For computer forensics results to be admissible in a court of law, the tools and methods used to collect that data must ensure its integrity. According to Marie-Helen Maras (2012), “As with other forms of evidence, the original network traffic data acquired must be kept intact. An investigator must ensure that any programs run to obtain evidence do not modify the data in the system” (p.286). The National Institute of Standards and Technology (NIST) maintains the Computer Forensics Tool Testing (CFTT) program to help investigators choose the appropriate tools for this purpose. Program Overview NIST has established a methodology for testing computer forensic tools to assist law enforcement and other investigators in selecting the appropriate forensic tools that will consistently produce legally admissible forensic evidence. Among the testing criteria for forensic tools are; “General Instrument Specifications, Test Procedures, Test Criteria, Test Sets, and Test Hardware” (NIST, n.d.). The program is approved by NIST's Law Enforcement Standards Office and the U.S. Department of Homeland Security (DHS) (NIST, n.d.). The CFTT program allows investigators to choose forensic tools that have already been tested and verified to be accurate enough to be legally appropriate, which avoids investigators having to test their tools from scratch in an attempt to validate acceptable ones, a process that it could jeopardize court cases when tools prove insufficient during an investigation. Disk Imaging and Recovering Deleted Files In the 2012 CFTT booklet, NIST lists detailed results for nineteen tested disk imaging programs. Each program tested presents an overview of general results and specific conditions... halfway through the document... the appropriate tools are for the investigation at hand, rather than proceeding with a trial and error approach that is likely to produce investigative results unwanted. References Maras, M. (2012). Computer forensics: cyber criminals, laws and evidence. Sudbury. Jones and Bartlett Learning LLC. National Institute of Standards and Technology. (2009). Specification of active file identification and deleted file recovery tool. Retrieved March 23, 2014, from http://www.cftt.nist.gov/DFR-req-1.1-pd-01.pdfNational Institute of Standards and Technology. (2012). Computer forensic tools testing manual. Retrieved March 23, 2014, from http://www.cftt.nist.gov/CFTT-Booklet-Revised-02012012.pdfNational Institute of Standards and Technology. (n.d.). Welcome to the Computer Forensics Tool Testing (CFTT) project website. Retrieved March 23, 2014, from http://www.cftt.nist.gov/