U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

NIST Authors in Bold

Displaying 26 - 50 of 93

MFC Datasets: Large-Scale Benchmark Datasets for Media Forensic Challenge Evaluation

January 11, 2019
Author(s)
Haiying Guan, Mark Kozak, Eric Robertson, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, Timothee N. Kheyrkhah, Jeff Smith, Jonathan G. Fiscus
We provide a benchmark for digital media forensic challenge evaluations. A series of datasets are used to assess the progress and deeply analyze the performance of diverse systems on different media forensic tasks across last two years. The benchmark data

Navigating Unmountable Media with the Digital Forensics XML File System

May 31, 2018
Author(s)
Alexander J. Nelson, Alexandra Chassanoff, Alexandra Holloway
Some computer storage is non-navigable by current general-purpose computers. This could be because of obsolete interface software, or a more specialized storage system lacking widespread support. These storage systems may contain artifacts of great

Quick Start Guide for Populating Mobile Test Devices

May 10, 2018
Author(s)
Richard Ayers, Benjamin R. Livelsberger, Barbara Guttman
This guide provides procedures for documenting and populating various data elements typically found within the contents of a mobile device, e.g., mobile phone, tablet, etc. The guide discusses techniques and considerations for preparing the internal memory

Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

September 28, 2017
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of

MediFor Nimble Challenge Evaluation 2017

August 23, 2017
Author(s)
Jonathan G. Fiscus, Haiying Guan, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, David M. Joy, August L. Pereira
NIST presentation slides for DARPA MediFor Program One-Year PI Meeting

Inferring previously uninstalled applications from digital traces

May 25, 2017
Author(s)
Jim Jones, Tahir Kahn, Kathryn B. Laskey, Alexander J. Nelson, Mary T. Laamanen, Douglas R. White
In this paper, we present an approach and experimental results to suggest the past presence of an application after the application has been uninstalled and the system has remained in use. Current techniques rely on the recovery of intact artifacts and

MediFor Nimble Challenge Evaluation

April 17, 2017
Author(s)
Jonathan G. Fiscus, Haiying Guan, Yooyoung Lee, Amy Yates, Andrew Delgado, Daniel F. Zhou, Timothee N. Kheyrkhah

Guide to Cyber Threat Information Sharing

October 4, 2016
Author(s)
Christopher S. Johnson, Mark L. Badger, David A. Waltermire, Julie Snyder, Clem Skorupka
Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats. Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors

Introduction to CFTT and CFReDS Projects at NIST

October 3, 2016
Author(s)
Jungheum Park, James R. Lyle, Barbara Guttman
Along with the development and propagation of Information & Communication Technology (ICT), digital evidence becomes more common and crucial to solving various types of cases. In this environment, there have been a lot of activities to research and develop

A Probabilistic Network Forensics Model for Evidence Analysis

September 20, 2016
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Poster:A Logic Based Network Forensics Model for Evidence Analysis

October 15, 2015
Author(s)
Anoop Singhal, Changwei Liu, Duminda Wijesekera
Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Measuring Systematic and Random Error in Digital Forensics

July 24, 2015
Author(s)
Alexander J. Nelson, Simson L. Garfinkel
Recognized sources of error in digital forensics include systematic errors arising from implementation errors, and random errors resulting from faulty equipment. But as digital forensic techniques expand to include statistical machine learning, another

Mobile Device Tool Testing

February 19, 2015
Author(s)
Richard Ayers
The Computer Forensic Tool Testing program at NIST has spent several years researching and testing forensic tools capable of acquiring data from the internal memory of mobile devices and Subscriber Identity Modules (SIMs). Test reports provide a foundation

A Logic Based Network Forensics Model for Evidence Analysis

January 28, 2015
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Many attackers tend to use sophisticated multi-stage and/or multi-host attack techniques and anti-forensic tools to cover their traces. Due to the limitations of current intrusion detection and network forensic analysis tools, reconstructing attack

Approximate Matching: Definition and Terminology

July 2, 2014
Author(s)
Frank Breitinger, Barbara Guttman, Michael McCarrin, Vassil Roussev, Douglas R. White
This document provides a definition of and terminology for approximate matching. Approximate matching is a promising technology designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find

ITL Forensic Science Program

June 5, 2014
Author(s)
Barbara Guttman, Martin Herman, Michaela Iorga, Larry Feldman, Kim Quill
Forensic science provides the methodologies for understanding crime scenes. It is used for analyzing evidence, identifying suspects, and prosecuting and convicting criminals while exonerating innocent people. To maintain the integrity of the U.S. criminal

Guidelines on Mobile Device Forensics

May 15, 2014
Author(s)
Richard Ayers, Sam Brothers, Wayne Jansen
Mobile device forensics is the science of recovering digital evidence from a mobile device under forensically sound conditions using accepted methods. Mobile device forensics is an evolving specialty in the field of digital forensics. This guide attempts

A Model Towards Using Evidence from Security Events for Network Attack Analysis

April 27, 2014
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use evidence obtained from security events to construct an attack scenario and
Displaying 26 - 50 of 93