Like Bart, I also disagree that some of the most influential forensic tools are "open source". There are indeed many open sources tools such as SIFT workstation [1] and The Sleuth Kit [2]. Some forensics analysts also write their own tools and scripts to parse lesser known file formats or proprietary file formats which are not supported by the major vendors. Such tools are suitable for internal company use, for example, when investigating extent of malware infection, or when retrieving evidence of employee misconduct. Such cases rarely go to court, even if they do, it is a civil case where the burden of proof is lower and the employee does not have resources to put up a fight.
However, when dealing with criminal cases or corporate entities with deep pockets, established proprietary tools are standard practice. The US Department of Homeland Security publishes a list of tools which have undergone lab testing to ensure reliability and accuracy, almost all tools on there are proprietary tools [3]. Companies such as Guidance Software may also subject its product to FIPS certification to increase public trust [4]. Lastly, these companies also have training programs to certify analyst's skill and proficiency in using the software [5].
The Daubert standard requires that the method used in evidence preparation has to be independently tested, published, and subject to peer review. Known error rates must be determined and the method must be accepted by the community [6]. Open source tools rarely have the budget to undergo such scrutiny and testing.
A well resourced opposing counsel will not hesitate to pull all stops. They may question the reliability of the "homemade" tool, whether the analyst has used the tool correctly, and may even review the available source code to find any bug and attempt to use it to discredit the evidence collected. Hence, when much is at stake, the use of proprietary tools help eliminate almost all risk in the evidence collection and processing.
This is purely anecdotal, but I once heard that if the validity of evidence collected by Encase tools is ever called into question, Encase will fly in a technical expert to testify and defend their product without cost. I find it believable, since a single case may set a precedent which would be disastrous for future business.
[1] SANS Institute 'SIFT Workstation' https://www.sans.org/tools/sift-workstation/ accessed 25 January 2025
[2] Brian Carrier 'The Sleuth Kit' https://www.sleuthkit.org/sleuthkit/ accessed 25 January 2025
[3] US Department of Homeland Security 'Computer Forensic Tool Testing (CFTT) Reports ' https://www.dhs.gov/science-and-technology/nist-cftt-reports accessed 25 January 2025
[4] Apex Assurance Group, LLC 'FIPS 140-2 Non-Proprietary Security Policy for the Guidance Software EnCase Enterprise Cryptographic Module Version 1.0' https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp942.pdf accessed 25 January 2025
[5] Exterro, Inc, 'FTK Core' https://training.exterro.com/courses/forensic-toolkit-101-yq18 accessed 25 January 2025
[6] Daniel Garrie and J Morrissy, 'Digital Forensic Evidence in the Courtroom: Understanding Content and Quality' Northwestern Journal of Technology and Intellectual Property 12(2) (2014)