Data recovered from digital devices is often helpful in providing clues for incidents and potential criminal activity.
For example, data found on a suspect’s computer, cell phone or tablet may prove to be crucial evidence in a legal case.
Data extraction from mobile devices is tedious due to differences in data and formats from one device to the next.
To address these issues the National Institute of Standards and Technology (NIST) is releasing a guide that describes procedures for documenting and populating test data on a mobile device before testing a mobile forensic tool—the recovery and interpretation of data found on digital devices is often part of a criminal or civil investigation.
NIST’s Computer Forensics Tools Testing (CFTT) program tests computer forensic tools to ensure that they produce accurate and objective results.
These tests can be implemented by anyone, including the law enforcement community utilizing the Federated Testing software.
NIST is releasing a guide that describes procedures for documenting and populating test data on a mobile device as part of testing a mobile forensic tool.
Draft NIST Special Publication (SP) 800-202, which provides digital forensics investigators and labs with test materials for forensic tool testing, New Quick Start Guide for Populating Mobile Test Devices, is meant to be used with Federated Testing, which is an expansion of CFTT.
The goal of Federated Testing is to help digital forensics investigators to test the tools that they use in their labs and to enable sharing of test results within the digital forensics community by:
Providing guidance for how to place test data on a mobile device for use in forensic tool testing, and
Providing guidance to select data elements for inclusion that ensure effective testing.
The public comment period for this draft guide ends April 25, 2018.
See the publication record for a copy of the document and additional information.
Publication details: https://csrc.nist.gov/publications/detail/sp/800-202/draft