The Computer Forensics Tool Testing Program
When using automated tools to search for and analyze digital evidence, investigators must be able to trust the validity of the results produced by these tools. Standardized testing of these tools is essential to maintaining accurate and consistent analysis, especially considering that law enforcement uses more than 100 different digital forensics tools.
Under an NIJ grant, the National Institute of Standards and Technology established the Computer Forensics Tool Testing (CFTT) program in 2004 to develop a methodology for testing computer forensics tools. CFTT continues to test new digital evidence tools and new versions of previous tools.
CFTT's standard testing procedures and criteria help:
- Streamline the process of testing digital forensics tools.
- Provide unbiased standards for testing digital forensics tools.
- Provide manufacturers with feedback for improvements.
- Aid law enforcement agencies in making better informed purchasing decisions.
- Increase understanding among law enforcement of the different tools and their respective capabilities.
- Provide a methodology for testing that can be replicated by other law enforcement officials.
Under CFTT, focus groups composed of law enforcement officials define the requirements for various types of digital forensics tools. Tools are then tested against these requirements to determine how well they meet their stated purpose. The CFTT website contains information on the results of these tests and how the tests are conducted.