Barbara, tell us a bit about yourself. What's your role, and what does a typical day in your life look like?
As the Manager of the Software Quality Group, I work on 3 major projects including digital forensics, software assurance and software metrology. Even in digital forensics there are several projects, so I get to move from topic to topic.Friday, I gave a 5 year review of our digital forensics program to NIST management, helped a fellow manager in the Applied Security Division create a vacancy announcement, and spent some time reading about about new approaches to software assurance.
Can you give us an overview of NIST and its work?
NIST concentrates on measuring things. Measuring aspects of software is pretty different from measuring time or temperature. It is somewhat mind-boggling to think about the variety of things NIST measures. That makes NIST a fun place to work. NIST puts a lot of effort into putting out high quality products and we strive to be impartial. This can be important when there are competing ways to measure something.
In your opinion, what are some of the most pressing challenges facing digital forensics practitioners today, and how does NIST help to address these?
Digital forensics, like every other area in digital, is overwhelmed with the quantity of data and the fast-changing nature of the technology. As with the other areas in forensics, digital forensic practitioners need to be able to stand behind the results – justice is at stake. NIST helps by developing reference data and other technology to support the efficient and correct processing of digital evidence and by developing testing materials so practitioners know what tools can and cannot do. Testing tools helps support the quality of the digital forensic process.
How challenging is it for the Software Quality Group to keep up to date with the proliferation of devices and applications available today?
It is, of course, a big challenge. We have a steering committee from the law enforcement community to help us prioritize what is most important to them. There is no way we can do everything, so we try to address their highest priorities.
Tell us about the new Federated Testing Project: what is it, and who can get involved?
NIST has been able to test 179 tools since we started. This covers disk imaging, write blocking, mobile forensics tools, deleted file recovery, file carving and disk re-use. While this is a great start, it is not nearly enough to keep up with the new tools and new tool versions that come out.
Federated Testing moves NIST testing to forensic labs and really to anyone who wants to test a tool. Labs can test the exact version of tools that they use – they can test it in their environment. Federated Testing allows them to perform high quality tests without have to design and develop tests.
Because it is a common test and common test report format, labs can meaningfully share tests – either with partner labs or with the community as a whole. This means that more tools can be tested and the labs can save time.
One of the goals of the project is to ensure the reliability of the tools we are using. What other methods, if any, should digital forensics practitioners be using to ensure this?
SWGDE has a document that address how to reduce errors in forensic testing. It is SWGDE Establishing Confidence in Digital Forensic Results by Error Mitigation Analysis. It address training, use of peer review, documentation, and other methods to reduce errors.
Finally, when you're not working, what do you enjoy doing in your spare time?
Since it is winter and way too cold to go outside, I like to read. I like historical fiction best, but I also end up reading history and action/adventure stories. If you want a book recommendation, I suggest City of Thieves (by Dan Benioff, the screenwriter for Game of Thrones) or All the Light We Cannot See (by Anthony Doerr). Both are set in WWII.
Find out more about NIST's Federated Testing Project.