skip navigation


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.


NCJ Number: 228223 Add to Shopping cart Find in a Library
Title: Test Results for Digital Data Acquisition Tool: BlackBag MacQuisition 2.2
Corporate Author: National Institute of Standards and Technology (NIST)
United States of America
Date Published: September 2009
Page Count: 71
Sponsoring Agency: National Institute of Justice (NIJ)
Washington, DC 20531
National Institute of Justice/NCJRS
Rockville, MD 20849
National Institute of Standards and Technology (NIST)
Gaithersburg, MD 20899-3460
NCJRS Photocopy Services
Rockville, MD 20849-6000
Grant Number: 2003-IJ-R-029
Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America

NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America
Document: PDF
Type: Test/Measurement
Format: Document
Language: English
Country: United States of America
Annotation: Results are presented for testing BlackBag Technologies' MacQuisition, version 2.2 a digital data acquisition tool under Computer Forensics Tool Testing (CFTT) program.
Abstract: The MacQuisition tool acquired the source drives accurately except for acquiring a drive with faulty sectors. Highlights of several tool anomalies observed in certain test cases were 1) in one distributed version of MacQuisition 2.2 SHA1 acquisition hashes on the PowerPc architecture were computed incorrectly, 2) acquisition hashes might be computed incorrectly, 3) the ranges of data over which block hashes were computed were logged incorrectly, 4) the sectors hidden by a "device configuration overlay" (DCO) or "host protected area" (HPA) were not acquired, and 5) good sectors in the same block as a faulty sector were not acquired, and the other data was written in their place. The Computer Forensics Tool Testing (CFTT) program is a joint project of the United States Department of Justice, National Institute of Justice and the National Institute of Standards and Technology (NIST) Office of Law Enforcement Standards, and Information Technology Laboratory. The objective of the CFTT program is to provide measurable assurance to practitioners, researchers, and others that the tools used in computer forensic investigations provide accurate results. This requires the development of specifications and test methods for computer forensic tools and subsequent testing of tools against specifications. This report presents the results from testing BlackBag Technologies' MacQuisition, version 2.2., against the Digital Data Acquisition Tool Assertions and Test Plan, Version 1.0. Tables
Main Term(s): Data integrity
Index Term(s): Computer crime prevention measures; Computer hardware systems; Computer privacy and security; Data collections; Data security; Forensic sciences; Police equipment; Science and Technology; Security systems; Testing and measurement
Note: NIJ Special Report
To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.