The NIST Computer Forensics Tool Testing Program

575 Words2 Pages
bulb-icon

Recommended: Importance of forensic evidence

In order for computer forensics findings to be admissible in a court of law, the tools and methods used to collect such data must ensure its integrity. According to Marie-Helen Maras (2012), “As with other forms of evidence, the original captured network traffic data must be kept intact. An investigator must ensure that any programs that are run to obtain evidence do not modify data on the system” (p.286). The National Institute of Standards and Technology (NIST) maintains the Computer Forensics Tool Testing (CFTT) program to help investigators choose the appropriate tools for this purpose. Program Overview NIST has established a methodology for the testing of computer forensics tools in order to assist law enforcement and other investigators in choosing the proper forensics tools which will consistently produce legally admissible court evidence. Among the test criteria for forensic tools are; “general tool specifications, test procedures, test criteria, test sets, and test hardware” (NIST, n.d.). The program is endorsed by the NIST Law Enforcement Standards Office and the US Department of Homeland Security (DHS) (NIST, n.d.). The CFTT program allows investigators to choose forensics tools which have already been tested and verified to be sufficiently accurate to be legally appropriate, which saves investigators from the need to test their own tools from scratch in an effort to validate acceptable ones, a process that might jeopardize court cases when tools are found to be insufficient during an investigation. Disk Imaging and Deleted File Recovery In the 2012 CFTT booklet, NIST lists detailed results for nineteen tested disk imaging programs. Each program tested has an overview of the general findings and what specific condi... ... middle of paper ... ...he appropriate tools are for the investigation at hand, rather than proceeding with a trial and error approach which is likely to produce undesirable investigative results. References Maras, M. (2012). Computer Forensics: Cybercriminals, Laws, and Evidence. Sudbury. Jones and Bartlett Learning LLC. National Institute of Standards and Technology. (2009). Active File Identification & Deleted File Recovery Tool Specification. Retrieved March 23, 2014 from http://www.cftt.nist.gov/DFR-req-1.1-pd-01.pdf National Institute of Standards and Technology. (2012). Computer Forensics Tool Testing Handbook. Retrieved March 23, 2014 from http://www.cftt.nist.gov/CFTT-Booklet-Revised-02012012.pdf National Institute of Standards and Technology. (n.d.). Welcome to the Computer Forensics Tool Testing (CFTT) Project Web Site. Retrieved March 23, 2014 from http://www.cftt.nist.gov/

Show More
Related

  • 1.07 Forensic Evidence

    823 Words  | 2 Pages

    Other evidence located within the grave consisted of a generic watch, two cigarette butts, a button, a washer and a shell casing. All of these could be analysed for finger prints and DNA. The cigarette butts would also show a serial number indicating the brand (shown in Figure 3), which can be useful if it is found a victim or offender smokes a particular type of cigarette.

    Read More

  • Synopsis of Anatomy of a Murder Movie

    1814 Words  | 4 Pages

    Gardner, T. J., & Anderson, T. M. (2013). Criminal evidence: Principles and cases (8th ed.).

    Read More

  • Thesis Presentations

    850 Words  | 2 Pages

    On Wednesday, November 16, 2011, Katherine Stang, Aresh Kabirnavaei, and Andrew Roller, all students in the Master’s of Forensic Science program gave thesis presentations to the Forensic Seminar Class. The following paragraphs will summarize each topic.

    Read More

  • Using Forensic Science to Identify Criminals

    1906 Words  | 4 Pages

    Rape, murder, theft, and other crimes almost always leave a devastating mark on the victim. More often than not, it would be impossible to identify the perpetrator a crime without forensic science and the technology it uses. Forensic science allows investigators to unmask the secrets of the crime scene. Evidence gathered at the crime scene helps to identify the guilty party, murder weapon, and even the identity of the victim (Harkawy, 1991: 276). The new technologies enables the forensic experts to have better and faster access to accumulated information, to be more accurate in the identification of victims or delinquents, and minimizes the possibility of wrongful accusations. New technology has improved the methods and techniques that forensic scientists and law enforcement investigators use, in order to provide a safer environment for other people. Information technology is one of the most important aspects in forensic science. It is very important for the forensic experts to receive the undisturbed evidence, such as fingerprints left at the crime scene, as quickly as possible, for more accurate readings. Thus using space technology, such as satellite communication, enables the forensic experts to "gather and digitize evidence at the crime scene, enter it into an on-site computer, and beam the data to a crime lab for swift analysis" (Paula, 1998: 12). Therefore, due to the use of this technology, forensic experts in laboratories can examine the evidence in short time, and the possibility of damage or unlawful manipulation of the evidence before the trial is minimal (Paula, 1998: 12). More often than not, "criminals" wear gloves at the time of the crime, thus to obtain a fingerprint...

