NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Digital Investigation Techniques: A NIST Scientific Foundation Review

Published

Author(s)

James R. Lyle, Barbara Guttman, John Butler, Kelly Sauerwein, Christina Reed, Corrine Lloyd

Abstract

This document is an assessment of the scientific foundations of digital forensics. We examined descriptions of digital investigation techniques from peer-reviewed sources, academic and classroom materials, technical guidance from professional organizations, and independently published sources. Digital investigation techniques are based on established computer science methods and when used appropriately are considered reliable. The process of evaluating, for example, the contents of a computer hard drive does not create information that was not there before the investigation started. However, because the field is rapidly changing there are limitations that practitioners and stakeholders need to be aware of: (1) as with any crime scene not all evidence may be discovered; (2) when recovering deleted files, the results may include extraneous material; (3) examiners need to understand that as software (operating systems and applications) are revised the meaning and significance of digital artifacts created by the software can change over time.
Citation
NIST Interagency/Internal Report (NISTIR) - 8354
Report Number
8354
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.IR.8354
Local Download

Keywords

digital evidence, computer forensics, forensics, scientific foundation review
Digital evidence

Citation

Lyle, J. , Guttman, B. , Butler, J. , Sauerwein, K. , Reed, C. and Lloyd, C. (2022), Digital Investigation Techniques: A NIST Scientific Foundation Review, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8354, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935497 (Accessed October 13, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created November 21, 2022, Updated November 29, 2022
Was this page helpful?