Editor’s Note: Taken directly from the recent NIST media release highlighting the first large-scale “black box” study to test the accuracy of computer and mobile forensics, the following information is provided to describe the new digital forensics research initiative from NIST which, according to Barbara Guttman, leader of NIST’s digital forensics research program, is designed to help better understand the state of the practice and measure how well digital forensics experts do their job.
NIST Media Announcement
NIST to Digital Forensics Experts: Show Us What You Got
Digital forensics experts often extract data from computers and mobile phones that may contain evidence of a crime. Now, researchers at the National Institute of Standards and Technology (NIST) will conduct the first large-scale study to measure how well those experts do their job. But rather than testing the proficiency of individual experts, the study aims to measure the performance of the digital forensics community overall.
In this study, to be conducted online, participants will examine simulated digital evidence, then answer questions that might arise in a real criminal investigation. The exercise should take about two hours, and participation is voluntary. Enrollment is now open, and the online test will be available for approximately three months.
“We want to understand the state of the practice,” said Barbara Guttman, leader of NIST’s digital forensics research program. “Can experts produce accurate and reliable information when examining data from a digital device?”
In any forensic discipline, experts can encounter difficult cases. Fingerprints can be smudged and distorted. DNA can be degraded. One challenge with digital evidence is that it can often be difficult to find key bits of evidence among large volumes of data. Also, technology changes so quickly that it can be difficult to keep up.
“Forensics experts can’t extract data perfectly in every possible scenario,” Guttman said. “Phones change. Apps change. The world just moves too fast.”
While no forensic method works perfectly all the time, researchers can measure performance within a discipline by testing the experts. For instance, researchers might show fingerprint experts a series of prints and ask whether they do or don’t match. The study designers know the correct answers, and by combining the results from many experts, they can gain insight into the reliability of the method overall.
These studies only determine whether the expert gave the correct answer, without concern for how they reached it. In other words, they treat the expert as a black box — something you cannot see inside. Researchers use black box studies to assess the reliability of methods that rely on human judgment.
For the NIST black box study, participants will download simulated evidence from the NIST website in the form of one virtual mobile phone and one virtual computer. Such virtual devices, called “forensic images,” are commonly used in digital forensics, and study participants will be able to connect to them using the same software tools they use when working on real cases.
The forensic images created for this study simulate imagined but realistic scenarios involving a potential homicide and a potential theft of intellectual property. Study participants will download the images, examine them using whatever forensic software tools they choose, and answer a series of questions. For instance:
- What software program was used to discuss a potentially illegal transaction?
- What was the VIN number of the vehicle that connected to the phone via Bluetooth?
- What location information can be gleaned from the photo of a black Labrador found on this device?
The study is open to all public and private sector digital examiners who conduct hard drive or mobile phone examinations as part of their official duties. NIST will not calculate the performance of any specific expert or laboratory. Instead, NIST will publish anonymized and aggregated results that show the overall performance for the expert community and different sectors within that community.
This study will fulfill a critical need identified in a landmark 2009 report by the National Academy of Sciences. Titled Strengthening Forensic Science in the United States: A Path Forward, that report called for black box studies to measure the reliability of forensic methods that rely on human judgment. Courts and jurors can then consider the results of those studies when weighing evidence. The results of this study will also provide strategic direction for future research.
This black box study is part of a larger effort to evaluate the scientific foundations of digital forensic methods. NIST is also conducting scientific foundation reviews for DNA mixtures, firearms identification and bitemark analysis.
For more information and to enroll, visit the NIST Blackbox Study for Digital Examiners webpage.
- A Framework for Improving Cybersecurity: Infrastructure Considerations from NIST
- The Challenge of Mobile Security: New Cybersecurity Practice Guide from NIST