The Nist Computer Forensics Tool Testing Program

728 words - 3 pages

In order for computer forensics findings to be admissible in a court of law, the tools and methods used to collect such data must ensure its integrity. According to Marie-Helen Maras (2012), “As with other forms of evidence, the original captured network traffic data must be kept intact. An investigator must ensure that any programs that are run to obtain evidence do not modify data on the system” (p.286). The National Institute of Standards and Technology (NIST) maintains the Computer Forensics Tool Testing (CFTT) program to help investigators choose the appropriate tools for this purpose.
Program Overview
NIST has established a methodology for the testing of computer forensics tools in order to assist law enforcement and other investigators in choosing the proper forensics tools which will consistently produce legally admissible court evidence. Among the test criteria for forensic tools are; “general tool specifications, test procedures, test criteria, test sets, and test hardware” (NIST, n.d.). The program is endorsed by the NIST Law Enforcement Standards Office and the US Department of Homeland Security (DHS) (NIST, n.d.). The CFTT program allows investigators to choose forensics tools which have already been tested and verified to be sufficiently accurate to be legally appropriate, which saves investigators from the need to test their own tools from scratch in an effort to validate acceptable ones, a process that might jeopardize court cases when tools are found to be insufficient during an investigation.
Disk Imaging and Deleted File Recovery
In the 2012 CFTT booklet, NIST lists detailed results for nineteen tested disk imaging programs. Each program tested has an overview of the general findings and what specific conditions caused the procedure to fail. Following the general overview is an itemized list of anomalies that were observed during testing for that particular forensic tool. For instance, the report for Encase Linen 6.01explains in the overview that the software functioned as intended except for two specific conditions. In the itemized anomaly list, the two conditions are explained to be bad sector copies following a defective sector, and the inability to acquire sectors which are hidden by a device configuration overlay (NIST, 2012, p.24).
The portion of the CFTT that deals with deleted file recovery...

Find Another Essay On The NIST Computer Forensics Tool Testing Program

Liberty Alliance Project, an innovation that would allow computer users to sign on to many applications at the same time using that one program

1411 words - 6 pages force in the computer industry, created a program called Passport. Passport originated the notion of a single sign-on for multiple applications. The problem that Microsoft encountered with Passport was the hesitance many organizations and users felt in helping Microsoft to monopolize the computer industry any more than it already has. Furthermore, Microsoft's Passport, although innovative and ideal in theory, fails to recognize that there are

A Forensics Memory Study of Malware in Android Operating Systems

2744 words - 11 pages challenges involved in acquiring an Android memory image and finally we perform an experimental forensics investigations of a number of Android malware samples. II. ANDROID MEMORY FORENSICS: AN OVERVIEW There is wide consensus, at least in general outline, about the procedures involved in a forensic investigation [5,17,21]. NIST guidelines on cellphone forensics (SP 800-101 and 800-86), for example, conform to this consensus, and have defined the

Security Risk Analysis and Assessment Report

1009 words - 5 pages . As part of Cybercom’s contract with the DoD, the company is required to conduct a formal security risk analysis of its internal network in order to identify security vulnerabilities and prevent network breaches. Overview Cybercom’s security risk assessment will be performed using the guidelines of the National Institute of Standards and Technology (NIST) Special Publication 800-30, Guide for Conducting Risk Assessments. The risk management

Criminal Justice Fields

978 words - 4 pages forensics relating to the recovery of digital evidence or data from a mobile device under forensically sound conditions. The use of phones in crime was widely recognized for some years, but the forensic study of mobile devices is relatively new field, dating from the early 2000s. Smartphones, the news technology in mobile devices, have caused a demand for forensic examination of the devices, which could not be met by existing computer forensics

Critical Thinking Article & Critique - Forensics - MGT350 -Critical Thinking

612 words - 2 pages around and presenting `Helter Skelter (qtd. in "Crime," 2)."Ultimately, the author of the article has a valid argument. The topic of forensics has generated enough interest in college students to warrant, at the very least, further exploration. The University of Central Florida's classrooms are bulging with 650 students in the forensic science program, up by several hundred in the past two years, according to department head, Barry Fookes. "There are

Investigators: Digital Evidence

1410 words - 6 pages should be documented. Any software used should be in compliance with the law and NIST to ensure its validity when being used to conduct forensic analysis. Using improper software to conduct analysis could seriously jeopardize the integrity of the investigation. Standard things to search for when conducting forensic analysis of computer systems are system logs, cookies, deleted files, emails and email headers, files with strange extensions or

