1、Designation:E301615Standard Guide forEstablishing Confidence in Digital Forensic Results by ErrorMitigation Analysis1This standard is issued under the fixed designation E3016;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year o
2、f last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 This guide provides a process for recognizing anddescribing both errors and limitations associated with toolsused to supp
3、ort digital forensics.This is accomplished byexplaining how the concepts of errors and error rates should beaddressed in digital forensics.It is important for practitionersand stakeholders to understand that digital forensic techniquesand tools have known limitations,but those limitations havediffer
4、ences from errors and error rates in other forensicdisciplines.This guide proposes that confidence in digitalforensic results is best achieved by using an error mitigationanalysis approach that focuses on recognizing potential sourcesof error and then applying techniques used to mitigating them,incl
5、uding trained and competent personnel using tested andvalidated methods and practices.2.Referenced Documents2.1 ISO Standard:2ISO/IEC 17025 General Requirements for the Competenceof Testing and Measurement Laboratories2.2 SWGDE Standards:3SWGDE Model Quality Assurance Manual for Digital Evi-denceSWG
6、DE Standards and Controls Position PaperSWGDE/SWGIT Proficiency Test Program GuidelinesSWGDE/SWGIT Guidelines&Recommendations forTraining in Digital&Multimedia Evidence3.Significance and Use3.1 Digital forensics is a complex field that is heavily relianton algorithms that are embedded in automated t
7、ools and usedto process evidence.Weaknesses or errors in these algorithms,tools,and processes can potentially lead to incorrect findings.Indeed,errors have occurred in a variety of contexts,demon-strating the need for more scientific rigor in digital forensics.This guide proposes a disciplined appro
8、ach to mitigatingpotential errors in evidence processing to reduce the risk ofinaccuracies,oversights,or misinterpretations in digital foren-sics.This approach provides a scientific basis for confidence indigital forensic results.3.2 Error rates are used across the sciences to explain theamount of u
9、ncertainty or the limitation of a given result.Thegoal is to explain to the reader(or receiver of the result)theconfidence the provider of the result has that it is correct.Manyforensic disciplines use error rates as a part of how theycommunicate their results.Similarly,digital forensics needs tocom
10、municate how and why there is confidence in the results.Because of intrinsic difference between the biological andchemical sciences and computer science,it is necessary to gobeyond error rates.One difference between chemistry andcomputer science is that digital technology is constantlychanging and i
11、ndividuals put their computers to unique uses,making it infeasible to develop a representative sample to usefor error rate calculations.Furthermore,a digital forensicmethod may work well in one environment but fail completelyin a different environment.3.3 This document provides a disciplined and str
12、ucturedapproach for addressing and explaining potential errors anderror rates associated with the use of digital forensic tools/processes in any given environment.This approach to estab-lishing confidence in digital forensic results addresses Daubertconsiderations.4.Background4.1 Digital forensic pr
13、actitioners are confident in the abilityof their methods and tools to produce reliable conclusions;however,they often struggle to establish their confidence on ascientific basis.Some forensic disciplines use an error rate todescribe the chance of false positives,false negatives,orotherwise inaccurat
14、e results when determining whether twosamples actually come from the same source.But in digitalforensics,there are fundamental differences in the nature ofmany processes that can make trying to use statistical errorrates inappropriate or misleading.1This guide is under the jurisdiction of ASTM Commi
15、ttee E30 on ForensicSciences and is the direct responsibility of Subcommittee E30.12 on Digital andMultimedia Evidence.Current edition approved May 1,2015.Published June 2015.DOI:10.1520/E3016-15.2Available from American National Standards Institute(ANSI),25 W.43rd St.,4th Floor,New York,NY 10036,ht
16、tp:/www.ansi.org.3Available from the Scientific Working Group on Digital Evidence(SWDGE),https:/www.swgde.org.Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959.United States1 4.2 The key point to keep in mind is the difference betweenrandom errors and systematic errors.Random errors are basedin natural processes and the inability to perfectly measurethem.Systematic errors,in contrast,are caused by imperfectimplementations.Digital forensics being based