Digital Evidence Database

Showing 21 to 30 of 120 results.
  • Basic investigative Standards for First Responders to International Crimes

    Institution

    Global Rights Compliance (GRC)

    Language

    Russian

    Publication date
    2016-07-01

    Reference link
    https://www.dropbox.com/s/l10ziit366fexlv/GRC%20BIS%20%28Russian%29.pdf
    Executive summary
    n/a
    Purpose
    "These basic investigative standards (“BISs”) identify the minimum standards that a first responder to a suspected crime, which may amount to an international crime, should adhere to in collecting, handling and preserving information in order to facilitate the subsequent work of professional investigators and prosecutors. The BISs are aimed at non-lawyers and non-professional investigators, including those who work for non-governmental organisations (“NGOs”), attempting to collect, handle and preserve information concerning international humanitarian or criminal law violations. As well as being intended to optimise practical cooperation with the International Criminal Court (“ICC”) Prosecutor, they are designed to achieve the most effective and robust foundation for any subsequent investigation and adjudication at the domestic or international level."
    Description
    These guidelines provides an overview of the role of first responders and the International Criminal Court, the basic investigation principles, including minimum standards, basic substantive knowledge for IHL investigations, guidance on how to implement an organized system to record the investigation steps and the results obtained. It further obtains standards for the collection, handling and preservation of information/evidence. In the annexes, the guide provides an evidence envelope sample; examples of log files, and witness code sheet.
    Target group
    investigators and first responders

  • Basic investigative Standards for First Responders to International Crimes

    Institution

    Global Rights Compliance (GRC)

    Language

    English

    Publication date
    2016-07-01

    Reference link
    https://www.globalrightscompliance.com/en/publications/basic-investigative-standards-bis-for-first-responders-to-international-crimes
    Executive summary
    n/a
    Purpose
    "These basic investigative standards (“BISs”) identify the minimum standards that a first responder to a suspected crime, which may amount to an international crime, should adhere to in collecting, handling and preserving information in order to facilitate the subsequent work of professional investigators and prosecutors. The BISs are aimed at non-lawyers and non-professional investigators, including those who work for non-governmental organisations (“NGOs”), attempting to collect, handle and preserve information concerning international humanitarian or criminal law violations. As well as being intended to optimise practical cooperation with the International Criminal Court (“ICC”) Prosecutor, they are designed to achieve the most effective and robust foundation for any subsequent investigation and adjudication at the domestic or international level."
    Description
    These guidelines provides an overview of the role of first responders and the International Criminal Court, the basic investigation principles, including minimum standards, basic substantive knowledge for IHL investigations, guidance on how to implement an organized system to record the investigation steps and the results obtained. It further obtains standards for the collection, handling and preservation of information/evidence. In the annexes, the guide provides an evidence envelope sample; examples of log files, and witness code sheet.
    Target group
    investigators and first responders

  • Bellingcat’s Invitation Is Waiting For Your Response: An Investigative Guide To LinkedIn

    Institution

    Bellingcat

    Language

    English

    Publication date
    2019-03-21

    Reference link
    https://www.bellingcat.com/resources/how-tos/2019/03/21/bellingcats-invitation-is-waiting-for-your-response-an-investigative-guide-to-linkedin/
    Executive summary
    n/a
    Purpose
    "This guide aims to provide helpful tools and techniques for identifying LinkedIn profiles and for extracting information that will then allow you to pivot to other social media profiles belonging to the target."
    Description
    The guide provides tools and techniques for identifying LinkedIn profiles and extracting relevant information, such as biographical detailes, personal and work contact information, approximate location, photos, username, website, and social networks. It includes preparatory security measures and information on how to use LinkedIn tools as part of open source investigations.
    Target group
    Open source researchers and investigators

  • Berkeley Protocol on Digital Open Source Investigations: A Practical Guide on the Effective Use of Digital Open Source Information in Investigating Violations of International Criminal, Human Rights and Humanitarian Law

