November 2022

Test Results for Mobile Device Acquisition Tool:

NUIX Workstation v9.10.5.374

ii

Contents

Introduction ..................................................................................................................................... 1

How to Read This Report ............................................................................................................... 1

Introduction

The Computer Forensics Tool Testing (CFTT) program is a joint project of the

Department of Homeland Security’s (DHS) Science and Technology Directorate (S&T),

the National Institute of Justice, and the National Institute of Standards and Technology’s

(NIST) Special Programs Office and Information Technology Laboratory. CFTT is

supported by other organizations, including the Federal Bureau of Investigation, the U.S.

Department of Defense’s Cyber Crime Center, U.S. Internal Revenue Service’s Criminal

Investigation Division Electronic Crimes Program, and DHS’ Bureau of Immigration and

Test results provide the information necessary for developers to improve tools, users to

make informed choices, and the legal community and others to understand the tools’

capabilities. The CFTT approach to testing computer forensics tools is based on well-

recognized methodologies for conformance and quality testing. Interested parties in the

computer forensics community can review and comment on the specifications and test

methods posted on the CFTT Web site (https://www.cftt.nist.gov/).

This document reports the results from testing NUIX Workstation v9.10.5.374 for SQLite

data recovery, including displaying recovered SQLite database information; identifying,

categorizing and reporting Write-Ahead Log (WAL); Rollback Journal data; and

sequence WAL journal data.

mobile devices used for testing. Section 3 lists the testing environment and the internal

memory data objects used to populate the mobile devices. Section 4 provides an overview

of the test case results reported by the tool.

NUIX Workstation Page 2 of 7

v9.10.5.374

Tool Tested: NUIX Workstation

recover all supported data objects completely and accurately.

Modified row metadata:

The status of records that have been modified are not specified by the tool as

“modified” records.

For more test result details see Section 3.

NUIX Workstation Page 3 of 7

v9.10.5.374

2 Testing Environment

The tests were run in the NIST CFTT lab. This section describes the selected test

database information. SQLite versions 3.19.0 (Android) and 3.32.3 (iOS) were used when

creating the SQLite databases. These versions are the most current versions running on

Android and iOS. Table 1 below defines the SQLite data tested per test case:

NUIX Workstation Page 4 of 7

v9.10.5.374

3 Test Results

This section provides the test case results reported by the tool. Section 3.1 identifies the

NUIX Workstation v9.10.5.374 was tested for its ability to report recovered SQLite

The Test Cases column in Section 3.1 are comprised of two sub-columns that define a

particular test category and individual subcategories that are verified when testing. The

results are as follows:

As Expected: the SQLite data recovery tool returned expected test results.

Partial: the SQLite data recovery tool returned some of data.

NUIX Workstation Page 5 of 7

v9.10.5.374

SQLite data recovery was tested with NUIX Workstation v9.10.5.374.

All test cases were successful with the exception of the following.

The status of records that have been modified are not specified y the tool as

“modified” records.

associated with SQLite database files: Page Size: 1024, 4096, 8192; Journal

Mode: WAL, PERSIT, OFF; Number of Pages, Page Encoding: UTF8,

UTF16LE, UTF16BE, deleted records. Therefore, the fields for these data types

in Table 2 are marked as Not Applicable (NA).

NUIX Workstation Page 6 of 7

v9.10.5.374

NUIX Workstation Page 7 of 7

v9.10.5.374