The U.S. National Institute of Standards and Technology (NIST) has a rigorous te

Question

The U.S. National Institute of Standards and Technology (NIST) has a rigorous testing program for computer forensic tools and equipment.

You can review and learn more about the NIST Tool Testing Program by visiting: http://www.cftt.nist.gov

For this assignment, you are asked to prepare a written report that includes the following three sections:

1. Provide an overview of the NIST Computer Forensic Tool Testing program and its usefulness to computer forensic investigators.

2. Describe in detail the work that NIST has done in testing “disk imaging” and “deleted file recovery” tools.

3. Describe the significance and importance of the various computer forensics offerings from NIST as shown on this site: http://www.nist.gov/itl/ssd/computerforensics.cfm

Explanation / Answer

1.Overview of the NIST Computer Forensic Tool Testing program
NIST had established the methodology for testing computer forensic tools (CFTT).
It also provide international standard reference data that tool makers and investigators can use in investigations (NSRL, CFReDS).
The Computer forensic investigators need tools
that …
Work as they should,
Reference data to reduce analysis workload,
Produce results admissible in court, and
Are independently tested tools
-----------------------------------------------------------------------------------------------
2.NIST's work done in testing “disk imaging” and “deleted file recovery”tools:
Everything ready to test a tool
– Specification (requirements, test assertions & test cases, test procedures)
– Validated test harness (user manual, validation plan, validation report)
Steering committee selects tools to test
– Most widely used tools selected
– May be unfair to vendors
Tool Test Process
After Steering Committee selects a tool …
Acquire tool & review documentation
Select test cases
Execute test cases
Discuss unexpected results with vendor & other
labs (CART, DCCI, RCMP, others)
Produce test report (deliver to NIJ)
NIJ reviews and posts test report
Evaluating Test Results
If a test exhibits an anomaly …
1. Look for hardware or procedural problem
2. Anomaly seen before
3. If unique, look at more cases
4. Examine similar anomalies
-----------------------------------------------------------------------------------------------
3. importance of the various computer forensics offerings from NIST
1.National Software Reference Library (NSRL) --
The National Software Reference Library (NSRL) collects various software from various sources. It then incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by government, and industry organizations ,law enforcement to review files on a computer by matching file profiles in the RDS.
2.Computer Forensics Tool Testing (CFTT) --
The goal of the Computer Forensic Tool Testing project is to establish a methodology for testing computer forensic software tools. To do so development of general tool specifications, test procedures, test criteria, test sets, and test hardware are made.
3.Computer Forensic Reference Data Sets (CFReDS) --
NIST is developing Computer Forensic Reference Data Sets for digital evidence. The reference data sets will provide documented sets of simulated digital evidence for examination to the investigators.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.