There are many common misconceptions about data forensics, which is the statistical analysis of test response data for assessing test security. No statistic can detect cheating on its own, as cheating involves specific behaviors and intent. However, when data forensics focuses on test score validity and the risks associated with statistical anomalies, it becomes a powerful tool for data-based decisions to ensure test program health. This session will cover the types of data forensics analyses, the data they use, and what they detect. We’ll discuss traditional analyses like similarity, answer changes, score differences, response time, and aberrance statistics, as well as emerging methods such as eye tracking, keystroke comparison, and multi-stream data comparisons to detect discrepancies. We’ll also explore threats that are largely undetectable and the directions towards which data forensics analyses are evolving.