Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Digital evidence

What is digital forensics? Digital forensics is the field of forensic science that is concerned with retrieving, storing and analyzing electronic data that can be useful in criminal investigations. This includes information from computers, hard drives, mobile phones and other data storage devices.

In recent years, more varied sources of data have become important, including motor vehicles, aerial drones and the cloud. Digital forensic investigators face challenges such as extracting data from damaged or destroyed devices, locating individual items of evidence among vast quantities of data, and ensuring that their methods capture data reliably without altering it in any way.

The projects listed below are just a few examples of how we help the digital forensics community to address these challenges.

  • The National Software Reference Library is a regularly updated archive of known, traceable software applications collected by NIST. We generate digital signatures from all files in that archive and release them in a quarterly Reference Data Set (RDS). When a law enforcement organization seizes a computer or mobile device as part of a criminal investigation, they can use the RDS to quickly identify the known files on that device. This reduces the effort required to determine which files are important as evidence and which are not. 
  • There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. The Computer Forensic Tool Testing program establishes a methodology for testing computer forensic software tools by developing general tool specifications, test procedures, test criteria, test sets, and test hardware. The results help toolmakers to improve their products, allows users to make informed choices about which tools to use, and provides information to all interested parties on the capabilities of various computer tools used in forensic investigations.
  • NIST has multiple projects aimed at advancing video technologies that have forensic applications. Current project areas include detection of events in surveillance video, detection of events in internet video, and detection and understanding of images that have been altered from their original state.
  • NIST is working on multiple projects involving image-based biometric recognition that have forensic applications, with a particular focus on fingerprint, face, iris, and tattoo recognition.  This work is aimed at advancing measurement science, evaluation methodologies, best practices, image quality metrics, interoperability, and biometric standards.
  • The NIST Cloud Computing Forensic Science Program aims to improve the accuracy, reliability, scientific validity, and usefulness of cloud forensic science.  In support of this project, NIST has established the Cloud Computing Forensic Science Public Working Group to perform research and identify gaps in technology, standards and measurements; to address various challenges in cloud forensics; and to develop a cloud forensics reference architecture.

The Research

Projects & Programs

Digital Video Exchange Standards

Ongoing
NIST is working to develop a data export standard in conjunction with the stakeholder community. The goal of standardization is to increase evidentiary value and timeliness of CCTV video data; and to facilitate interoperable data sharing between CCTV/DVR owners and Law Enforcement; as well as among

Computer Forensic Reference Data Sets

Ongoing
There are several uses envisioned for the data sets, but we also expect that there will be unforeseen applications. The four most obvious applications are testing forensic tools, establishing that lab equipment is functioning properly, testing proficiency in specific skills and training laboratory

Software Assurance Metrics And Tool Evaluation (SAMATE)

Ongoing
The SAMATE project is an inter-agency project between the U.S. Department of Homeland Security and NIST, and consists of two parts: Development of metrics for the effectiveness of software security assessment (SSA) tools. assess current SSA methods and tools in order to identify deficiencies which

News

Step Inside the National Software Reference Library

Spotlight: An Honor From Abroad for the National Software Reference Library

NIST Update to Software Reference Library Will Aid in Criminal Investigations

Stay in Touch

Sign up for our newsletter to stay up to date with the latest research, trends, and news for Digital evidence.