Yes, there really is a CSI effect. In the digital forensics program at Norwich University in Vermont, a version of the CSI effect is alive and well. For the third year in a row, students in my computer forensic class have produced this month's Group Test for digital forensic tools.
Norwich is nearly unique among American universities in that it is a Center of Academic Excellence in both information assurance and digital forensics. For this month's testing, the students team up in pairs and put the tools and software through their paces and then write the reviews. That is what you now have in front of you, and our hope is that you will enjoy this issue as much as readers have in prior years. What we find most interesting about the students – who work under my close supervision – is that they are really tough reviewers.
The students team up in pairs and put the tools and software through their paces and then write the reviews. That is what you now have in front of you, and our hope is that you will enjoy this issue as much as have readers in prior years. What we find most interesting about the students – who work under my close supervision – is that they are really tough reviewers. This year's batch of products really tasked them, though. We saw some of the best products that we ever have seen in this field. That, and the diversity of product types, made differentiation very difficult, even for this tough jury.
| “It was, overall, a very good year for forensic tools. Each tool was a stellar example of its individual sub-genre and made excellent review fodder.” – Peter Stephenson, technology editor, SC Magazine |
The test environment is very complete. There is a lab consisting of 11 Dell forensic workstations, each with twin screens. The lab does not connect to the outside world. Instead, it connects to the virtual clusters that make up the Norwich University Center for Advanced Computing and Digital Forensics virtual lab system, a cluster of four VMware servers. Hardware appliances can be installed neatly in the Center with a direct connection into the lab on the two-server cyber weapons range cluster, and traffic then can be generated in the virtual environment so that the network forensic appliances have something to look at.
The end result is that the tools and software really get a workover, and the results in the following pages show that. It was, overall, a very good year for forensic tools. Each tool was a stellar example of its individual sub-genre and made excellent review fodder.
Because the students were working with me this month, we gave SC Lab Manager Mike Stephenson the month off. The students all are upperclass and many are in their last semester. For me, working with these students requires close supervision, but no interference. Also, I want to thank the companies that participated this month. Your products were strong and your support of this new tradition is appreciated.
So, begin this month's reviews by determining your requirements and then find a product that fits your needs. Some of the products here are sufficiently unique that even if you haven't planned on buying the particular type of product, you may well start thinking once you see the value.
