NCJ Number
200014
Journal
Law Enforcement Technology Volume: 30 Issue: 4 Dated: April 2003 Pages: 24,26,28
Date Published
April 2003
Length
4 pages
Annotation
This article discusses the reliability of computer forensic tools.
Abstract
A new methodology under development at the National Institute of Standards and Technology (NIST) called the Computer Forensic Tool Testing (CFTT) may help law enforcement investigate computer-related crime. The forensic issue is authentication, which means the process of ensuring that the duplicate of the hard drive provided in discovery is an exact copy of what the agency originally acquired. There is a requirement to ensure that forensic software tools consistently produce accurate and objective test results. The goal of CFTT is to meet this need by developing a methodology for testing computer forensic software tools. There are few standards available to define how these tools should operate and perform. CFTT aims to provide the information necessary for users to make informed choices about acquiring and using computer forensics tools. The project is directed by a steering committee representing a broad spectrum of the law enforcement community. This committee provides the project with both resources and direction. Once a specification is developed, the committee selects tools for testing against the specification. Software tools are divided according to their function: imaging, write blockers, and test suites. CFTT has already demonstrated some limitations of the software tools of which the manufacturers were unaware. The testing procedure subjects each tool to a list of requirements that have been determined through Federal, State, and local input. The main point is that the testing is done at a facility with no benefit in the outcome, conducted through scientific methodology, and with individuals knowledgeable in the process. Information generated from testing has already been used to support or substantiate the methodology in court.