Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ben Livelsberger NIST Information Technology Laboratory, CFTT Program

Published byMagnus Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "Ben Livelsberger NIST Information Technology Laboratory, CFTT Program"— Presentation transcript:

1 Ben Livelsberger NIST Information Technology Laboratory, CFTT Program
Federated Testing: Shared Test Materials from the CFTT Program at NIST for Digital Forensics Tool Validation and Shared Test Reports DFRWS – August 11, 2015 Ben Livelsberger NIST Information Technology Laboratory, CFTT Program

2 Computer Forensics Tool Testing Program Overview
The Computer Forensics Tool Testing Program provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results. CFTT develops test methodologies and tests selected tools. Directed by a steering committee composed of representatives of the law enforcement community. CFTT is a joint project of: DHS, NIST/SPO, FBI, DoD, Secret Service, NIJ and other agencies.

3 What is Federated Testing?
Federated Testing is an expansion of CFTT to provide the digital forensics community with: test materials for validating digital forensics tools and to support shared test reports. I introduce FT as shared test materials + shared test reports and then later tell the audience that the shared test materials are a dvd. Paul thought it might make FT more concrete to tell them that it’s a DVD up front (could even hold up a DVD as a prop– see, this is FT).

4 Tool Validation – Why? Why do Labs Perform Tool Validation?
Demonstrates reliability of results Identifies tool limitations May support admissibility of results May be required for lab accreditation -to satisfy Daubert guidelines

5 State of Tool Testing Test Reports Tool testing is expensive
CFTT, published through DHS S&T Department of Defense Cyber Crime Center, U.S. Law Enforcement Other agencies and labs, in-house Tool testing is expensive Duplicated work

6 Barriers to sharing test results
Idea: share test results Barriers: Labs test differently Dissimilar report formats

7 Federated Testing Proposes
Shared test materials from CFTT: Use a common test methodology Common test data sets with known ground truth Use a common test report format Sharing Test Reports Via public websites, e.g., DHS S&T Informally between labs Kept private

8 Target Areas CFTT has methodologies for: Implementing: Disk Imaging
Hardware Write Block Mobile Devices Forensic Media Preparation Deleted File Recovery File Carving Implementing: From Paul on 1/13/15: setting expectations: all the pieces are there now. Pre-release in March with release 1 coming after we’ve had a chance finish gathering feedback from our Beta testers.

9 What do the test materials look like?
Download live Linux® CD .iso file Components: User Interface Select tool features to test Instructions for creating test data and for running test cases Generate test report Command line test support tool Setup test cases and analyze the results

10 User Interface - Home

11 Disk Imaging Home

12 Selecting Tool Features

13 Tests To Run

14 Test Case Instructions

15 Command Line Tool

16 Sample Test Report

17 Framework for Sharing Test Reports
Lab/individual tests tool using Federated Testing materials Tester submits test report and logs to CFTT CFTT reviews test report and logs Vendor comment period Post test report to website (alternately post contact information)

18 Anticipated Benefits More tools validated Shared test reports
Cost savings Allows vendors to improve their tools Helps users to make informed choices on what tools/tool versions they use Allows labs to mitigate known errors Faster testing

19 Federated Testing for Disk Imaging Release Plan
Receiving feedback from beta testers Improve materials based on beta testing Record companion video tutorials Prerelease version available at testing.html Release version 1.0

20 Project Sponsors Department of Homeland Security, Science and Technology Directorate (Major funding) NIST Special Programs Office / Forensics

21 Contacts Ben Livelsberger www.cftt.nist.gov/federated_testing.cfm
Sue Ballou, Special Program Office at NIST

22 Questions?

Download ppt "Ben Livelsberger NIST Information Technology Laboratory, CFTT Program"

Similar presentations

The Messy World of Grey Literature in Cyber Security 8 th Grey Literature Conference 4-5 December 2006 New Orleans, Louisiana Patricia Erwin – I3P Senior.

The Messy World of Grey Literature in Cyber Security 8 th Grey Literature Conference 4-5 December 2006 New Orleans, Louisiana Patricia Erwin – I3P Senior.
A Strategy for Testing Hardware Write Block Devices James R Lyle National Institute of Standards and Technology.

A Strategy for Testing Hardware Write Block Devices James R Lyle National Institute of Standards and Technology.
Jim Lyle National Institute of Standards and Technology.

Jim Lyle National Institute of Standards and Technology.
Deleted File Recovery Tool Testing Results Jim Lyle NIST 2/21/13AAFS -- Washington 1.

Deleted File Recovery Tool Testing Results Jim Lyle NIST 2/21/13AAFS -- Washington 1.
Civilian Agency Acquisition Council Ralph De Stefano Director Contract Policy Division Civilian Agency Acquisition Council.

Civilian Agency Acquisition Council Ralph De Stefano Director Contract Policy Division Civilian Agency Acquisition Council.
Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation.

Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation.
Department of Labor HSPD-12

Department of Labor HSPD-12
Objective 107.02 Understand web-based digital media production methods, software, and hardware. Course Weight : 10%

Objective Understand web-based digital media production methods, software, and hardware. Course Weight : 10%
Cyber Education Project Accreditation Committee November 2014.

Cyber Education Project Accreditation Committee November 2014.
Forensic Tool Testing Results Jim Lyle National Institute of Standards and Technology.

Forensic Tool Testing Results Jim Lyle National Institute of Standards and Technology.
Computer & Mobile Forensics Standards Barbara Guttman October 1, 2009.

Computer & Mobile Forensics Standards Barbara Guttman October 1, 2009.
Federated Testing: Well-Tested Tools, Shared Test Materials & Shared Test Reports; The Computer Forensics Tool Catalog Website: Connecting Forensic Examiners.

Federated Testing: Well-Tested Tools, Shared Test Materials & Shared Test Reports; The Computer Forensics Tool Catalog Website: Connecting Forensic Examiners.
Who We Are… The Foundation is a 501(c)(3) non-profit research organization that owns and operates the Morrelly Homeland Security Center which is the first.

Who We Are… The Foundation is a 501(c)(3) non-profit research organization that owns and operates the Morrelly Homeland Security Center which is the first.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Open Statistics: Envisioning a Statistical Knowledge Network Ben Shneiderman Founding Director (1983-2000), Human-Computer Interaction.

Open Statistics: Envisioning a Statistical Knowledge Network Ben Shneiderman Founding Director ( ), Human-Computer Interaction.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
Graphic File Carving Tool Testing Jenise Reyes-Rodriguez National Institute of Standards and Technology AAFS - February 19 th, 2015.

Graphic File Carving Tool Testing Jenise Reyes-Rodriguez National Institute of Standards and Technology AAFS - February 19 th, 2015.
Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.

Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.
Mobile Device Forensics - Tool Testing Richard Ayers.

Mobile Device Forensics - Tool Testing Richard Ayers.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition

Similar presentations

Ads by Google