The Computer Forensics Tool Testing Program
When using automated tools to search for and analyze digital evidence, investigators must be able to trust the validity of
the results produced by these tools. Standardized testing of these tools is essential to maintaining accurate and consistent
analysis, especially considering that law enforcement uses more than 100 different digital forensics tools.
Under an NIJ grant, the National Institute of Standards and Technology established the Computer Forensics Tool Testing (CFTT)
program in 2004 to develop a methodology for testing computer forensics tools. CFTT continues to test new digital evidence
tools and new versions of previous tools.
CFTT's standard testing procedures and criteria help:
- Streamline the process of testing digital forensics tools.
- Provide unbiased standards for testing digital forensics tools.
- Provide manufacturers with feedback for improvements.
- Aid law enforcement agencies in making better informed purchasing decisions.
- Increase understanding among law enforcement of the different tools and their respective capabilities.
- Provide a methodology for testing that can be replicated by other law enforcement officials.
Under CFTT, focus groups composed of law enforcement officials define the requirements for various types of digital forensics
tools. Tools are then tested against these requirements to determine how well they meet their stated purpose. The CFTT website
contains information on the results of these tests and how the tests are conducted.
Date Created: November 5, 2010