NIST Releases PDA Forensics Study

National Institute of Standards and Technology (NIST), sponsored by the US Department of Homeland Security, has released a new report and study on PDA forensics. The report takes a look at current PDA forensic tools as well as a detailed look at handheld operating systems and security.

Tech savvy criminals are just as likely as anyone else to use high-tech devices, such as personal digital assistants (PDAs), to help keep track of their activities. When these devices are used in a crime, law enforcement investigators need to know how to find, properly retrieve and examine the information they store, even if the criminal tried to hide or delete the data.

Researchers from the National Institute of Standards and Technology recently examined a number of software tools designed to acquire information from operating systems used in most PDAs: Palm OS, Microsoft Pocket PC and Linux.

The researchers examined the tools in a range of situations commonly encountered during a forensic examination of PDAs. For example, the researchers wanted to determine if tools could find information, including deleted information, associated with applications such as calendars, contacts and task lists. The tools also were examined to see if someone could obtain the user's password and gain access to the contents of the device.

NIST's review of the current state of the art of forensic software, PDA Forensic Tools: An Overview and Analysis (.pdf) (NISTIR 7100), will help investigators better understand the capabilities and limitations of these software tools. Sponsored by the Department of Homeland Security, the study was not intended to be exhaustive or serve as a formal product evaluation but to complement the more rigorous specifications and test methods being developed as part of the Computer Forensics Tool Testing project. The CFTT is a joint effort of NIST, the National Institute of Justice, and law enforcement organizations.

A companion NIST report, which provides more detailed procedures on preserving, examining, analyzing and reporting of digital evidence on PDAs, will be available soon. A draft of this publication, Guidelines on PDA Forensics, is now available.

Article Comments


The following comments are owned by whoever posted them. PalmInfocenter is not responsible for them in any way.
Please Login or register here to add your comments.

Comments Closed Comments Closed
This article is no longer accepting new comments.


What I want to know.....

ssnider @ 10/1/2004 7:51:21 PM #
Can I hide my 3 year old son's birthday party entry in my datebook or not?????????


I was bleeding edge when I bought my Palm IIIxe.......But I sold it [Palm IIIX->Palm IIIXe->Clie SJ20->Sony SJ33]

RE: What I want to know.....
Strider_mt2k @ 10/2/2004 7:30:37 AM #
Not if your 3 year old gets ahold of it!

CBS's next ripoff series

mikecane @ 10/2/2004 10:20:34 AM #
I can see it coming: CSI PDA!

Spare us!!

CBS's next ripoff series: QUINCY - 2004
Strider_mt2k @ 10/2/2004 7:06:53 PM #
Here are some scenes from next week's "Quincy - 2004":

"I'm telling you Sam, it was a hard reset - AND I CAN PROVE IT!!!"
"Quickly, to the gas chromatograph!"

A well-meaning but bumbling deaf-mute gardener witnesses the murder of his boss's wife and takes photos of the event on his camera-equipped Palm OS handheld, with DEALDY RESULTS.

RE: CBS's next ripoff series
phoneboy @ 10/3/2004 7:58:46 PM #
And next season: CSI PDA: Boise!

Scope of report too narrow

johnbartley @ 10/5/2004 8:13:35 PM #
It's nice, the work they did on this, to tell us how to crack PalmOS and PocketPCs. They even included most of my errrors from earlier drafts.

However, they overlooked Symbian, hardheld variants of Linux, and other OS which surely will be found in criminal investigations.

But, a nice start.



Register Register | Login Log in