U.S. flag

An official website of the United States government, Department of Justice.

Test Results for Digital Data Acquisition Tool: FTK Imager 2.5.3.14

NCJ Number
222982
Date Published
June 2008
Length
60 pages
Annotation

This report presents the results from testing the Digital Data Acquisition Tool: FTK Imager 2.5.3.14.

Abstract

These results, documented against four top-level tool requirements identified by the specification and several test assertions related to those requirements, describe the testing environment, provide an interpretation of the test results, and include test results summary log files for numerous test cases. Results show that except for two test cases (DA-07 and DA-08), the tested tool acquired all visible and hidden sectors completely and accurately from the test media without any anomalies. In one test case (DA-25) image file corruption was detected, but the location of the corrupt data was not reported. The following four anomalies were observed in test cases DA-07, DA-08, and DA-25: if a logical acquisition is made of an NTFS partition, the last eight sectors of the physical partition are not acquired (DA-07-NTFS); the sectors hidden by a host protected area (HPA) are not acquired (DA-08- ATA28 and DA-08-ATA48); the sectors hidden by a device configuration overlay (DCO) are not acquired (DA-08-DCO); and the location of corrupted data in an image file is not reported (DA-25). Results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools' capabilities. Tables

Date Published: June 1, 2008