    Institution

    Berkeley Centre for Human Rights

    Language

    English

    Publication date
    2020-12-01

    Reference link
    https://humanrights.berkeley.edu/programs-projects/tech-human-rights-program/berkeley-protocol-digital-open-source-investigations
    Executive summary
    Open source investigations are investigations that rely, in whole or in part, on publicly available information to conduct formal and systematic online inquiries into alleged wrongdoing. Today, large quantities of publicly available information are accessible through the Internet, where a quickly evolving digital landscape has led to new types and sources of information that could assist in the investigation of alleged human rights violations and serious international crimes. The ability to investigate such allegations is of particular value to investigators who cannot physically access crime scenes in a timely manner, which is often the case in international investigations. Open source information can provide leads, support intelligence outputs and serve as direct evidence in courts of law. However, in order for it to be used in formal investigation processes, including legal investigations, fact-finding missions and commissions of inquiry, investigators must employ consistent methods, which both strengthen the accuracy of their findings and allow judges and other fact-finders to better evaluate the quality of the investigation process itself. The Berkeley Protocol on Digital Open Source Investigations was developed to provide international standards and guidance for investigators in the fields of international criminal justice and human rights. Such investigators come from a range of institutions, including media outlets, civil society groups and non-governmental organizations, international organizations, courts, and national and international investigative agencies. The establishment of consistent and measurable standards to support this multidisciplinary arena is a means of professionalizing the practice of open source investigations. While guidelines and training on the use of specific tools and software are an essential part of improving the quality of digital open source investigations, the Berkeley Protocol does not focus on specific technologies, platforms, software or tools, but rather on the underlying principles and methodologies that can be consistently applied, even as the technology itself changes. These principles outline minimum legal and ethical standards for conducting effective open source investigations. By following the guidance in the Berkeley Protocol, investigators will help to ensure the quality of their work, while minimizing the physical, psychosocial and digital risks to themselves and others. The Berkeley Protocol is designed as a teaching tool and a reference guide for open source investigators. Following an introductory chapter, the subsequent three chapters are dedicated to overarching frameworks, including principles, legal considerations and security. The remaining chapters are focused on the investigation process itself. This section of the Berkeley Protocol begins with a chapter on preparation and strategic planning, followed by a chapter dedicated to the various investigatory steps required – namely, online inquiries, preliminary assessment, collection, preservation, verification and investigative analysis. It concludes with a chapter on the methodology and principles for reporting on the findings of an open source investigation.
    Purpose
    The protocol aims to respond to the new environment of open source and digital data, providing tools on dealing with the opportunities and challenges posed by this reality. Consequently, "[t]he Protocol is designed to standardise procedures and provide methodological guidance across disparate investigations, institutions and jurisdictions to assist open source investigators in understanding the importance of: (a) Tracing the provenance of online content and attributing it to its original source, where possible; (b) Evaluating the credibility and reliability of online sources; (c) Verifying online content and assessing its veracity and reliability; (d) Complying with legal requirements and ethical norms; (e) Minimising any risk of harm to themselves, their organisations and third parties; (f) Enhancing protection of the human rights of sources, including the right to privacy".
    Description
    The Berkeley Protocol on Digital Open Source Investigations aims to standardise procedures and provide methodological guidance concerning digital open source investigations. The document addresses the relevant principles in open source investigations from a professional, methodological and ethical standpoint. It also provides the legal framework applicable to these investigations, providing security considerations and relevant guidance for the preparation, the investigative process and the reporting on findings. The Protocol also contains a glossary and a series of annexes, including forms and templates to assist investigators.
    Target group
    investigators, lawyers, archivists, and analysts.

