When criminals’ Personal Data Assistants (PDAs) are used in a crime, police need to know how to find, properly retrieve, and examine the information stored within, even if the criminal tried to hide or delete the data. Recent testing of the PDA forensics tools available could help law enforcement better use them by understanding the software’s capabilities and limitations.
A study sponsored by the Department of Homeland Security examined a number of software tools designed to acquire information from operating systems used most often in PDAs: Palm OS, Microsoft Pocket PC, and Linux. The researchers, from the National Institute of Standards and Technology (NIST), examined the tools in a range of situations commonly encountered during a forensic examination of PDAs and reported their findings. But the study is merely a part of the larger Computer Forensics Tool Testing (CFTT) project, a joint effort of NIST, the National Institute of Justice, and law enforcement organizations.
The report detailing the researchers’ findings, “PDA Forensic Tools: An Overview and Analysis (NISTIR 7100), is available at http://csrc.nist.gov/publications/nistir/index.html#ir7100.
For more information on the CFTT, visit www.cftt.nist.gov. Also, a companion NIST report, “Guidelines on PDA Forensics,” will soon be available. A draft of the publication is now available at http://csrc.nist.gov/publications/drafts.html#sp800-72.