As we all know, and may have experienced, tools and systems can become inaccurate or even fail with use. This is why forensic accreditations require practitioners across all forensic disciplines to perform some type of routine testing and calibration of the forensic tools and systems used for the capture and analysis of forensic evidence. This makes perfect sense given the sheer weight these tools and systems may have in someone’s liberty.
Too many times when talking about tool validation procedures, I’ve heard fellow practitioners state they only use NIST validated tools, as if this somehow alleviated them from this testing requirement. Whenever I hear this, my mind goes to the famous Southpark gnome episode… Step 1: NIST Validates Tool, Step 2: “???”, Step 3: Validated Forensic Results. Translation for those of you who don’t watch Southpark: Step 2 is the most critical step—and the one that the gnomes so humorously omitted. You must test and calibrate the tools and systems you are using. Not the ones that NIST used or installed, but the ones sitting on your desk or installed on your systems. The service NIST provides is invaluable to our community as it helps guide us towards those tools and systems that meet certain industry or government standards, but in no way does it relieve you of your responsibility to test your specific tools.
So, when was the last time you actually tested that write blocker in your kit? If not recently, now might be a great time.