Digital Evidence Database

Showing 21 to 30 of 120 results.

  • Directors and Corporate Advisors’ Guide to Digital Investigations and Evidence

    Institution

    Information Assurance Advisory Council (IAAC)

    Language

    English

    Publication date
    2005-09-01

    Reference link
    http://www.4law.co.il/cr31005.pdf
    Executive summary
    Nearly all organisations underestimate how often they may be called on to produce reliable evidence of what has happened in and around their information and communication technology (ICT) systems. They also underestimate the demands that the legal system makes in terms of ensuring the admissibility and reliability of digital evidence. Both of these can have a profound impact on business welfare. The detail of the problems that arise may be “techie”, but the implications for the continued smooth running of the organisation require proper control from, and the full understanding of, the organisation’s most senior decision-makers. Evidence is required in a very wide range of circumstances, for example: • in disputed transactions; • in allegations of employee misbehaviour; • to show compliance with legal and regulatory rules; • to avoid charges of negligence or breach of contract; • to assist law enforcement in criminal and anti-terrorist investigations; • to meet disclosure requirements in civil claims; • to support insurance claims after a loss. “Computer forensics” is now an established set of disciplines and the very high standards in place for preserving material from personal computers creates high expectations of other forms of digital evidence, including those from large corporate systems and networks, across the Internet and the emerging families of personal digital assistants (PDAs), mobile phones and portable media units. Unless the organisation has developed a detailed planned response to typical risk scenarios, much potential evidence will never be collected or will become worthless as a result of contamination. Moreover, during an investigation, the organisation will be constantly faced with a dilemma: lose business when essential systems are switched off so that evidence can be properly preserved; or be profoundly handicapped and incur losses because evidence cannot be produced. What is needed is a forensic readiness plan. The first part of this guide is directed at major decision-makers, corporate strategists and their senior advisers, including lawyers. It covers the following: • explaining the legal requirements of “evidence” and the problems of admissibility; • showing the life-cycle of incidents and how evidence collection needs to be integrated into regular crisis management, incident response and litigation plans; • showing the management planning, processes and disciplines necessary if an organisation is to emerge with the greatest possible range of options; • providing a scheme for deciding the resources that will be required and when and how far requirements can be outsourced to specialist third parties. The second part of the guide is for those who will have to implement policy such as information security staff, computer security incident response staff and those tasked with dealing with the sharp end of an investigation. It offers essential background information, including: • techniques for evidence preservation; • descriptions of the relevant laws of evidence and admissibility; • disclosure, human rights and data protection issues; • the limits of powers to carry out various forms of surveillance and investigation; • the handling of obscene and paedophiliac material; • points of contact in law enforcement agencies; • pointers to further information; • a glossary Lawyers called upon to provide detailed guidance will also find some of the technical material on types of evidence and methodologies for acquisition helpful. Although this guide is designed for use within the United Kingdom and the descriptions of the law refer to English law, many of the principals are universal in all jurisdictions.
    Purpose
    "This guide aims to help directors, senior managers and their legal advisers to understand the key strategic and management issues. It is designed to anticipate the need for provision of digital evidence and investigations by setting up management procedures, acquiring appropriate resources and identifying third-party sources of emergency assistance. For lawyers, it provides an overview of the types of digital evidence and the associated problems of probative value, admissibility and disclosure. But it is only a starting point – other, more specialist publications will need to be consulted while a detailed plan is formulated."
    Description
    This guide is relevant beyond criminal investigations. It focuses on guiding managers, as well as practiioners through preserving evidence not only from the standpoint of 'actual' evidence. It looks into decision making and long-term planning in business world to maintain the increased demand of digitalization.
    Target group
    Decision-makers, legal advisers, managers and lawyers

  • Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors

    Institution

    Office of Justice Programs, National Institute of Justice (NIJ) (US Department of Justice)

    Language

    English

    Publication date
    2007-01-01

    Reference link
    https://www.ncjrs.gov/pdffiles1/nij/211314.pdf
    Executive summary
    n/a
    Purpose
    Assist prosecutorial offices and associated law enforcement agencies in dealing with digital evidence to address the complete investigation process.
    Description
    The report identifies and addresses some of the key issues related to digital evidence. It includes relevant guidance related to search and seizure; integrity, discovery, and disclosure; relevant evidentary rules and courtroom preparation; as well as presentation and submission of digital evidence. Lastly, it applies these guidances to the issue of child pornography. The document also refers to additional resources and includes forms useful for investigators.
    Target group
    Law enforcement personnel and prosecutors

  • Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

    Institution

    Office of Justice Programs, National Institute of Justice (NIJ) (US Department of Justice)

    Language

    English

    Publication date
    2008-04-01

    Reference link
    https://www.ncjrs.gov/pdffiles1/nij/219941.pdf
    Executive summary
    n/a
    Purpose
    Assist state and local law enforcement and other first responders who may be responsible for preserving an electronic crime scene and for recognizing, collecting, and safeguarding digital evidence.
    Description
    The document includes definitions and basic concepts relevant when dealing with digital evidence. The guide addresses potential electronic devices, investigative tools and equipment. Moreover, it sets out practices concerning securing and evaluating the scene, documenting the scene, collecting evidence, and handling of digital evidence. Lastly, it includes a section on electronic crimes and digital evidence. The document also has a glossary of relevant concepts.
    Target group
    State and local law enforcement and other first responders.

