DFB Methodology

1. The gap

Existing forensic tool testing (NIST CFTT, CFReDS, DFRWS challenges, vendor CTFs) is largely static, recall-only and predates AI agents. None of them stratify cases by anti-forensics difficulty, and crucially none measure soundness: a tool's resistance to planted false evidence. As anti-forensics proliferates and autonomous AI agents enter casework, the field lacks a reproducible, adversarial, soundness-aware benchmark. DFB fills that gap.

2. The model

A challenge is a forensic artifact, a hidden ground-truth question set with objective answers, an automatic grader, an anti-forensics level and a version hash. Ground truth is generated in an instrumented VM: we play out the scenario under full recording, so every action is logged and the answer key is authoritative. All data is synthetic.

3. Anti-forensics stratification (AF-0..AF-4)

4. Scoring: the soundness signature

• Recall. Difficulty- and AF-weighted sum of correct findings.
• Soundness (precision). TP / (TP + FP). Reporting a planted false trail as real, or claiming to recover the genuinely unrecoverable, is heavily penalized.
• Confidence calibration. Tools report confidence; overconfident wrong answers are penalized further.
• AF-Resilience. The anti-forensics level at which a tool's accuracy collapses.
• Court-grade output. Not just answers: a structured forensic report (findings, evidence, methodology) is graded for defensibility.

Certification tiers: Bronze, Silver, Gold and DSET Forensics Certified, issued as a cryptographically verifiable badge.

5. Experiment: the apparatus