This paper points out many key aspects of digital forensics, with the goal of ensuring that research seeking to advance the discipline will have the highest possible adoption rate by practitioners.
Many technical mechanisms across computer security for attribution, identification, and classification are neither sufficient nor necessary for forensically valid digital investigations; yet they are often claimed as useful or necessary. Similarly, when forensic research is evaluated using the viewpoints held by computer security venues, the challenges, constraints, and usefulness of the work is often misjudged. The authors of the current paper enumerate general legal and practical constraints placed on forensic investigators that set the field apart. The authors point out the assumptions, often limited or incorrect, made about forensics in past work, and discuss how these assumptions limit the impact of contributions. (Publisher abstract provided)