Court Validation and User Certification

Court Validation

For over 10 years, ILook has been utilized in numerous jurisdictions and judicial proceedings. As the standard tool for IRS Criminal Investigation for over 6 years, the toolset has more capabilities used in large white color crime cases than all other tools combined. The judicial records of many users in foreign countries have no easily searchable citations, and many in the United States, beneath a federal appeals level, are not reported in published public opinions. Therefore, the presence of the product name is not easily found in citations, regardless of the fact that the use of the tools spans the globe. ILook customer domains have primarily been used in military and intelligence capacities, neither of which are public published uses.

There are currently no vendor-specific tool certifications for any computer forensic applications cited by U.S. Supreme Court decision. The U.S. secondary courts for criminal law enforcement purposes are the circuit courts of the judicial branch of the United States. State and FederalĀ appeals court decisions regarding ILook is cited herein.

Where state court cases are cited, the precedence level in all courts is still the United States Supreme Court, the United States Court of Appeals, and the Supreme Court of a State or an Appeals Court of a State.

Two certifications from State Appeal decisions and Federal Appeal decisions are cited below :

  1. Texas vs. Hebert
    A Texas state appeals court decision, which finds, as fact, that ILook is a validated and certified computer forensics tool. The case is from July 2007.
  2. U.S. vs. Giberson
    A U.S. Court of Appeals Decision, from the 9th Federal Circuit – the only appeals decision citation for a specific computer forensics tool. The Circuit Senior Judge, J. Clifford Wallace, wrote the opinion in Giberson which overturned many Federal District Court decisions relating to search warrants and general searching of computer systems. The case is from July 2008.

User Certifications

  • ILook and IXimager hands-on instruction and certifications, have been taught by Federal Government Agencies to Foreign Governments, in both intelligence, military, and law enforcement functions and groups, and in some cases adopted as the only forensics platform for entire national agencies. The training has been conducted as “Certification Training” by Federal Agencies including the United States Treasury Department, the United States Department of Defense, the United States Federal Bureau of Investigation, and the United States Department of Justice.
  • Additionally, several thousand state and local agency LEO and related qualifying individuals have been trained to use ILook, over many years, by NW3C. NW3C used ILook and IXimager also as a teaching tool for other non-ILook related forensics classes.
  • Independent corroboration of the tools qualifications was also carried out by other federal government agencies in independent studies.
  • The IXimager has been tested by the National Institute of Standards and Technology during 2006 and 2007, and found to perform every required function, and also every optional function, without error. The use of IXimager to remove DCO and HPA areas to create encrypted image files, to NOT use or require a hardware or software Writeblocker is all documented therein.
  • NIST’s testing process sets minimum mandatory qualifications for testing, which all tools are expected to meet to attain qualification. However, NIST also tests optional conditions and capabilities where they are native to the tool being tested and are assertions of performance. ONLY IXimager succeeded where NO optional tests were omitted from the testing process. ONLY IXimager maintains a data description recognition system for missing data, bad sectors or omitted data.
  • Whether it is RAIDs, drives with DCO or HPA hidden areas, or most notably, the ability to correctly determine, the placement and location of bad sectors on a mass storage device; no product equals the precision and effectiveness of IXimager in imaging a bootable computer system. Its unique ability to boot from remote devices, USB drives, CD-ROMS, or even Floppy Disks, is unparalleled in computer forensics.
  • The NIST tests also included tests of 23 separate Writeblock devices having nothing to do directly with any other product of Perlustro, but as a standard base platform for hardware and software devices which were otherwise tested within the CFTT tool testing environment.
  • The CFTT testing process is amply described here.
  • Generally, the U.S. certification of computer forensics products does not require court certification, only court validation for use. The requirements for validation are based on generalities and may be specific to one particular case. For instance, a computer forensics expert could in fact produce his own software without any stamp of approval required, and still have it validated by a court, much like the federal rules validation of “Expert Witnesses”.
  • Where ILook and IXimager have been tested, they were found to be fully qualified in their use for their intended purposes.
  • Testing of the ILook application framework, including IXimager testing, has been performed over months and years at the following computer forensics testing groups:
    • The MITRE Corporation
    • The Defense Computer Forensics Laboratory
    • The Internal Revenue Service Criminal Investigation Division – United States Treasury Department
    • The Federal Bureau of Investigation
    • The Serious Fraud Office, United Kingdom
    • The National Security Agency, United States

For the first time, the technical capabilities of this toolset are combined in one place, one application, and one area in which the greatest majority of work in computer forensics has been focused. The combination of inbuilt capabilities and options provide unparalleled end user power.