Researchers from the National Institute of Standards and Technology recently examined a number of software tools designed to acquire information from operating systems used in most PDAs: Palm OS, Microsoft Pocket PC and Linux. The researchers examined the tools in a range of situations commonly encountered during a forensic examination of PDAs. For example, the researchers wanted to determine if tools could find information, including deleted information, associated with applications such as calendars, contacts and task lists. The tools also were examined to see if someone could obtain the user's password and gain access to the contents of the device.
NIST's review of the current state of the art of forensic software, PDA Forensic Tools: An Overview and Analysis (NISTIR 7100), will help investigators better understand the capabilities and limitations of these software tools. Sponsored by the Department of Homeland Security, the study was not intended to be exhaustive or serve as a formal product evaluation but to complement the more rigorous specifications and test methods being developed as part of the Computer Forensics Tool Testing project. The CFTT is a joint effort of NIST, the National Institute of Justice, and law enforcement organizations. For more information on the CFTT, see http://www.
A companion NIST report, which provides more detailed procedures on preserving, examining, analyzing and reporting of digital evidence on PDAs, will be available soon. A draft of this publication, Guidelines on PDA Forensics, is available at http://csrc.