Gaslight revisited: Efficient and powerful fuzzing of digital forensics tools

The fields of digital forensics and incident response have seen significant growth over the last decade due to the increasing threats faced by organizations and the continued reliance on digital platforms and devices by criminals. This rise has coincided with a significant and continued increase in the size, complexity, and number of digital forensic investigations that must be performed. In the past, such investigations were performed manually by expert investigators, but this approach is no longer viable given the amount of data that must be processed compared to the relatively small number of trained investigators. These resource constraints have led to the development and reliance on automated processing and analysis systems for digital evidence. Given the central role that such evidence plays in securing organizations and nations against attacks as well as in criminal and civil legal proceedings, it is necessary that such systems are developed in a robust and reliable manner. In this paper, we present our effort to develop a stress testing platform specifically tailored to assess the robustness and reliability of digital forensics tools. For our initial testing, we chose to target The Sleuth Kit framework given its prominence as both as a standalone tool as well as a programming library that is utilized by a large number of open source and commercial filesystem analysis systems. The results of our efforts were the automated discovery of many critical programming errors in The Sleuth Kit framework. (C) 2020 Published by Elsevier Ltd.