Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: James R. Lyle (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 36

Report of the Digital Evidence Task Group Quality Study

December 15, 2022
Author(s)
Barbara Guttman, Kelly Sauerwein, James R. Lyle
The report describes the results of a project performed by a study group from the Organization of Scientific Area Committees (OSAC) for Forensic Science Digital Evidence Subcommittee to identify the quality practices and management systems that are most

Digital Investigation Techniques: A NIST Scientific Foundation Review

November 21, 2022
Author(s)
James R. Lyle, Barbara Guttman, John Butler, Kelly Sauerwein, Christina Reed, Corrine Lloyd
This document is an assessment of the scientific foundations of digital forensics. We examined descriptions of digital investigation techniques from peer-reviewed sources, academic and classroom materials, technical guidance from professional organizations

Dataset construction challenges for digital forensics

July 29, 2021
Author(s)
James R. Lyle, Graeme Horsman
As the digital forensic field develops, taking steps towards ensuring a level of reliability in the processes implemented by its practitioners, emphasis on the need for effective testing has increased. In order to test, test datasets are required, but

Introduction to CFTT and CFReDS Projects at NIST

October 3, 2016
Author(s)
Jungheum Park, James R. Lyle, Barbara Guttman
Along with the development and propagation of Information & Communication Technology (ICT), digital evidence becomes more common and crucial to solving various types of cases. In this environment, there have been a lot of activities to research and develop

A Strategy for Testing Graphic File Carving Tools

February 19, 2014
Author(s)
James R. Lyle, Richard P. Ayers
File carving is widely used in digital investigations to extract deleted files from unallocated storage. Usually file carving is applied to file types with a recognizable structure so that unallocated space can be scanned for file components that are then

Deleted File Recovery Tool Testing Results

February 21, 2013
Author(s)
James R. Lyle
The CFTT project at the National Institute of Standards and Technology develops methodologies for testing computer forensic tools. This presentation reports on tool behaviors observed while testing digital forensics tools against a set of file deletion

Ten years of computer forensic tool testing

October 12, 2011
Author(s)
James R. Lyle, Barbara Guttman, Richard Ayers
The Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) has been active since 2000. The project develops methodologies for testing computer forensic software tools by the creation of general tool

Digital Forensics at the National Institute of Standards and Technology

April 9, 2008
Author(s)
James R. Lyle, Douglas R. White, Richard P. Ayers
There are three digital forensic science projects: National Software Reference Library (NSRL), Computer Forensic Tool Testing (CFTT), Computer Forensic Reference Data Sets (CFReDS) currently providing resources for the digital investigator underway at the

Digital Forensics at the National Institute of Standards and Technology

April 1, 2008
Author(s)
James R. Lyle, Douglas R. White, Richard Ayers
There are three digital forensic science projects: National Software Reference Library (NSRL), Computer Forensic Tool Testing (CFTT), Computer Forensic Reference Data Sets (CFReDS) currently providing resources for the digital investigator underway at the

Issues with Imaging Drives Containing Faulty Sectors

September 1, 2007
Author(s)
James R. Lyle, Mark R. Wozar
In the ideal situation when imaging a hard drive, all sectors are completely and accurately acquired and saved to an image file. In reality, occasionally drives will contain faulty sectors such that the original content of the faulty sector cannot be

Protecting Digital Evidence from Modification

December 12, 2005
Author(s)
James R. Lyle
Our results extending Kuhn's fault class hierarchy provide a justification for the focus of fault-based testing strategies on detecting particular faults and ignoring others. We develop a novel analytical technique that allows us to elegantly prove that

Testing BIOS Interrupt 0x13 Based Software Write Blockers

March 1, 2005
Author(s)
James R. Lyle, Paul E. Black
We report observations and experience in the Computer Forensics Tool Testing (CFTT) project while developing methodologies to test interrupt 0x13 based software write block (SWB) tools. A write blocker allows access to all data on a storage device while

Test Environment and Procedures for Testing dd Provided With FreeBSD 4.4

May 6, 2004
Author(s)
James R. Lyle
This document describes the testing of dd in the FreeBSD environment. The test cases that were applied are described in Disk Imaging Tool Specification, Version 3.1.6.The tests were run on test systems in the Computer Forensics Tool Testing Lab at the

Test Environment and Procedures for Testing EnCase 3.20

May 1, 2004
Author(s)
James R. Lyle
This document describes the testing of EnCase 3.20. The test cases that were applied are described in Disk Imaging Tool Specification, Version 3.1.6.The tests were run on test systems in the Computer Forensics Tool Testing Lab at the National Institute of

Test Environment and Procedures for Testing EnCase 3.20, Version 1.0

May 1, 2004
Author(s)
James R. Lyle
Our results extending Kuhn's fault class hierarchy provide a justification for the focus of fault-based testing strategies on detecting particular faults and ignoring others. We develop a novel analytical technique that allows us to elegantly prove that

NIST CFTT: Testing Computer Forensics Tools

February 1, 2004
Author(s)
James R. Lyle
There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. A capability is required to ensure that forensic software tools consistently produce accurate and objective results. The goal of the Computer

Computer Forensics Tool Testing (CFTT)

October 1, 2003
Author(s)
James R. Lyle
The National Software Reference Library (NSRL) of the U.S. National Institute of Standards and Technology (NIST) collects software from various sources and publishes file profiles computed from this software (such as MD5 and SHA-1 hashes) as a Reference

Test Environment and Procedures for Testing SafeBack 2.18

June 1, 2003
Author(s)
James R. Lyle
This document describes the testing of SafeBack 1.18. The Test cases that were applied are described in Disk Imaging Tool Specification, Version 1.1.6.The tests were run on test systems in the Computer Forensics Tool Testing Lab at the National Institute

NIST CFIT: Testing Disk Imaging Tools

January 27, 2003
Author(s)
James R. Lyle
There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. A capability is required to ensure that forensic software tools consistently produce accurate and objective test results. The goal of the