Gesellschaft fr Informatik e.V.

Lecture Notes in Informatics

IT-Incident Management & IT-Forensics - IMF 2006, Conference Proceedings October, 18th - 19th, 2006, Stuttgart P-97, 6-13 (2006).



Oliver Göbel, Dirk Schadt, Sandra Frings, Hardo Hase, Detlef Günther, Jens Nedon (eds.)


The contribution of tool testing to the challenge of responding to an itadversary (Keynote)

Jim Lyle


The investigator is being presented with more data and more types of data to analyze. The investigator cannot work without tools. Tools are needed to acquire and analyze the data and solve the case. If the accuracy of any tools is successfully challenged in a court of law, then any results based on the tools can be suppressed and not presented. Even if an investigation is not going to any formal proceeding, the investigator wants to know the limitations of any tools used in an investigation. This can best be accomplished by an independent assessment of the tools. This paper describes the Computer Forensics Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) in the United States. Currently, the CFTT project is developing tool specifications, test plans, test procedures, and test sets. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools capabilities. Our approach for testing computer forensic tools is based on well-recognized international methodologies for conformance testing and quality testing

Full Text: PDF

ISBN 978-3-88579-191-1

Last changed 24.01.2012 21:56:42