NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Forensic Science

Digital evidence

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 26 - 50 of 97

NIST Media Forensic Challenge (MFC) Evaluation 2020 - 4th Year DARPA MediFor PI meeting

July 15, 2020
Author(s)
Jonathan G. Fiscus, Haiying Guan, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, Timothee N. Kheyrkhah, Xiongnan Jin
The presentation slides summarize NIST Media Forensic Challenge (MFC) Evaluation, and present MFC20 evaluation reports in DARPA MediFor PI meeting. The slides contains five parts: Overview, Image Tasks, Video Tasks, Camera ID Verification Tasks, Provenance

Standardization of File Recovery Classification and Authentication

December 1, 2019
Author(s)
Eoghan Casey, Alexander J. Nelson, Jessica Hyde
Digital forensics can no longer tolerate software that cannot be relied upon to perform specific functions such as file recovery. The root of this problem is a lack of clearly defined software requirements, which compels users and tool testers to make

Manipulation Data Collection and Annotation Tool for Media Forensics

June 17, 2019
Author(s)
Eric Robertson, Haiying Guan, Mark Kozak, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, Timothee N. Kheyrkhah, Jeff Smith, Jonathan G. Fiscus
With the increasing diversity and complexity of media forensics techniques, the evaluation of state-of-the-art detectors are impeded by lacking the metadata and manipulation history ground-truth. This paper presents a novel image/video manipulation

MFC Datasets: Large-Scale Benchmark Datasets for Media Forensic Challenge Evaluation

January 11, 2019
Author(s)
Haiying Guan, Mark Kozak, Eric Robertson, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, Timothee N. Kheyrkhah, Jeff Smith, Jonathan G. Fiscus
We provide a benchmark for digital media forensic challenge evaluations. A series of datasets are used to assess the progress and deeply analyze the performance of diverse systems on different media forensic tasks across last two years. The benchmark data

Navigating Unmountable Media with the Digital Forensics XML File System

May 31, 2018
Author(s)
Alexander J. Nelson, Alexandra Chassanoff, Alexandra Holloway
Some computer storage is non-navigable by current general-purpose computers. This could be because of obsolete interface software, or a more specialized storage system lacking widespread support. These storage systems may contain artifacts of great

Quick Start Guide for Populating Mobile Test Devices

May 10, 2018
Author(s)
Richard Ayers, Benjamin R. Livelsberger, Barbara Guttman
This guide provides procedures for documenting and populating various data elements typically found within the contents of a mobile device, e.g., mobile phone, tablet, etc. The guide discusses techniques and considerations for preparing the internal memory

Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

September 28, 2017
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of

MediFor Nimble Challenge Evaluation 2017

August 23, 2017
Author(s)
Jonathan G. Fiscus, Haiying Guan, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, David M. Joy, August L. Pereira
NIST presentation slides for DARPA MediFor Program One-Year PI Meeting

Inferring previously uninstalled applications from digital traces

May 25, 2017
Author(s)
Jim Jones, Tahir Kahn, Kathryn B. Laskey, Alexander J. Nelson, Mary T. Laamanen, Douglas R. White
In this paper, we present an approach and experimental results to suggest the past presence of an application after the application has been uninstalled and the system has remained in use. Current techniques rely on the recovery of intact artifacts and

MediFor Nimble Challenge Evaluation

April 17, 2017
Author(s)
Jonathan G. Fiscus, Haiying Guan, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, Timothee N. Kheyrkhah

Guide to Cyber Threat Information Sharing

October 4, 2016
Author(s)
Christopher S. Johnson, Mark L. Badger, David A. Waltermire, Julie Snyder, Clem Skorupka
Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats. Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors

Introduction to CFTT and CFReDS Projects at NIST

October 3, 2016
Author(s)
Jungheum Park, James R. Lyle, Barbara Guttman
Along with the development and propagation of Information & Communication Technology (ICT), digital evidence becomes more common and crucial to solving various types of cases. In this environment, there have been a lot of activities to research and develop

A Probabilistic Network Forensics Model for Evidence Analysis

September 20, 2016
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Poster:A Logic Based Network Forensics Model for Evidence Analysis

October 15, 2015
Author(s)
Anoop Singhal, Changwei Liu, Duminda Wijesekera
Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Measuring Systematic and Random Error in Digital Forensics

July 24, 2015
Author(s)
Alexander J. Nelson, Simson L. Garfinkel
Recognized sources of error in digital forensics include systematic errors arising from implementation errors, and random errors resulting from faulty equipment. But as digital forensic techniques expand to include statistical machine learning, another

Mobile Device Tool Testing

February 19, 2015
Author(s)
Richard Ayers
The Computer Forensic Tool Testing program at NIST has spent several years researching and testing forensic tools capable of acquiring data from the internal memory of mobile devices and Subscriber Identity Modules (SIMs). Test reports provide a foundation

A Logic Based Network Forensics Model for Evidence Analysis

January 28, 2015
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Many attackers tend to use sophisticated multi-stage and/or multi-host attack techniques and anti-forensic tools to cover their traces. Due to the limitations of current intrusion detection and network forensic analysis tools, reconstructing attack

Approximate Matching: Definition and Terminology

July 2, 2014
Author(s)
Frank Breitinger, Barbara Guttman, Michael McCarrin, Vassil Roussev, Douglas R. White
This document provides a definition of and terminology for approximate matching. Approximate matching is a promising technology designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find
Was this page helpful?