  • Best Practices For Seizing Electronic Evidence v.4.2. A Pocket Guide for First Responders

    Institution

    US Secret Service (US Department of Homeland Security)

    Language

    English

    Reference link
    https://www.cwagweb.org/wp-content/uploads/2018/05/BestPracticesforSeizingElectronicEvidence.pdf
    Executive summary
    n/a
    Purpose
    The purpose of this guide is to assist patrol officers, investigators and detectives in recognizing how computers and electronic devices may be used as an instrument of a crime or a storage device for evidence in a host of federal and state crimes.
    Description
    This guideline includes methods of preservation of evidence found in computers and networked devices. Additionally, it includes special considerations for first responders, a list of crimes and their potential useful evidence typologies, and sample general questions that can be asked during the initial stage of the investigation.
    Target group
    Patrol officers, investigators and detectives

  • Best Practices Report

    Institution

    European Commission (LIVE_FOR Project)

    Language

    English

    Publication date
    2018-05-23

    Reference link
    http://live-for.eu/wp-content/uploads/2019/04/D2.2_final.pdf
    Executive summary
    This document presents the best practices that are expected to be followed in cases when application of the EIO directive is applied. Besides the main instruction about application the document provides reasonable introduction to the main knowledge from relevant fields such as digital forensics and cross-border evidences collection from both aspects: technical and legal. This approach is understood by contacted experts to be most useful for the future professional in the respective organizations like prosecutors, judges etc. in cases when the EIO Directive will be applied. The first chapters define the technical part of this document. It is aimed to facilitate the knowledge needed to carry out a forensic analysis in both traditional computing and cloud environments. For that purpose, the first chapter is focused on defining basic general concepts such as the functioning of the Internet, the typical topologies of communication networks, how the information exchange process is carried out and which is the definition and use of metadata. The next two chapters are addressed to the techniques and principles of forensic digital science. They describe the principles of forensic computing, the basic legal requirements needed to carry out the information extraction process properly and the different types of information extraction methods, such as dead acquisition analysis and live forensics methods. Reverse engineering concept is explained and the most complete and well-known tools in this field are listed. This document also addresses and defines the characteristics of the technologies available behind the cloud environment, as well as carrying out an analysis of the risks and advantages associated with it, since every day more companies and entities migrate their information to the cloud. Some typical practical cases that can be used as a reference are also defined. One of the characteristics of cloud environments is the difference in terms of geographical location, so the data can be stored in multiple countries with different jurisdictions. This represents a challenge for the EU that needs to develop tools aimed to transfer digital evidences quickly and safely. For that reason, the tools that have been developed so far in this field are analysed. The legal part is defined in Chapter eight and is aimed to provide a reliable method and a series of best practices on gathering e-evidence abroad by using the EIO. Therefore, this part of the document can be used as a guide to complete properly each of the steps needed in the EIO. In the Annex, the international standards that can be followed by investigators to carry out a digital forensic analysis of evidence are defined. It is important that the agents involved in the scope of the Directive and the EIO increase their technical knowledge, their understanding of the main concepts regarding forensic environments in the cloud and enhance their knowledge on filling the EIO and the related procedures. This document is therefore intended to be used as a guide to allow the most effectiveness and appropriate adaptation to the current situation of the European environment.
    Purpose
    "Increase the technical knowledge, understanding of the main concepts regarding forensic environments in the cloud and enhance their knowledge on filling the EIO and the related procedures. This document is therefore intended to be used as a guide to allow the most effectiveness and appropriate adaptation to the current situation of the European environment."
    Description
    The document includes bes practices expected to follow when the European Investigation Order (EIO) is applied, particularly in connection to digital evidence and cross-border cooperation, from a legal and technical perspective. The document includes explanations on basic concepts such as server, log, metadata, etc. It also addresses digital forensics techniques and procedures, cloud forensics, and best practices on the collection of cross border evidence. As an annex, it includes relevant standards on digital evidence.
    Target group
    Agents involved in the application of the European Investigation Order (EIO).

  • Beyond Reasonable Doubt Using Scientific Evidence to Advance Prosecutions at the International Criminal Court

    Institution

    Berkeley Centre for Human Rights

    Language

    English

    Publication date
    2012-10-01

    Reference link
    https://www.law.berkeley.edu/files/HRC/HRC_Beyond_Reasonable_Doubt_FINAL.pdf
    Executive summary
    n/a
    Purpose
    The purpose of the document is to promote ideas, expertise, strategies, and strategic and technological resources for investigators and prosecutors for the applicatio of new and emerging scientific methods and technologies to pursue accountability.
    Description
    The report presents recommendations drawn from the workshop convened by the Berkeley HRC in consultation with the Office of the Prosecutor at the International Criminal Court in October 2012. The report includes a major section on the background of the issue, presenting an overview on the use of scientific evidence at international criminal tribunals (ICC, ICTY, ICTR and ECCC). The document includes best practices as discussed in the workshop, concerning evidence collection, preservation and analysis, and presentation of evidence in the courtroom. Lastly, the report sets out precise conclusions and recommendations regarding documentary evidence, and information technologies and management.
    Target group
    Investigators and prosecutors

