Overview: The Computer Forensics Tools Verification project provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results. It also supports other projects in the National Institute of Justice’s overall computer forensics research program, such as the National Software Reference Library (NSRL).
Industry Need Addressed: There are approximately 150 different automated tools routinely used by law enforcement organizations to assist in the investigation of crimes involving computers. These tools are used to create critical evidence used in criminal cases, yet there are no standards or recognized tests by which to judge the validity of results produced by these tools.
NIST/ITL Approach: Focus groups will be established to define requirements for specific types or classes of computer forensics tools, such as disk imaging tools, password crackers, etc. The initial concept is to develop general classifications of tools in order to group similar testing requirements in a computer forensics testing framework. For example, we are concentrating immediate efforts on disk imaging products, write blockers, and selected suites of tools. Further classifications will develop as tools are added to the list of products to test. The common characteristics of each classification are decomposed into testable requirements. Assertions are derived from these requirements along with assertions from specific capabilities of individual tools. Each assertion is then tested within the overall testing framework to produce results that are repeatable and objectively measurable. Test results will be reported to manufacturers and law enforcement organizations.
Impact: The implementation of testing based on rigorous procedures will provide impetus for vendors to improve their tools and provide assurance that their results will stand up in court. Focus group requirements documents may be used as the basis for industry standards pertaining to computer forensics tools. Law enforcement and other investigatory groups can use results as a basis for deciding when and how to use various tools.
NIST will provide unbiased, open, and objective means for manufacturers, law enforcement organizations, and the legal community to assess the validity of tools used in computer forensics.