Testing Computer Forensic Tools
James R. Lyle - National Institute of Standards and Technology
Feb 25, 2004
AbstractThere is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. A capability is required to ensure that forensic software tools consistently produce accurate and objective test results. The goal of the Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) is to establish a methodology for testing computer forensic software tools. A methodology consisting of tool requirements specifications, test procedures, test criteria, test sets, and test hardware has been developed.
There are significant challenges for testing forensics tools. First, there are no standards or specifications for the expected behavior of forensic tools. Second, very arcane and often undocumented knowledge is required to understand the critical testing issues. Third, the behavior of the tools when executed in the presence of hardware errors is critical.
Several lessons learned during the testing of widely used tools are discussed. For example, the behavior of an imaging tool used on an unreliable (i.e., has bad sectors) disk is of interest. However, an unreliable disk is just that, unreliable. For testing, a reliable bad disk is needed. This was accomplished by using software to simulate a disk with bad sectors on a normally functioning hard disk.
About the SpeakerDr. Lyle wrote his first FORTRAN program in 1968 and has been programming ever since. He received a B.S. in Mathematics (1972) and an M.S. in Mathematics (1975) from East Tennessee State University; from the University of Maryland at College Park, Dr. Lyle received an M.S. (1982) and PhD (1984) in Computer Science.
Before joining NIST full time in 1993, Dr. Lyle was a Faculty Associate at NIST and an Assistant Professor at the University of Maryland Baltimore County.
Dr. Lyle\'s interests include Software Engineering, Computer Science Education, Computer Graphics, Human Factors, and Computer Forensics. His interests within Software Engineering include: programming support tools, software testing, user interface design, and requirements specification.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.