There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. A capability is required to ensure that forensic software tools consistently produce accurate and objective test results. The goal of the Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) is to establish a methodology for testing computer forensic software tools. A methodology consisting of tool requirements specifications, test procedures, test criteria, test sets, and test hardware was developed. This paper reports on the initial CFTT work at NIST as applied to disk imaging tools. A brief overview of the testing process developed at NIST is presented followed by a discussion of the lessons learned testing the developed methodology on two disk imaging tools, dd and SafeBack.
Digital Forensic Research Workshop, International Journal of Digital Evidence, (online at www.ijde.org)
August 7-9, 2002