Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Federated Testing Project
The Federated Testing project is an expansion of the CFTT program. The goal of Federated Testing is to help digital forensics investigators test and, if desired, share their results within the digital forensics community.
Available Test Suites:
There are 3 types of test suites to test different types of forensic tools: mobile and related tools, analysis tools, and a complete test environment for disk imaging and write blocking.
A. Mobile Device Acquisition Tools Test Suite (Windows OS)
Word Test Suite Templates:
Click here to download the Mobile Device Acquisition template.
Click here to download the Cloud Data Extraction template.
SQLite template. Coming Soon.
String Search template. Coming Soon.
* If you wish to share your test results with us and have them published, send them to cftt [at] nist.gov (cftt[at]nist[dot]gov).
B. Federated Testing Portable Web Server for Windows OS
Current version 2 of CFTT's Federated Testing includes SQLite data recovery, forensic string search, and mobile forensics data extraction tools. This creates a light environment. Note that you will need the tool, the read me file and datasets. See links below.
Click here to download version 2 of CFTT's Federated Testing.
Click here to view the Federated Testing Readme file.
SHA256 hash of FedTest.zip : 7AE47FCE0972A06E2E2C6AAB80EA991B23459FA3B26FEFA53E5679FA17E4233D
*If you are testing a forensic string search tool, you will need to also download the string search test suite’s companion data set from this page. Click the ‘browse data set’ button then enter the text: string search, the file you need is ‘String Search, V1.1’.
*If you are testing an SQLite recovery tool, you will need to also download the SQLite test suite’s companion data set. Click here to view the readme for this suite.
C. Federated Testing - ISO LINUX - Virtual Machines
CFTT's approach to tool testing is to test a tool based on the functionalities it supports. Currently, you can use the Federated Testing .iso to test disk imaging, forensic media preparation, forensic string search, hardware write blocking, and mobile forensics data extraction tools, but CFTT will add new test suites in future releases to allow you to test more forensic functionalities and more types of tools, e.g., deleted file recovery, forensic file carving, etc. The test suites are packaged together in a live Linux .iso file.
To test your tool using the Federated Testing test suites:
Download the latest Federated Testing live Linux .iso file (see the links to the Linux downloads below) and use it to create either a bootable flash drive or a bootable DVD. One can use the free Rufus tool to create a bootable flash drive from an .iso file.
Insert the bootable flash drive or DVD into your forensic workstation and boot to it (you may need to change your computer's boot options to select your flash drive or DVD drive as your boot device). NOTE: to test Hardware Write Blocking and Disk Imaging tools you must boot a computer using a Federated Testing flash drive or DVD; when testing other types of tools however, e.g., a Mobile Forensics Data Extraction tool, one may consider booting a virtual machine in lieu of a computer.
Use the user interface (Firefox Web browser) to select the type of tool you want to test. The user interface will tell you what items you will need to have on hand to get started.
Use the interface to generate the test cases for testing your tool and follow the instructions to run each test.
Use the interface to generate a test report for your tool.
(Optional) Submit the test report and the log files created during testing to CFTT to share with the digital forensics’ community! See the Sharing Test Results section below for instructions on how to share your test results.
Linux OS version available:
Federated Testing 64-bit ISO beta version:
Click here to download our CFTT Federated Testing 64-bit ISO beta version file. This version contains the complete test suites for all modules including forensic string search, and mobile forensics data extraction tools.
NOTE: However, if using the mobile forensic data extraction suite, we advise that you use the Word Mobile Device Acquisition Tool results report template, mentioned above, which includes the latest changes to the reports layout.
Click here to view the Federated 64 bit Readme.
ISO file SHA256 value: 30A5D75BE958255EFA4834909626E2F2608FF35D93247A98482D98A0E5A47191
If you are testing a forensic string search tool, you will need to also download the string search test suite’s companion data set from the Federated Testing Test Data Sets section of this page.
Best browser download option: Google Chrome
Federated Testing 32-bit ISO version:
Click here to download version 5 of CFTT's Federated Testing live Linux .iso file (contains test suites for testing disk imaging, forensic media preparation, forensic string search, hardware write blocking, and mobile forensics data extraction tools).
ISO file SHA1 value: B4162A68FF3B2D902DFDDD4F256273FE1B5015A4
If you are testing a forensic string search tool, you will need to also download the string search test suite’s companion data set from the Federated Testing Test Data Sets section of this page.
NOTE: This ISO contains legacy test material and is designated for use on 32bit machines only.
Previously Shared Test Reports
A primary goal of the Federated Testing project is to produce tool test results that can be shared throughout the digital forensics community. Our Federated Testing test suites (packaged on our live Linux .iso file) allow any lab, agency or individual to test their tools using the same test methodology CFTT uses. The final step of this process is to generate a test report for the tool. Our test suites generate that test report for you in a common format that makes it easy for you and others to understand how the tool was tested and what the test results are. if a word template for the functionality or feature you are testing is available above, we advise that you use the template to record your results instead. If someone has already tested a tool for the features you use in your lab, you can take advantage of their results in your evaluation of the tool. Click on the links below to access all test reports published, including Federated Testing reports.
- Disk Imaging Tool Test Reports
- Mobile Device Tool Test Reports
- Hardware Write Block Tool Test Reports
- Forensic String Search Tool Test Reports
- Forensic Media Preparation Tool Test Reports
Sharing Test Results
Email your test reports produced using CFTT’s Federated Testing test suites and a zipped copy of the testing log files to cftt [at] nist.gov (cftt[at]nist[dot]gov) to share your results with the digital forensics community. CFTT staff will review your logs and the test results documented in the test reports before sharing the reports with the community. Shared test reports from Federated Testing will be publicly available through this website.
Email Notifications
Email federatedtesting+subscribe [at] list.nist.gov (federatedtesting+subscribe[at]list[dot]nist[dot]gov) to subscribe to the federatedtesting(at)list.nist.gov mailing list. Federatedtesting(at)list.nist.gov is a low volume mailing list for distributing updates on the Federated Testing project (e.g., new releases/versions and test suites).