CFTT banner

CFTT logo

HOME

GENERAL INFORMATION

TECHNICAL INFORMATION

DHS's CyberFETCH Site for All Test Reports

NIJ's e-crime site published test reports (Before March 2013) 

Computer Forensics Tool Catalog

NSRL Website

CFReDS Project

Privacy Policy/Security Notice
Disclaimer | FOIA

NIST is an agency of the
U.S. Commerce Department

Date created: 8/20/2003
Last updated: 8/20/2003

Technical comments: cftt@nist.gov

 

 

 

CFTT Methodology Overview

The testing methodology developed by NIST is functionality driven. The activities of forensic investigations are separated into discrete functions or categories, such as hard disk write protection, disk imaging, string searching, etc. A test methodology is then developed for each category. Currently we have developed a methodology for disk imaging tools and are developing a methodology for software hard disk write blocking tools. Deleted file recovery tools will be the next category for development of a test methodology.

The CFTT testing process is directed by a steering committee composed of representatives of the law enforcement community. Included are the FBI, DoD, NIJ (representing state and local agencies), NIST/OLES and other agencies. Currently the steering committee selects tool categories for investigation and tools within a category for actual testing by CFTT staff. A vendor may request testing of a tool, however the steering committee makes the decision about which tools to test.

Under the disk imaging category the tools selected initially for testing were: Linux dd, and SafeBack. The RCMP hdl was selected for the hard disk write block category. Final test reports are posted to a web site maintained by NIJ.

1.      Specification development process

After a tool category and at least one tool is selected by the steering committee the development process is as follows: 

  1. NIST and law enforcement staff develops a requirements, assertions and test cases document (called the tool category specification).
  2. The tool category specification is posted to the web for peer review by members of the computer forensics community and for public comment by other interested parties.
  3. Relevant comments and feedback are incorporated into the specification.
  4. A test environment is designed for the tool category.

2.      Tool test process

After a category specification has been developed and a tool selected, the test process is as follows:

  1. NIST acquires the tool to be tested.
  2. NIST reviews the tool documentation.
  3. NIST selects relevant test cases depending on features supported by the tool.
  4. NIST develops test strategy.
  5. NIST executes tests
  6. NIST produces test report.
  7. Steering Committee reviews test report.
  8. Vendor reviews test report.
  9. NIST posts support software to web.
  10. NIJ posts test report to web.