Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Federated Testing Project

Federated Testing Version 5 for Disk Imaging, Forensic Media Preparation, Forensic String Search, Hardware Write Blocking, and Mobile Forensics Data Extraction is now available!

The Federated Testing project is an expansion of the Computer Forensics Tool Testing (CFTT) Program to provide digital forensics investigators and labs with test suites for tool testing and to support shared test reports. The goal of Federated Testing is to help digital forensics investigators to test the tools that they use in their labs and to enable sharing of tool test results within the digital forensics community.

Shared Test Suites 

CFTT has developed test suites that will help you test your forensic tool. The test suites are packaged together in a live Linux .iso file.

To test your tool using the Federated Testing test suites:

  1. Download the latest Federated Testing live Linux .iso file (see the Downloads section below) and use it to create either a bootable flash drive or a bootable DVD. One can use the free Rufus tool to create a bootable flash drive from an .iso file.
  2. Insert the bootable flash drive or DVD into your forensic workstation and boot to it (you may need to change your computer's boot options to select your flash drive or DVD drive as your boot device). NOTE: to test Hardware Write Blocking and Disk Imaging tools you must boot a computer using a Federated Testing flash drive or DVD; when testing other types of tools however, e.g., a Mobile Forensics Data Extraction tool, one may consider booting a virtual machine in lieu of a computer.
  3. Use the user interface (Firefox Web browser) to select the type of tool you want to test. The user interface will tell you what items you will need to have on hand to get started.
  4. Use the interface to generate the test cases for testing your tool and follow the instructions to run each test.
  5. Use the interface to generate a test report for your tool.
  6. (Optional) Submit the test report and the log files created during testing to CFTT to share with the digital forensics community! See the Sharing Test Results section below for instructions on how to share your test results.

CFTT's approach to tool testing is to test a tool based on the functionalities it supports. Currently, you can use the Federated Testing .iso to test disk imaging, forensic media preparation, forensic string search, hardware write blocking, and mobile forensics data extraction tools, but CFTT will add new test suites in future releases to allow you to test more forensic functionalities and more types of tools, e.g., deleted file recovery, forensic file carving, etc. 

Shared Test Reports

A primary goal of the Federated Testing project is to produce tool test results that can be shared throughout the digital forensics community. Our Federated Testing test suites (packaged on our live Linux .iso file) allow any lab, agency or individual to test their tools using the same test methodology CFTT uses. The final step of this process is to generate a test report for the tool. Our test suites generate that test report for you in a common format that makes it easy for you and others to understand how the tool was tested and what the test results are. If someone has already tested a tool for the features you use in your lab, you can take advantage of their results in your evaluation of the tool. Click on the links below for test reports including Federated Testing reports. 

Sharing Test Results

Email your test reports produced using CFTT’s Federated Testing test suites and a zipped copy of the testing log files to cftt [at] to share your results with the digital forensics community. CFTT staff will review your logs and the test results documented in the test reports before sharing the reports with the community. Shared test reports from Federated Testing will be publicly available through this website.


Click here to download version 1 of CFTT's Federated Testing Lite for Windows, file (contains test suites for forensic string search, and mobile forensics data extraction tools)

Click here to view install/readme

Zip file SHA256 value: 2a8bccedefcdf6e84f71fb46e1e354183b339353ea6946285706644fd204fa81


Click here to download version 5 of CFTT's Federated Testing live Linux .iso file (contains test suites for testing disk imaging, forensic media preparation, forensic string search, hardware write blocking, and mobile forensics data extraction tools)

Click here to view the change log.

ISO file sha1 value: b4162a68ff3b2d902dfddd4f256273fe1b5015a4

If you are testing a forensic string search tool, you will need to also download the string search test suite’s companion data set from the Federated Testing Test Data Sets section of this page.

Email Notifications

Email federatedtesting+subscribe [at] to subscribe to the federatedtesting(at) mailing list. Federatedtesting(at) is a low volume mailing list for distributing updates on the Federated Testing project (e.g., new releases/versions and test suites).

Created May 8, 2017, Updated October 20, 2021