  • CCBE recommendations on the establishment of international rules for cross-border access to electronic evidence

    Institution

    Council of Bars and Law Societies of Europe (CCBE)

    Language

    English

    Publication date
    2019-02-28

    Reference link
    https://www.ccbe.eu/fileadmin/speciality_distribution/public/documents/SURVEILLANCE/SVL_Position_papers/EN_SVL_20190228_CCBE-recommendations-on-the-establishment-of-international-rules-for-cross-border-access-to-e-evidence.pdf
    Executive summary
    n/a
    Purpose
    The purpose of the guidelines is to summarize the challenges and providee recommendations on cooperation mechanisms between law enforcement authorities regarding the exchange of data between the EU and the U.S. or the countries who are parties to the Budapest Convention.
    Description
    This paper is the CCBE’s response to a number of developments concerning the establishment of international rules for cross-border access to electronic evidence for the purpose of criminal investigations, especially as regards to the so-called direct cooperation between law enforcement authorities and service providers.
    Target group
    Law enforcement agencies

  • Common challenges in combating cybercrime (as identified by Eurojust and Europol)

    Institution

    EuropolEurojust

    Language

    English

    Publication date
    2019-06-30

    Reference link
    https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2019-06_Joint-Eurojust-Europol-report_Common-challenges-in-combating-cybercrime_EN.PDF
    Executive summary
    n/a
    Purpose
    "The objective of this document is to identify and categorise the common challenges in combating cybercrime1 from both a law enforcement and a judicial perspective. Eurojust and Europol’s European Cybercrime Centre (EC3) have identified the challenges based on and informed by operational and practical experience, joint deliberations and expert input. Other sources used include final reports of several thematic and strategic meetings with national experts and relevant stakeholders, strategic reports and assessments such as Europol’s EC3’s Internet Organised Crime Threat Assessment (IOCTA), as well as various open sources. Despite the availability of information, both in- and external, on the obstacles, the discussion can certainly benefit from more extensive (and broader) research and a closer comparison of existing legislation at national and international levels. The challenges identified fall into five main areas (see also Figure 1 below):  loss of data;  loss of location;  challenges associated with national legal frameworks;  obstacles to international cooperation; and  challenges of public-private partnerships. This document further examines some of the practical implications of these challenges. In addition, this document lists some of the most relevant ongoing activities and open issues regarding each of the challenges identified. For this purpose, a short overview is given at the end of each chapter. Additional information on some of the ongoing activities as well as some of the open issues can be found in the Annex."
    Description
    The document focuses on summarizing the main challenges related to combating cybercrimes. It specificall focuses on explaning these challenges with respect to: a) loss of data, b) loss of location; c) challenges associated with national legal frameworks; d) obstacles to international cooperation and e) challenges to public private partnership. It also concludes with an annex of additional information on ongoing activities and open issues.
    Target group
    Actors on both law enforcement and judicial levels

  • Creating an Android Open Source Research Device on Your PC

    Institution

    Bellingcat

    Language

    English

    Publication date
    2018-08-23

    Reference link
    https://www.bellingcat.com/resources/how-tos/2018/08/23/creating-android-open-source-research-device-pc/
    Executive summary
    n/a
    Purpose
    To provide a walk-through on setting up a virtual Android device on a PC to conduct open source research.
    Description
    The guide provides a walk-through on setting up a virtual Android device on a PC to conduct open source research. It includes instructions for the installation of Genymotion and VirtualBox.
    Target group
    Open source researchers and investigators

This is free software. Created with LinkAhead and Django. Licenced under AGPL version 3.0 (Sources).