Digital evidence

What is digital forensics? Digital forensics is the field of forensic science that is concerned with retrieving, storing and analyzing electronic data that can be useful in criminal investigations. This includes information from computers, hard drives, mobile phones and other data storage devices.

In recent years, more varied sources of data have become important, including motor vehicles, aerial drones and the cloud. Digital forensic investigators face challenges such as extracting data from damaged or destroyed devices, locating individual items of evidence among vast quantities of data, and ensuring that their methods capture data reliably without altering it in any way.

The projects listed below are just a few examples of how we help the digital forensics community to address these challenges.

• The National Software Reference Library is a regularly updated archive of known, traceable software applications collected by NIST. We generate digital signatures from all files in that archive and release them in a quarterly Reference Data Set (RDS). When a law enforcement organization seizes a computer or mobile device as part of a criminal investigation, they can use the RDS to quickly identify the known files on that device. This reduces the effort required to determine which files are important as evidence and which are not. 
• There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. The Computer Forensic Tool Testing program establishes a methodology for testing computer forensic software tools by developing general tool specifications, test procedures, test criteria, test sets, and test hardware. The results help toolmakers to improve their products, allows users to make informed choices about which tools to use, and provides information to all interested parties on the capabilities of various computer tools used in forensic investigations.
• NIST has multiple projects aimed at advancing video technologies that have forensic applications. Current project areas include detection of events in surveillance video, detection of events in internet video, and detection and understanding of images that have been altered from their original state.
• NIST is working on multiple projects involving image-based biometric recognition that have forensic applications, with a particular focus on fingerprint, face, iris, and tattoo recognition.  This work is aimed at advancing measurement science, evaluation methodologies, best practices, image quality metrics, interoperability, and biometric standards.
• The NIST Cloud Computing Forensic Science Program aims to improve the accuracy, reliability, scientific validity, and usefulness of cloud forensic science.  In support of this project, NIST has established the Cloud Computing Forensic Science Public Working Group to perform research and identify gaps in technology, standards and measurements; to address various challenges in cloud forensics; and to develop a cloud forensics reference architecture.