Federated Testing Version 4 for Disk Imaging, Mobile Forensics Data Extraction, Hardware Write Blocking, and Forensic String Search is now Available!
The Federated Testing project is an expansion of the Computer Forensics Tool Testing (CFTT) Program to provide digital forensics investigators and labs with test suites for tool testing and to support shared test reports. The goal of Federated Testing is to help digital forensics investigators to test the tools that they use in their labs and to enable sharing of tool test results within the digital forensics community.
Shared Test Suites
CFTT has developed test suites that will help you test your forensic tool. The test suites are packaged together in a live Linux .iso file.
To test your tool using the Federated Testing test suites:
- Download the latest Federated Testing live Linux .iso file (see the Downloads section below) and use it to create either a bootable flash drive or a bootable DVD. One can use the free Rufus tool to create a bootable flash drive from an .iso file.
- Insert the bootable flash drive or DVD into your forensic workstation and boot to it (you may need to change your computer's boot options to select your flash drive or DVD drive as your boot device). NOTE: to test Hardware Write Blocking and Disk Imaging tools you must boot a computer using a Federated Testing flash drive or DVD; when testing other types of tools however, e.g., a Mobile Forensics Data Extraction tool, one may consider booting a virtual machine in lieu of a computer.
- Use the user interface (Firefox Web browser) to select the type of tool you want to test. The user interface will tell you what items you will need to have on hand to get started.
- Use the interface to generate the test cases for testing your tool and follow the instructions to run each test.
- Use the interface to generate a test report for your tool.
- (Optional) Submit the test report and the log files created during testing to CFTT to share with the digital forensics community! See the Sharing Test Results section below for instructions on how to share your test results.
CFTT's approach to tool testing is to test a tool based on the functionalities it supports. Currently, you can use the Federated Testing .iso to test disk Imaging, mobile forensics data extraction, hardware write blocking, and forensic string search tools, but CFTT will add new test suites in future releases to allow you to test more forensic functionalities and more types of tools, e.g., deleted file recovery, forensic file carving, etc.
Shared Test Reports
A primary goal of the Federated Testing project is to produce tool test results that can be shared throughout the digital forensics community. Our Federated Testing test suites (packaged on our live Linux .iso file) allow any lab, agency or individual to test their tools using the same test methodology CFTT uses. The final step of this process is to generate a test report for the tool. Our test suites generate that test report for you in a common format that makes it easy for you and others to understand how the tool was tested and what the test results are. If someone has already tested a tool for the features you use in your lab, you can take advantage of their results in your evaluation of the tool. Click on the links below for test reports including Federated Testing reports.
- Disk Imaging Tool Test Reports
- Mobile Device Tool Test Reports
- Hardware Write Block Tool Test Reports
- Forensic String Search Tool Test Reports
Sharing Test Results
Email your test reports produced using CFTT’s Federated Testing test suites and a zipped copy of the testing log files to email@example.com to share your results with the digital forensics community. CFTT staff will review your logs and the test results documented in the test reports before sharing the reports with the community. Shared test reports from Federated Testing will be publicly available through this website.
Click here to download version 4 of CFTT's Federated Testing live Linux .iso file (contains test suites for testing disk imaging, mobile forensics data extraction, hardware write blocking, and forensic string search tools)!
Click here to view the change log.
ISO file sha1 value: bb0d84d7047e25985e1f0aa4f27993a46022fdb0
If you are testing a forensic string search tool, you will need to also download the string search test suite’s companion data set from the Federated Testing Test Data Sets section of this page.
Email firstname.lastname@example.org with the word “subscribe” (without quotes) in the subject line to subscribe to the federatedtesting(at)nist.gov mailing list. Federatedtesting(at)nist.gov is a low volume mailing list for distributing updates on the Federated Testing project (e.g., new releases/versions and test suites).