Abstract— Formal standards, precedents, and best practices for verifying and validating the behavior of low layer network devices used for digital evidence-collection on networks are badly needed— initially so that these can be employed directly by device owners and data users to document the behaviors of these devices for courtroom presentation, and ultimately so that calibration testing and calibration regimes are established and standardized as common practice for both vendors and their customers [1]. The ultimate intent is to achieve a state of confidence in device calibration that allows the network data gathered by them to be relied upon by all parties in a court of law. This paper describes a methodology for calibrating forensic-ready low layer network devices based on the Flaw Hypothesis Methodology [2,3].
Revised: May 12, 2010 |
Published: June 20, 2007
Citation
Endicott-Popovsky B.E., and D.A. Frincke. 2007.The Observability Calibration Test Development Framework. In IEEE SMC Information Assurance and Security Workshop, IAW '07, 61-66. Piscataway, New Jersey:IEEE.PNNL-SA-54501.doi:10.1109/IAW.2007.381915