A digital forensics expert prepares to extract data from a mobile phone.
Credit: R. Press/NIST
The National Institute of Standards and Technology (NIST) has published Digital Investigation Techniques: A NIST Scientific Foundation Review. This draft report, which will be open for public comment for 60 days, reviews the methods that digital forensic experts use to analyze evidence from computers, mobile phones and other electronic devices.
The purpose of NIST scientific foundation reviews is to document and evaluate the scientific basis for forensic methods. These reviews fill a need identified in a landmark 2009 study by the National Academy of Sciences, which found that many forensic disciplines lack a solid foundation in scientific research.
To conduct their review, the authors examined peer-reviewed literature, documentation from software developers, test results on forensic tools, standards and best practices documents and other sources of information. They found that “digital evidence examination rests on a firm foundation based in computer science,” and that “the application of these computer science techniques to digital investigations is sound.”
“Copying data, searching for text strings, finding timestamps on files, reading call logs on a phone. These are basic elements of a digital investigation,” said Barbara Guttman, leader of NIST’s digital forensics research program and an author of the study. “And they all rely on fundamental computer operations that are widely used and well understood.”
The report also discusses several challenges that digital forensic experts face, including the rapid pace of technological change. “Digital evidence techniques don’t work perfectly in all cases,” Guttman said. “If everyone starts using a new app, forensic tools won’t ..
Support the originator by clicking the read the rest link below.
