NIST publishes Review of Digital Forensic Methods
The National Institute of Standards and Technology (NIST) has published Digital Investigation Techniques: A NIST Scientific Foundation Review. This draft report, which will be open for public comment for 60 days, reviews the methods used by digital forensic experts to analyze evidence from computers, mobile phones and other electronic devices.
The purpose of NIST’s scientific foundation reviews is to document and assess the scientific basis for forensic methods. These assessments meet a need identified in a 2009 landmark study by the National Academy of Sciences, which found that many forensic disciplines lack a solid foundation in scientific research.
To conduct their review, the authors examined peer-reviewed literature, documentation from software developers, test results on forensic tools, standards, and best practice documents, and other sources of information. They found that “digital evidence research rests on a solid foundation based on computer science,” and that “the application of these computer science techniques to digital research makes sense.”
«Copy data, search for text strings, find timestamps on files, read call logs on a phone. These are fundamental elements of a digital investigation, ”said Barbara Guttman, head of NIST’s digital forensic research program and author of the study. “And they all rely on basic computer operations that are widely used and well understood.”
The report also discusses several challenges facing digital forensic experts, including the rapid technological change. “Digital proofing techniques do not work perfectly in all cases,” Guttman said. “If everyone starts using a new app, forensic tools will not be able to read and understand the contents of that app until they are updated. This requires constant effort.”
To meet this challenge, the report recommends better methods of information sharing among experts and a more structured approach to testing forensic tools that will increase efficiency and reduce duplication of effort across laboratories.
The report also recommends increased sharing of high-quality forensic reference data that can be used for education, training and development and testing of new forensic tools.
NIST’s Digital Forensics Research Program, launched in 1999, develops methods for testing digital investigation tools and provides access to high-quality reference datasets. NIST also has a large archive of published software, the National Software Reference Library, which is a critical resource for investigating computer crime.
Reviews of NIST scientific foundations help laboratories identify appropriate constraints on the use of forensic methods, identify priorities for future research, and suggest steps to move the field forward. These reviews are conducted as part of NIST’s Forensic Science Program, which works to strengthen forensic practice through research and improved standards. In 2018, Congress instructed NIST to conduct these scientific assessments and allocated funds to them.
Readers can submit comments on the draft report through July 11, 2022. NIST will host a webinar on the draft report on June 1, 2022. Instructions for submitting comments and registration information for the webinar are available on the NIST Web site.