NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Digital Investigation Techniques: A NIST Scientific Foundation Review
Published
Author(s)
James R. Lyle, Barbara Guttman, John Butler, Kelly Sauerwein, Christina Reed, Corrine Lloyd
Abstract
This document is an assessment of the scientific foundations of digital forensics. We examined descriptions of digital investigation techniques from peer-reviewed sources, academic and classroom materials, technical guidance from professional organizations, and independently published sources. Digital investigation techniques are based on established computer science methods and when used appropriately are considered reliable. The process of evaluating, for example, the contents of a computer hard drive does not create information that was not there before the investigation started. However, because the field is rapidly changing there are limitations that practitioners and stakeholders need to be aware of: (1) as with any crime scene not all evidence may be discovered; (2) when recovering deleted files, the results may include extraneous material; (3) examiners need to understand that as software (operating systems and applications) are revised the meaning and significance of digital artifacts created by the software can change over time.
Lyle, J.
, Guttman, B.
, Butler, J.
, Sauerwein, K.
, Reed, C.
and Lloyd, C.
(2022),
Digital Investigation Techniques: A NIST Scientific Foundation Review, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8354, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935497
(Accessed October 8, 2025)