Barbara Guttman, Software Quality Group Manager, NIST

Barbara, tell us a bit about yourself. What's your role, and what does a typical day in your life look like?

As the Manager of the Software Quality Group, I work on 3 major projects including digital forensics, software assurance and software metrology. Even in digital forensics there are several projects, so I get to move from topic to topic.Friday, I gave a 5 year review of our digital forensics program to NIST management, helped a fellow manager in the Applied Security Division create a vacancy announcement, and spent some time reading about about new approaches to software assurance.

Can you give us an overview of NIST and its work?

NIST concentrates on measuring things. Measuring aspects of software is pretty different from measuring time or temperature. It is somewhat mind-boggling to think about the variety of things NIST measures. That makes NIST a fun place to work. NIST puts a lot of effort into putting out high quality products and we strive to be impartial. This can be important when there are competing ways to measure something.

In your opinion, what are some of the most pressing challenges facing digital forensics practitioners today, and how does NIST help to address these?


Get The Latest DFIR News!

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Digital forensics, like every other area in digital, is overwhelmed with the quantity of data and the fast-changing nature of the technology. As with the other areas in forensics, digital forensic practitioners need to be able to stand behind the results – justice is at stake. NIST helps by developing reference data and other technology to support the efficient and correct processing of digital evidence and by developing testing materials so practitioners know what tools can and cannot do. Testing tools helps support the quality of the digital forensic process.

How challenging is it for the Software Quality Group to keep up to date with the proliferation of devices and applications available today?

It is, of course, a big challenge. We have a steering committee from the law enforcement community to help us prioritize what is most important to them. There is no way we can do everything, so we try to address their highest priorities.

Tell us about the new Federated Testing Project: what is it, and who can get involved?

NIST has been able to test 179 tools since we started. This covers disk imaging, write blocking, mobile forensics tools, deleted file recovery, file carving and disk re-use. While this is a great start, it is not nearly enough to keep up with the new tools and new tool versions that come out.

Federated Testing moves NIST testing to forensic labs and really to anyone who wants to test a tool. Labs can test the exact version of tools that they use – they can test it in their environment. Federated Testing allows them to perform high quality tests without have to design and develop tests.

Because it is a common test and common test report format, labs can meaningfully share tests – either with partner labs or with the community as a whole. This means that more tools can be tested and the labs can save time.

One of the goals of the project is to ensure the reliability of the tools we are using. What other methods, if any, should digital forensics practitioners be using to ensure this?

SWGDE has a document that address how to reduce errors in forensic testing. It is SWGDE Establishing Confidence in Digital Forensic Results by Error Mitigation Analysis. It address training, use of peer review, documentation, and other methods to reduce errors.

Finally, when you're not working, what do you enjoy doing in your spare time?

Since it is winter and way too cold to go outside, I like to read. I like historical fiction best, but I also end up reading history and action/adventure stories. If you want a book recommendation, I suggest City of Thieves (by Dan Benioff, the screenwriter for Game of Thrones) or All the Light We Cannot See (by Anthony Doerr). Both are set in WWII.

Find out more about NIST's Federated Testing Project.

Leave a Comment

Latest Videos

Magnet Forensics' Matt Suiche on the Rise of e-Crime and Info Stealers

Forensic Focus 12th January 2023 3:00 am

Just like your current holiday shopping for last minute presents a lot of the good stuff has gone off the shelves already. You reach to the back and find the toy nobody really wanted but it’s the thought that counts, you stare down at Si and Desi’s Holiday Special 2022 podcast. 

Please join these two as they lament over the year that was, discuss all the things they didn’t do but promise they will do them next year, query whether putting a NAS in the storage of a roller door is a good idea, and finally arrive at what they’re looking forward to bringing you in the new year.

Show Notes:

Arduino PLC IDE - https://docs.arduino.cc/software/plc-ide
Mycroft Mark II (open source Alexa) - https://www.kickstarter.com/projects/aiforeveryone/mycroft-mark-ii-the-open-voice-assistant
Christa’s new blog - https://christammiller.com/
Si’s holiday reading - https://amzn.to/3iJyGrR
Desi’s holiday reading -  https://inteltechniques.com/
Strange event for the end of the year - https://www.reuters.com/world/europe/25-suspected-members-german-far-right-group-arrested-raids-prosecutors-office-2022-12-07/
Si’s wishful thinking - https://www.youtube.com/watch?v=GXnRgXclLd0
Si’s list to do before the EOY - https://intrepidcamera.co.uk/products/intrepid-4x5-camera
Desi’s list to do before EOY - https://www.wired.com/story/how-to-reset-your-phone-before-you-sell-it/
“Cleaning your office” - https://www.manfrotto.com/uk-en/vintage-collapsible-1-5-x-2-1m-ink-sage-ll-lb5720/
Conference recorder - https://amzn.to/3UBmre5
Desi’s blog - https://www.hardlyadequate.com/

Just like your current holiday shopping for last minute presents a lot of the good stuff has gone off the shelves already. You reach to the back and find the toy nobody really wanted but it’s the thought that counts, you stare down at Si and Desi’s Holiday Special 2022 podcast.

Please join these two as they lament over the year that was, discuss all the things they didn’t do but promise they will do them next year, query whether putting a NAS in the storage of a roller door is a good idea, and finally arrive at what they’re looking forward to bringing you in the new year.

Show Notes:

Arduino PLC IDE - https://docs.arduino.cc/software/plc-ide
Mycroft Mark II (open source Alexa) - https://www.kickstarter.com/projects/aiforeveryone/mycroft-mark-ii-the-open-voice-assistant
Christa’s new blog - https://christammiller.com/
Si’s holiday reading - https://amzn.to/3iJyGrR
Desi’s holiday reading - https://inteltechniques.com/
Strange event for the end of the year - https://www.reuters.com/world/europe/25-suspected-members-german-far-right-group-arrested-raids-prosecutors-office-2022-12-07/
Si’s wishful thinking - https://www.youtube.com/watch?v=GXnRgXclLd0
Si’s list to do before the EOY - https://intrepidcamera.co.uk/products/intrepid-4x5-camera
Desi’s list to do before EOY - https://www.wired.com/story/how-to-reset-your-phone-before-you-sell-it/
“Cleaning your office” - https://www.manfrotto.com/uk-en/vintage-collapsible-1-5-x-2-1m-ink-sage-ll-lb5720/
Conference recorder - https://amzn.to/3UBmre5
Desi’s blog - https://www.hardlyadequate.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BhrBg5_sAKo

Si and Desi Holiday Special 2022

Forensic Focus 16th December 2022 12:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...