    Read More

  • Serial Killers and Criminal Justice

    929 Words  | 2 Pages

    “Advance in Forensics Provide Creative Tools for Solving Crimes.” www.ctcase.org. Np. n.d. Web. 17 March 2014.

    Read More

  • Use of Technology in Police Departments

    1310 Words  | 3 Pages

    Technology has opened new encounters and opportunities for the criminal justice system. There are so many new practices of criminal activity, such as computer crimes. There are different types of computer crimes that many people become victims of every day. Computer crime is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target ("Computer Crime: Chapter 2: What Are the Crimes?", n.d.). Crimes such as data diddling, pump and dump, social engineering and spoofing are computer crimes. Even though these crimes are difficult by privacy issues, the new technology has made investigations and prosecutions well organized and effective. Though views are different on the pros and cons of specific technological changes in the criminal justice system, there is an agreement the system has changed affectedly ("Effects of Technology in Criminal Justice | eHow", n.d.).

    Read More

  • Photoshop: Posting Pictures on The Media

    1117 Words  | 3 Pages

    Jost, Kenneth. "Examining Forensics." CQ Researcher Online. N.p., 17 July 2009. Web. 29 Apr. 2014. . How criminals can use photoshop to eliminate evidence

    Read More

  • Essay On DNA

    1193 Words  | 3 Pages

    No matter what the case, forensic science has monumentally changed criminal investigation. From computer technology to fingerprint analysis, forensic science has played a key role in thousands of cases. The partnership between the law and forensic sciences has changed the justice system like no other investigative tool: the intelligence provided by this technology is instrumental for both exonerations and convictions alike.

    Read More

  • Digital Forensic Analysis

    522 Words  | 2 Pages

    In conclusion, I understand in digital forensics when copying a bit by bit of a hard drive the examiner must use a write blocker, either software or hardware to avoid possibility of accidentally damaging the evidence contents. After imaging is completed the forensic examiner will have a generated hash value of the bit by bit copy of the evidence hard drive. This hash value (dіgitаl fіngerprіnt) is important to digital forensic because it shows the integrity of all evidence is maintained and to avoid tampering or spoliation. So my question is this, how can we say the integrity of the client's forensic image evidence is not tainted when we know for a fact that the client's computer was filled with malware infections (Trojan)? In my opinion by the time the examiner started investigating the client's hard drive all the

    Read More

  • Anatomy of a Murder: Four Expert Witnesses

    1469 Words  | 3 Pages

    Gardner, T. J., & Anderson, T. M. (2013). Criminal evidence: Principles and Cases (8th ed.).

    Read More

  • Computer Forensic Tools

    895 Words  | 2 Pages

    The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.

    Read More

  • Data Acquisition

    1744 Words  | 4 Pages

    Live acquisition: The future of data acquisitions is shifting toward live acquisitions because of the use of disk encryption with newer operating systems (OSs). In addition to encryption concerns, collecting any data that’s active in a suspect’s computer RAM is becoming more important to digital investigations. The processes and data integrity requirements for static and live acquisitions are the same. The only shortcoming with live acquisitions is not being able to perform repeatable processes, which are critical for collecting digital evidence.

    Read More

  • What Is Digital Forensics And Digital Evidence?

    1557 Words  | 4 Pages

    What did they do ? Before we talk about it any further, we have to know some definitions that we use in digital forensics and digital evidence, not only two of them but the others too. This chapter will explain about it . Before we talk about it any further, we have to know the definition of what we are talking about. In the introduction we already know what digital forensic and digital evidence shortly are. In this chapter, we will more explore what they are, and some state that we found when we search about digital forensic and digital evidence. Computer forensics is a broad field and applied to the handling of crimes related to information technology. The goal of computer forensic is to securing and analyzing digital

    Read More

  • Processing a Crime Scene

    1194 Words  | 3 Pages

    Gaensslen, R. E., Harris, H A., & Lee, H. (2008). Introduction to Forensic Science and Criminalistics. New York, NY: The McGraw-Hill Companies, Inc. .

    Read More

  • Forensic Science History Essay

    836 Words  | 2 Pages

    Forensic science has now been recognized as an important part of the law enforcement team to help solve crimes and cold cases. The advances in technology are being used each day and we must continue to strive to develop better advances in this field. The recent discovery of using DNA in criminal cases has helped not only positively identify the suspect, but it has helped exonerate hundreds of innocent individuals. “With new advances in police technology and computer science, crime scene investigation and forensic science will only become more precise as we head into the future.” (Roufa, 2017) Forensic science and evidence helps law enforcement officials solve crimes through the collection, preservation and analysis of evidence. By having a mobile crime laboratory, the scene gets processed quicker and more efficiently. Forensic science will only grow in the future to be a benefit for the criminal justice

    Read More

More about The NIST Computer Forensics Tool Testing Program

Open Document