The Station Nightclub Investigation

902 words - 4 pages Recommendation 1 It is the recommendation of NIST that state and local jurisdictions update or adopt building and fire codes governing/concerning night clubs. These should be based on current model codes and cover the implantation of aggressive and an effective fire inspection program as well as enforce safety programs. State and local jurisdictions will also need to have enough qualified fire inspectors on staff. Recommendation 2 It is the

The Legal and Social Issues Surrounding DNA Databanking

1914 words - 8 pages against or refute. According to the Federal Bureau of Investigations, “CODIS blends forensic science and computer technology into a tool for linking violent crimes” (“Frequently Asked Questions (FAQs) on the CODIS Program and the National DNA Index System”, 2011). Maddux reports that all states collect DNA from convicted felony offenders, but many have begun passing bills to allow for the collection of DNA from individuals arrested on suspicion of

Linear Feedback Shift Registers

2764 words - 11 pages equidistributed sets generate equidistributed set, so is equidistributed. 5. Statistical Testing The new method for generating secure random numbers is evaluated by the NIST test suite which is a theoretical analysis and experiment program. 5.1. NIST statistical test suite The NIST tests suite is a statistical package involving 15 tests which are based on hypothesis testing. Also The NIST tests suite focuses on a variety of different types of non

Intro to Computer Forensics

880 words - 4 pages - PAGE 4 - {DATE\@ "06/03/2007"}Student's Name: Yasser AliyanAssignment Type: IPCryptography ConceptsUnit: 1Course: ITS660-0702A-01Dr. Prof: Jose M. NievesSpecial Topics in Network SecurityCover PageIntro to Computer Forensics{DATE\@ "06/03/2007"}Student's Name: Yasser AliyanAssignment Type: IPCryptography ConceptsUnit: 1Course: ITS660-0702A-01Dr. Prof: Jose M. NievesA computer virus is a damaging computer program. It is usually designed to

SIGMA: Pseudo Random Number Generator

1904 words - 8 pages Abstarct— The field of pseudo random number generation is important as well as not much explored. In present manuscript, we explores the possibility of a new Pseudorandom Random Number Generator and gives its testing results on NIST test battery. Keyword— Random Number Generator, NIST statistical test suite, SIGMA I. INTRODUCTION A pseudo-random bit sequence is an output of any deterministic algorithm, which generates a wide number of pseudo

Similar Essays

The Total Quality Program For A Computer

1079 words - 4 pages The Total Quality Program for a Computernamecollege / courseinstructordateAbstractThe Total Quality Program for a Computer is an exploration of the steps involved in launching a new computer to targeted audiences with a focus on the business and management practices involved. An examination of consumer input, management, employees, suppliers, and distribution intermediaries' processes used in development of the product focusing on planning

Evaluate The Strength And Weaknesses Of Psychometric Testing Within Employee Selection As A Tool Of Workforce Management?

1823 words - 7 pages Coursework.Info Coursework - - Redistribution Prohibited Evaluate the strength and weaknesses of psychometric testing within employee selection as a tool of workforce management? Work organisations consist of different types of people working together in the same environment, thus a certain level of understanding needs to be maintained in order to deal with different people. This will help improve

An Operating System Is A Program That Acts An Intermediary Betweena User Of A Computer And The Computer Hardware

663 words - 3 pages The Operating System With Advantages and Disadvantages Nowadays,most of the computers are using the Window as their operating system.Microsoft-designed computer operating system, a program that controlsthe basic functions of personal computers. Windows started life asMicrosoft?s take on a graphical user interface (GUI). Windows 3.0,Window 3.1, and Window 3.11 were the three earliest versions ofMicrosoft?s Windows operating system. Windows 95 is

Explains Southwest Airlines Positions Itself As A Different Class Of Airline By Having The Most Generous Frequent Flyer Program Of All Major Carriers. How It Uses Luv As A Promotional Tool

756 words - 3 pages warmth, friendliness, individual pride, and Company Spirit." (Pg. 1, Para 1)*Rewards. The company also prides themselves on having the most generous frequent flyer program and rewards program available.*Prices. "Southwest Airlines is the nation's leading, and largest, low-fare airline." (Pg. 5, Para 2)*Cabin Service. Southwest provides complimentary coffee, juice, soft drinks and small snacks, all for the comfort of the passengers. They also provide