A standardized evaluation methodology for large language models (LLMs) in digital forensic timeline analysis remains absent. Method: This paper introduces the first NIST-inspired, tool-testing–style LLM forensic evaluation framework, featuring controlled timeline generation, verifiable ground-truth construction, and task-specific metric design. It integrates human annotation, rule-based synthetic data generation, automated BLEU/ROUGE scoring, and ChatGPT-based cross-validation to enable fine-grained, quantitative assessment of timeline extraction, event ordering, and contextual association capabilities. Contribution/Results: The resulting benchmark dataset and evaluation pipeline are highly reproducible and extensible. They significantly enhance objectivity and comparability in evaluating LLM performance on digital forensic tasks, establishing the first dedicated, verifiable, and task-aligned evaluation infrastructure for forensic LLM research.

Large language models (LLMs) have seen widespread adoption in many domains including digital forensics. While prior research has largely centered on case studies and examples demonstrating how LLMs can assist forensic investigations, deeper explorations remain limited, i.e., a standardized approach for precise performance evaluations is lacking. Inspired by the NIST Computer Forensic Tool Testing Program, this paper proposes a standardized methodology to quantitatively evaluate the application of LLMs for digital forensic tasks, specifically in timeline analysis. The paper describes the components of the methodology, including the dataset, timeline generation, and ground truth development. Additionally, the paper recommends using BLEU and ROUGE metrics for the quantitative evaluation of LLMs through case studies or tasks involving timeline analysis. Experimental results using ChatGPT demonstrate that the proposed methodology can effectively evaluate LLM-based forensic timeline analysis. Finally, we discuss the limitations of applying LLMs to forensic timeline analysis.