The Contribution of Tool Testing to the Challenge of Responding to an IT Adversary (Keynote)

James R. Lyle
2006 International Conference on IT-Incidents Management & IT-Forensics  
The investigator is being presented with more data and more types of datat o analyze. The investigator cannotw orkw ithout tools. Tools aren eeded to acquire and analyze the data and solve the case. If thea ccuracy of any tools is successfully challenged in a court of law, then any results based on the tools can be suppressed and not presented. Even if an investigation is not going to any formal proceeding, the investigator wants to know the limitations of any tools used in an investigation.
more » ... s can best be accomplished by an independent assessment of the tools. This paper describes the Computer Forensics Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) in the United States. Currently, the CFTT project is developing tool specifications, test plans, test procedures, and test sets. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools capabilities. Our approach for testing computer forensic tools is based on well-recognized international methodologies for conformance testing and quality testing
dblp:conf/imf/Lyle06 fatcat:a3simrk3knghjg5eujj6ahzqaa