NIST looks at forensics tools for handheld devices
As crime goes high-tech, investigators need to be familiar with techniques and tools for gathering, preserving, analyzing and documenting data from digital devices.
Handheld devices, such as personal digital assistants, are a distinct class of computers that are becoming increasingly common and offer their own forensic challenges.
The National Institute of Standards and Technology has evaluated some software tools currently available to investigators for gathering evidence from PDAs.
The interagency report
, PDA Forensic Tools: An Overview and Analysis, focuses on two operating systems that account for the majority of handheld devices, Palm OS and Pocket PC, as well as some miscellaneous tools for Linux-based PDAs.
NIST evaluated the tools in a number of scenarios, on equipment ranging from a 16-MHz processor with 2M of ROM and 8M of RAM to a 400-MHz processor with 48M of ROM and 128M of RAM. The tools evaluated are:
- PDA Seizure from Paraben Corp. of Orem, Utah
- EnCase from Guidance Software Inc. of Pasadena, Calif.
- Palm dd from @state Inc. of Cambridge, Mass.
- Palm OS Emulator from PalmSource Inc. of Sunnyvale, Calif.
- The open-source Pilot Link product
- The Duplicate Disk Unix utility
The evaluation was not comprehensive or a formal product test. Those efforts are being conducted by the Computer Forensics Tool Testing project, a NIST program being carried out in conjunction with law enforcement and investigative organizations in the departments of Defense, Homeland Security and Justice.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.