Data recovered from digital devices is often helpful in providing clues for incidents and potential criminal activity. For example, data found on a suspect’s computer, cell phone or tablet may prove to be crucial evidence in a legal case. Data extraction from mobile devices is tedious due to differences in data and formats from one device to the next.
To address these issues, NIST has published a guide that describes procedures for documenting and populating test data on a mobile test device. NIST Special Publication (SP) 800-202, Quick Start Guide for Populating Mobile Test Devices, is meant to be used with Federated Testing, which is an expansion of NIST’s Computer Forensics Tools Testing (CFTT) program. The CFTT tests computer forensic tools to ensure that they produce accurate and objective results. These tests can be implemented by anyone, including the law enforcement community, utilizing the Federated Testing software.
The goal of Federated Testing is to help digital forensics investigators to test the tools that they use in their labs and to enable sharing of test results within the digital forensics community. The goals of SP 800-202 are to provide guidance on how to document and populate test data on a mobile device for use in forensic tool testing, and provide guidance to select data elements for inclusion that ensure effective testing.
Security and Privacy: testing & validation
Technologies: mobile
Applications: forensics