Result comparison of Experiment 2.

The proliferation of cybercriminal activities from 2023 to 2025 has highlighted the critical role of digital forensics in legal proceedings; however, resource constraints often limit access to effective investigative capabilities. Despite the technical adequacy of open-source digital forensic tools, courts typically favor commercially validated solutions because of the absence of standardized validation frameworks for open-source alternatives, creating unnecessary financial barriers to high-quality forensic investigations. This study aims to validate and enhance the conceptual open-source digital forensic framework developed by Ismail et al. (2024) to ensure the legal admissibility of evidence acquired through open-source tools. Through a rigorous experimental methodology utilizing controlled testing environments, we conducted comparative analyses between commercial tools (FTK and Forensic MagiCube) and open-source alternatives (Autopsy and ProDiscover Basic) across three distinct test scenarios: preservation and collection of original data, recovery of deleted files through data carving, and targeted artifact searching. Each experiment was performed in triplicate to establish repeatability metrics, with error rates calculated by comparing the acquired artifacts with control references. Our findings demonstrate that properly validated open-source tools consistently produce reliable and repeatable results with verifiable integrity comparable to their commercial counterparts. The enhanced three-phase framework integrating basic forensic processes, result validation, and digital forensic readiness to satisfy Daubert Standard requirements while providing practitioners with a methodologically sound approach. This study contributes significantly to digital forensics by democratizing access to forensically sound investigative capabilities without compromising legal admissibility requirements, ultimately benefiting resource-constrained organizations while maintaining the evidentiary standards necessary for judicial acceptance.

2023至2025年间网络犯罪活动的激增，凸显了数字取证（Digital Forensics）在法律诉讼中的关键作用；然而资源约束往往制约了有效调查能力的获取。尽管开源数字取证工具（Open-source Digital Forensics Tools）在技术层面具备足够可靠性，但法院通常更青睐经过商业验证的解决方案——原因在于开源替代方案缺乏标准化验证框架，这为高质量取证调查设置了不必要的财务壁垒。本研究旨在对Ismail等人（2024）提出的概念性开源数字取证框架进行验证与优化，以确保通过开源工具获取的证据具备法律可采性。本研究采用受控测试环境构建严谨的实验方法，针对三类典型测试场景开展商业工具（FTK与Forensic MagiCube）与开源替代工具（Autopsy与ProDiscover Basic）的对比分析：原始数据的留存与采集、基于数据 carving（Data Carving）技术的已删除文件恢复，以及针对性工件搜索。每项实验均重复三次以确立可重复性指标，通过将获取的工件与对照参考样本进行比对计算错误率。研究结果表明，经过恰当验证的开源工具能够持续产出可靠且可重复的结果，其可验证的完整性可与商业同类工具媲美。本研究优化后的三阶段框架整合了基础取证流程、结果验证与数字取证就绪能力，可满足多伯特标准（Daubert Standard）的相关要求，同时为从业者提供一套方法论严谨的实践路径。本研究通过在不降低法律可采性要求的前提下，为更多主体提供平等获取合规取证调查能力的途径，为数字取证领域作出重要贡献，最终使受资源约束的组织受益，同时维持司法认可所需的证据标准。