  • Guidelines for the cooperation between law enforcement and internet service providers against cybercrime

    Institution

    Council of Europe (European Union)

    Language

    English

    Publication date
    2008-04-02

    Reference link
    https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=09000016802fa3ba
    Executive summary
    n/a
    Purpose
    Assist cooperation among law enforcement and service providers against cybercrime.
    Description
    The guidelines are a non-binding tool that is expected to be disseminated among law enforcement and service providers to assist in their cooperation against cybercrime while acknowledging the respective roles, responsibilities and the rights of internet users. The document presents general guidelines, setting out the measures to be taken by law enforcement as well as service providers.
    Target group
    Law enforcement officers and service providers.

  • Electronic Crime Scene Investigation: An On-the-Scene Reference for First Responders

    Institution

    Office of Justice Programs, National Institute of Justice (NIJ) (US Department of Justice)

    Language

    English

    Publication date
    2009-11-01

    Reference link
    https://www.ncjrs.gov/pdffiles1/nij/227050.pdf
    Executive summary
    n/a
    Purpose
    The document is intended as a quick reference for first responders and as a companion piece to 'Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition'.
    Description
    The guide addresses potential electronic devices, and sets out practices concerning securing and evaluating the scene, documenting the scene, collecting evidence, and packaging and transporting digital evidence. Lastly, it includes a section on electronic crimes and digital evidence.
    Target group
    First responders.

  • ACPO Good Practice Guide for Digital Evidence

    Institution

    Association of Chief Police Officers (ACPO)

    Language

    English

    Publication date
    2012-03-01

    Reference link
    https://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf
    Executive summary
    n/a
    Purpose
    The purpose of this document is to provide guidance to assist law enforcement and all others that assist in investigating cyber security incidents and crime.
    Description
    This document provides an overview of computer based electronic investigations, with emphasis on the types of crimes scenes, types of networks and technology and how to perform network forensics. The guide includes principles of digital evidence and their explanation, location of digital evidence, seizure of electronic evidence, proportionality issues relating to seizure, preparation before and after capturing digital evidence, analyses of seized digital evidence, interpretation of digital data, communication of digital evidence, verbal feedback, how to make statements or reports on digital evidence, witness evidence, training and education of digital evidence, welfare of staff working on digital evidence and disclosure.
    Target group
    UK law enforcement personnel who may deal with digital evidence. This will include: - Persons who are involved in the securing, seizing and transporting of equipment from search scenes with a view to recovering digital evidence, as well as in the identification of the digital information needed to investigate crime; - Investigators who plan and manage the identification, presentation and storage of digital evidence, and the use of that evidence; - Persons who recover and reproduce seized digital evidence and are trained to carry out the function and have relevant training to give evidence in court of their actions. - Persons who are involved in the selection and management of persons who may be required to assist in the recovery, identification and interpretation of digital evidence.

  • Digital Evidence, Digital Investigations and E-Disclosure: A Guide to Forensic Readiness for Organisations, Security Advisers and Lawyers Version 3.0

    Institution

    Information Assurance Advisory Council (IAAC)

    Language

    English

    Publication date
    2012-03-01

    Reference link
    https://cryptome.org/2014/03/digital-investigations.pdf
    Executive summary
    This is the third edition of a publication that first appeared in 2005. Although the general principles have not changed much else has, for example, in terms of the capabilities and capacities of computers, the growth in numbers and sophistication of smart phones and the development of social media such as Facebook and Linkedin. Information and Communications Technology (ICT) has continued its rapid evolution and this is having an impact on how investigations involving digital evidence are carried out. Increasingly closed circuit television (cctv), a vital resource of physical security and which used to be archived to video tape, is now digitally stored and hence capable of digital examination. Telephony based on internet protocols (VOIP) is no longer a fringe experiment but a substantial and growing alternative for businesses and private individuals – there are many problems of how evidence from VOIP may be collected and handled. More and more companies are routinely recording telephone traffic, but there are both technical and legal problems associated with its use in court. The day of “ubiquitous computing” – any information anywhere – is upon us via cloud services. These and the growth of other forms of out-sourcing present problems which are partly technical – how does one deal with virtualised computer environments? – but also contractual: what can one expect of the out- sourcing facilities company and how may your contract with them impact on your obligations to a court and to regulators? There have been some important amendments to relevant law. We now have in place measures which require businesses, in particular circumstances, to assist law enforcement agencies in the handling of encrypted material. There are also extensions to the law involving pornographic material. One of the most significant changes has come via the provision of specific rules covering disclosure of documents in electronic form. All of these reasons have persuaded us to issue a substantial new version of the guide at this point rather than simply carry on updating the downloadable file that has been available on the IAAC website.
    Purpose
    "This guide aims to help directors, senior managers and their legal advisers to understand the key strategic and management issues. It is designed to anticipate the need for provision of digital evidence and investigations by setting up management procedures, acquiring appropriate resources and identifying third-party sources of emergency assistance. For lawyers, it provides an overview of the types of digital evidence and the associated problems of probative value, admissibility and disclosure. But it is only a starting point – other, more specialist publications will need to be consulted while a detailed plan is formulated."
    Description
    The manual builds upon previous versions and incorporate new laws and regularions. This specifically concerns business required to help and assist enforcememnt agencies in, for example, handling of encrypted material. It marks as one of the most significant changes the laws regulating the disclosure of documents in electronic forms.
    Target group
    Decision-makers, legal advisers, managers and lawyers

