search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.36k stars 590 forks source link

Deterministic compilation #3533

Open sainslie opened 6 years ago

sainslie commented 6 years ago

Does @sleuthkit intend to implement deterministic compilation for @sleuthkit binaries?

It's important for @sleuthkit to produce accurate and consistent output and I feel it'll benefit @sleuthkit to begin implementing deterministic compilation. It'll strengthen independent authentication of @sleuthkit and alongside independent authentication of its source code in doing so.

@usnistgov has established methodologies to critique tools such as @sleuthkit alongside a plethora of procedures and criteria in its Computer Forensics Tool Testing Program (CFTT) but deterministic compilation isn't included amongst its criteria. None of the tool sets @usnistgov has catalogued implements deterministic compilation so I feel it could benefit @sleuthkit to implement it as a unique aspect and as an articulable demonstration of the benefits of deterministic compilation.

@Microsoft has a build tool set for build automation and I'd encourage consideration of deterministic compilation and implementing it alongside #3515.

marshalla99 commented 6 years ago

If you're thinking about this in the context of the requirements for accreditation to the ISO 17025 standard, you need to bear in mind that that is all about validation of individual methods, NOT verification of tools. Even if a tool can be verified, it isn't sufficient evidence of validity of the method, competence of the operator or proficiency of the organisation.

sainslie commented 6 years ago

I realise that deterministic compilation doesn't affirm the methods or corroborate the competence of practitioners or organisations but nonetheless I feel that deterministic compilation should be something @sleuthkit should consider and so too should others creating digital forensic science tool sets.

It might not be an aspect of @usnistgov processes but deterministic compilation has demonstrable benefits from a technical or scientific standpoint. I'd still encourage implementing #3515 regardless of @sleuthkit using deterministic compilation or not.

bcarrier commented 6 years ago

This is a new concept to me. What does it mean that we have to do differently?

marshalla99 commented 6 years ago

Far too much, IMHO. Even with the static binaries that you'd have to generate there are too many external factors for it to be reasonable to use the method.

If you take it to its logical extreme conclusion it requires a bundling a complete O/S and deterministic JVM in order to achieve the stated goal.