Data recovered from digital devices is often helpful in providing clues for incidents and potential criminal activity. For example, data found on a suspect’s computer, cell phone or tablet may prove to be crucial evidence in a legal case. Data extraction from mobile devices is tedious due to differences in data and formats from one device to the next.
To address these issues, NIST’s Computer Forensics Tools Testing (CFTT) program tests computer forensic tools to ensure that they produce accurate and objective results. These tests can be implemented by anyone, including the law enforcement community utilizing the Federated Testing software.
NIST is releasing a guide that describes procedures for documenting and populating test data on a mobile device as part of testing a mobile forensic tool. Draft NIST Special Publication (SP) 800-202, Quick Start Guide for Populating Mobile Test Devices, is meant to be used with Federated Testing, which is an expansion of CFTT. The goal of Federated Testing is to help digital forensics investigators to test the tools that they use in their labs and to enable sharing of test results within the digital forensics community. The goals of this guide are to provide guidance on how to document and populate test data on a mobile device for use in forensic tool testing and provide guidance to select data elements for inclusion that ensure effective testing.