  • Beyond Reasonable Doubt Using Scientific Evidence to Advance Prosecutions at the International Criminal Court

    Institution

    Berkeley Centre for Human Rights

    Language

    English

    Publication date
    2012-10-01

    Reference link
    https://www.law.berkeley.edu/files/HRC/HRC_Beyond_Reasonable_Doubt_FINAL.pdf
    Executive summary
    n/a
    Purpose
    The purpose of the document is to promote ideas, expertise, strategies, and strategic and technological resources for investigators and prosecutors for the applicatio of new and emerging scientific methods and technologies to pursue accountability.
    Description
    The report presents recommendations drawn from the workshop convened by the Berkeley HRC in consultation with the Office of the Prosecutor at the International Criminal Court in October 2012. The report includes a major section on the background of the issue, presenting an overview on the use of scientific evidence at international criminal tribunals (ICC, ICTY, ICTR and ECCC). The document includes best practices as discussed in the workshop, concerning evidence collection, preservation and analysis, and presentation of evidence in the courtroom. Lastly, the report sets out precise conclusions and recommendations regarding documentary evidence, and information technologies and management.
    Target group
    Investigators and prosecutors

  • Digital Evidence: Investigatory Protocols

    Institution

    Berkeley Centre for Human Rights

    Language

    English

    Publication date
    2013-10-01

    Reference link
    https://humanrights.berkeley.edu/publications/digital-evidence-investigatory-protocols
    Executive summary
    n/a
    Purpose
    The document aims to "assist the Office of the Prosecutor (“OTP”) at the International Criminal Court (“ICC”) by discussing cyberinvestigation protocols that enable strategic mobilization and acquisition of digital evidence."
    Description
    "This paper discusses cyberinvestigation protocols relevant to three types of digital evidence: data that is on a device; data that is not on a device or is accessible online; and data that is held privately by a service provider. The first section addresses how an investigator should acquire and authenticate physical devices that may have evidentiary value. The protocols demonstrate methods that reduce the risk of inadmissibility and manipulation. The second section addresses situations where the investigator obtains evidence independent of a physical device, for instance, a video that is posted on a publicly available website. Since this type of digital evidence is not forensically acquired, this section aims to help investigators determine its reliability. Additionally, this section explains how prosecutors might authenticate such evidence by corroboration or testimony. The third section turns to data held by service providers that is not available without their cooperation. This data may be acquired by a direct request from a prosecutor. For United States service providers, the U. S. Stored Communications Act (“SCA”) sets forth procedures for domestic law enforcement access to this data. It is silent on foreign law enforcement access. The Mutual Legal Assistance Treaties (“MLAT”) process addresses foreign law enforcement access to this data; however, this process is lengthy and may be subject to other legal requirements, such as dual criminality. Please note that protocols in all three sections are based on standards that reflect the current technological landscape and therefore should be updated when necessary. Furthermore, the basic procedures discussed here are derived from lengthy treatments of forensic analysis in source documents. In all three types of investigations, situational factors arise in which deviation from the protocols discussed is appropriate. Therefore, each investigation will need to employ specific procedures that are context-dependent."
    Target group
    The Office of the Prosecutor at the International Criminal Court

  • Digital Fingerprints Using Electronic Evidence to Advance Prosecutions at the International Criminal Court

    Institution

    Berkeley Centre for Human Rights

    Language

    English

    Publication date
    2014-02-01

    Reference link
    https://www.law.berkeley.edu/files/HRC/Digital_fingerprints_interior_cover2.pdf
    Executive summary
    n/a
    Purpose
    The document aims to promote an open exchange of ideas and expertise on strategies to improve the capacity of investigators and prosecutors to gather and analyze digital evidence relevant to serious international crimes.
    Description
    The report presents recommendations drawn from the workshop convened by the Berkeley HRC in collaboration with CITRIS in Salzburg, Austria, in October 2013. The report includes a background section, presenting an overview on digital evidence at the International Criminal Court (ICC), its history and in trial proceedings. The document addresses issues such as the relevance of building the ICC's internal capacity, and fostering external partnerships. Lastly, the report sets out precise recommendations in this line.
    Target group
    Investigators and prosecutors

This is free software. Created with LinkAhead and Django. Licenced under AGPL version 3.0 (Sources).