Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Digital Investigation Techniques: A NIST Scientific Foundation Review

Published

Author(s)

James R. Lyle, Barbara Guttman, John Butler, Kelly Sauerwein, Christina Reed, Corrine Lloyd

Abstract

This document is an assessment of the scientific foundations of digital forensics. We examined descriptions of digital investigation techniques from peer-reviewed sources, academic and classroom materials, technical guidance from professional organizations, and independently published sources. Digital investigation techniques are based on established computer science methods and when used appropriately are considered reliable. The process of evaluating, for example, the contents of a computer hard drive does not create information that was not there before the investigation started. However, because the field is rapidly changing there are limitations that practitioners and stakeholders need to be aware of: (1) as with any crime scene not all evidence may be discovered; (2) when recovering deleted files, the results may include extraneous material; (3) examiners need to understand that as software (operating systems and applications) are revised the meaning and significance of digital artifacts created by the software can change over time.
Citation
NIST Interagency/Internal Report (NISTIR) - 8354
Report Number
8354

Keywords

digital evidence, computer forensics, forensics, scientific foundation review

Citation

Lyle, J. , Guttman, B. , Butler, J. , Sauerwein, K. , Reed, C. and Lloyd, C. (2022), Digital Investigation Techniques: A NIST Scientific Foundation Review, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8354, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935497 (Accessed December 4, 2022)
Created November 21, 2022, Updated November 29, 2022