The testing methodology developed by NIST is functionality driven. The activities of forensic investigations are separated into discrete functions or categories, such as hard disk write protection, disk imaging, string searching, etc. A test methodology is then developed for each category. The current list of functionalities is available from the links provided in the left column.
The CFTT testing process is directed by a steering committee composed of representatives of the law enforcement community. Currently the steering committee selects tool categories for investigation and tools within a category for actual testing by CFTT staff. A vendor may request testing of a tool, however the steering committee makes the decision about which tools to test.
After a tool category and at least one tool is selected by the steering committee the development process is as follows:
After a category specification has been developed and a tool selected, the test process is as follows: