The National Institute of Standards and Technology (NIST) publishes Digital Investigation Techniques: A Review of the NIST Science Foundation. This draft report, which will be open to public discussion for 60 days, provides an overview of the methods used by digital forensic experts to analyze evidence from computers, mobile phones and other electronic devices.
The purpose of the NIST Scientific Foundation Reviews is to document and evaluate the scientific basis for forensic methods. These reviews shall meet the need set out in a a remarkable study from 2009 from the National Academy of Sciences, which found that many forensic disciplines do not have a solid foundation in research.
To conduct their review, the authors reviewed peer-reviewed literature, documentation from software developers, forensic tool test results, standards and best practice documents, and other sources of information. They found that “the examination of digital evidence is based on a sound foundation based in computer science” and that “the application of these computer techniques for digital investigations is reasonable”.
“Copy data, search for text strings, find time stamps on files, read phone call logs. These are key elements of the digital investigation, “said Barbara Gutman, head of NIST’s Digital Forensics Research Program and author of the study. “And they all rely on fundamental computer operations that are widely used and well understood.”
The report also discusses several challenges facing forensic experts, including the rapid pace of technological change. “Digital proof technology doesn’t work perfectly in all cases,” Gutmann said. “If everyone starts using a new application, forensic tools will not be able to read and understand the contents of this application until they are updated. That requires constant effort. “
To address this challenge, the report recommends better methods for sharing information between experts and a more structured approach to testing forensic tools, which would increase efficiency and reduce duplication of effort in laboratories.
The report also recommends enhanced sharing of high-quality forensic reference data that can be used for education, training and the development and testing of new forensic tools.
Launched in 1999, NIST’s Digital Forensics Research Program develops methods for testing digital forensic tools and provides access to high-quality reference datasets. NIST also maintains a huge archive of published software, the National Library of Software References, which is an important resource for investigating computer crimes.
Reviews of NIST research foundations help laboratories identify appropriate constraints on the use of forensic methods, set priorities for future research, and suggest steps to move the field forward. These reviews are conducted as part of NIST’s forensic science program, which works to strengthen forensic practice through research and improved standards. In 2018, Congress ordered NIST to conduct these scientific reviews and provide funding for them.
Readers can submit comments on the draft report until 11 July 2022. NIST will host a webinar on the draft report on 1 June 2022. Instructions for submitting comments and registration information for the webinar are available on the NIST website.