Forensics Tool Testing
(CFTT) Project Web Site
Welcome to the new and updated Computer Forensics Tool Testing (CFTT) Project Web Site.
The NIST CFTT project announces a draft version of Hard Drive Software Write Block Tool Specification & Test Plan Version 3.0. This document defines requirements and a test plan for hard drive software write block (SWB) tools used in computer forensics investigations, such as RCMP HDL. The final version of this document will be used for testing of software write blocking tools.
The NIST CFTT project is posting this version of the document for comments. Please send comments to CFTT@NIST.GOV. The end of the comment period is June 23, 2003. NIST will address the comments received and release the final version. Questions can be directed to Dr. James R. Lyle at (301) 975-3270 or JLYLE@NIST.GOV. Please note that the original title (and version) of this document was Draft Write Blocker Specification. The title was changed to stress that this specification is for software that protects hard drives from modification and that this specification does not address hardware devices that protect hard drives from modification.
National Institute of Justice publishes SafeBack 2.0 test report based on the CFTT methodology
Setup and Test Procedures: dd (GNU fileutils) 4.0.36 Forensic Tests
This document describes the testing of dd (GNU fileutils) 4.0.36 as a disk imaging tool on a Linux platform. The Linux version used was Linux version 2.4.2-2 (Red Hat Linux 7.1 2.96-79). The test cases that were applied are described in Disk Imaging Tool Specification, Version 3.1.6. As soon as the test report is posted, a link will be provided.
The revised Draft Write Blocker Specification with test assertions (Version 2.0 May 02) has been posted to the documents page for review. Version 1.0 is requirements only, Version 2.0 is requirements plus test assertions. If you have comments on the specification, please send them to firstname.lastname@example.org.
FS-TST: Forensic Software Testing Support Tools has been posted to the documents page as a ZIP file. FS-TST is a software package that supports the testing of disk imaging tools. The package includes programs that use the interrupt 13h BIOS disk interface to initialize disk drives, detect changes in disk content, compare pairs of disks, and simulate bad sectors on a disk. Most of the software is written in Borland C++ 4.5 with a few parts written in Borland Assembler. The software can be used in the MS-DOS 6.3 environment to setup disk drives for tests, measure the results of a test and aid in documenting test runs. A set of test cases for disk imaging tools is described in Disk Imaging Tool Specification, Version 3.1.6.
This project is supported by the U.S. Department of Justice's National Institute of Justice (NIJ) , federal, state, and local law enforcement, and the National Institute of Standards and Technology (NIST) to promote efficient and effective use of computer technology in the investigation of crimes involving computers. Numerous other sponsoring organizations from law enforcement, government, and industry are providing resources to accomplish these goals.
The CFTT is designed to provide a measure of assurance in the results of investigations based on automated tools used in computer forensics examinations. These tools are used by law enforcement, government, and industry organizations to examine disk drives seized in computer crime investigations and to analyze the files found. Examples of tools may include disk imaging software, password crackers, image analysis tools, and others.
PDF slides from a CFTT/NSRL presentation at TechnoSecurity 2003 are available.
A sister project to this work is the National Software Reference Library (NSRL). The NSRL Project has its own web site at http://www.nsrl.nist.gov .
The CFTT discussion group at http://groups.yahoo.com/group/cftt
is not affiliated with this project, although it does cover similar topics.
Privacy Poilcy/Security Notice
Disclaimer | FOIA |USAGov
NIST is an agency
U.S. Commerce Department
Date created: 8/20/2003
Last updated: November 27, 2007
Technical comments: email@example.com
Website comments: firstname.lastname@example.org
Search NIST website