The field is always changing, and you have to keep aware of those changes. Â
The level of detail can easily overwhelm new digital forensic investigators as they need to know how to mitigate the opposing counsel's attack successfully. While you need not know the specific programming or code a particular tool uses, you need to know where the artifact found by the tool is located within the filesystem/operating system so you can adequately explain it as you testify or create your report...