The NIST Computer Forensics Tool Testing Program

575 Words2 Pages

In order for computer forensics findings to be admissible in a court of law, the tools and methods used to collect such data must ensure its integrity. According to Marie-Helen Maras (2012), “As with other forms of evidence, the original captured network traffic data must be kept intact. An investigator must ensure that any programs that are run to obtain evidence do not modify data on the system” (p.286). The National Institute of Standards and Technology (NIST) maintains the Computer Forensics Tool Testing (CFTT) program to help investigators choose the appropriate tools for this purpose. Program Overview NIST has established a methodology for the testing of computer forensics tools in order to assist law enforcement and other investigators in choosing the proper forensics tools which will consistently produce legally admissible court evidence. Among the test criteria for forensic tools are; “general tool specifications, test procedures, test criteria, test sets, and test hardware” (NIST, n.d.). The program is endorsed by the NIST Law Enforcement Standards Office and the US Department of Homeland Security (DHS) (NIST, n.d.). The CFTT program allows investigators to choose forensics tools which have already been tested and verified to be sufficiently accurate to be legally appropriate, which saves investigators from the need to test their own tools from scratch in an effort to validate acceptable ones, a process that might jeopardize court cases when tools are found to be insufficient during an investigation. Disk Imaging and Deleted File Recovery In the 2012 CFTT booklet, NIST lists detailed results for nineteen tested disk imaging programs. Each program tested has an overview of the general findings and what specific condi... ... middle of paper ... ...he appropriate tools are for the investigation at hand, rather than proceeding with a trial and error approach which is likely to produce undesirable investigative results. References Maras, M. (2012). Computer Forensics: Cybercriminals, Laws, and Evidence. Sudbury. Jones and Bartlett Learning LLC. National Institute of Standards and Technology. (2009). Active File Identification & Deleted File Recovery Tool Specification. Retrieved March 23, 2014 from http://www.cftt.nist.gov/DFR-req-1.1-pd-01.pdf National Institute of Standards and Technology. (2012). Computer Forensics Tool Testing Handbook. Retrieved March 23, 2014 from http://www.cftt.nist.gov/CFTT-Booklet-Revised-02012012.pdf National Institute of Standards and Technology. (n.d.). Welcome to the Computer Forensics Tool Testing (CFTT) Project Web Site. Retrieved March 23, 2014 from http://www.cftt.nist.gov/

More about The NIST Computer Forensics Tool Testing Program

Open Document