Digital Evidence Database

Showing 31 to 40 of 120 results.

  • Cómo Rastrear Vuelos: La Guía Para Novatos

    Institution

    Bellingcat

    Language

    Spanish

    Publication date
    2019-10-15

    Reference link
    https://es.bellingcat.com/recursos/guias/2019/10/15/como-rastrear-vuelos-la-guia-para-novatos/
    Executive summary
    n/a
    Purpose
    The purpose of this guide is to provide a quick and complete guidance on how to start tracking flights.
    Description
    The guide starts with a glosary of terms needed to start tracking flights. It then provides some of the most popular flight tracking websites available and outlines some of their features. Finally, the guide concludes with a case study demonstrating how these tools can be used in conjunction with one another to shed light on the air movements of the powerful.
    Target group
    Open source researchers and investigators

  • Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors

    Institution

    Office of Justice Programs, National Institute of Justice (NIJ) (US Department of Justice)

    Language

    English

    Publication date
    2007-01-01

    Reference link
    https://www.ncjrs.gov/pdffiles1/nij/211314.pdf
    Executive summary
    n/a
    Purpose
    Assist prosecutorial offices and associated law enforcement agencies in dealing with digital evidence to address the complete investigation process.
    Description
    The report identifies and addresses some of the key issues related to digital evidence. It includes relevant guidance related to search and seizure; integrity, discovery, and disclosure; relevant evidentary rules and courtroom preparation; as well as presentation and submission of digital evidence. Lastly, it applies these guidances to the issue of child pornography. The document also refers to additional resources and includes forms useful for investigators.
    Target group
    Law enforcement personnel and prosecutors

  • Digital Evidence, Digital Investigations and E-Disclosure: A Guide to Forensic Readiness for Organisations, Security Advisers and Lawyers Version 3.0

    Institution

    Information Assurance Advisory Council (IAAC)

    Language

    English

    Publication date
    2012-03-01

    Reference link
    https://cryptome.org/2014/03/digital-investigations.pdf
    Executive summary
    This is the third edition of a publication that first appeared in 2005. Although the general principles have not changed much else has, for example, in terms of the capabilities and capacities of computers, the growth in numbers and sophistication of smart phones and the development of social media such as Facebook and Linkedin. Information and Communications Technology (ICT) has continued its rapid evolution and this is having an impact on how investigations involving digital evidence are carried out. Increasingly closed circuit television (cctv), a vital resource of physical security and which used to be archived to video tape, is now digitally stored and hence capable of digital examination. Telephony based on internet protocols (VOIP) is no longer a fringe experiment but a substantial and growing alternative for businesses and private individuals – there are many problems of how evidence from VOIP may be collected and handled. More and more companies are routinely recording telephone traffic, but there are both technical and legal problems associated with its use in court. The day of “ubiquitous computing” – any information anywhere – is upon us via cloud services. These and the growth of other forms of out-sourcing present problems which are partly technical – how does one deal with virtualised computer environments? – but also contractual: what can one expect of the out- sourcing facilities company and how may your contract with them impact on your obligations to a court and to regulators? There have been some important amendments to relevant law. We now have in place measures which require businesses, in particular circumstances, to assist law enforcement agencies in the handling of encrypted material. There are also extensions to the law involving pornographic material. One of the most significant changes has come via the provision of specific rules covering disclosure of documents in electronic form. All of these reasons have persuaded us to issue a substantial new version of the guide at this point rather than simply carry on updating the downloadable file that has been available on the IAAC website.
    Purpose
    "This guide aims to help directors, senior managers and their legal advisers to understand the key strategic and management issues. It is designed to anticipate the need for provision of digital evidence and investigations by setting up management procedures, acquiring appropriate resources and identifying third-party sources of emergency assistance. For lawyers, it provides an overview of the types of digital evidence and the associated problems of probative value, admissibility and disclosure. But it is only a starting point – other, more specialist publications will need to be consulted while a detailed plan is formulated."
    Description
    The manual builds upon previous versions and incorporate new laws and regularions. This specifically concerns business required to help and assist enforcememnt agencies in, for example, handling of encrypted material. It marks as one of the most significant changes the laws regulating the disclosure of documents in electronic forms.
    Target group
    Decision-makers, legal advisers, managers and lawyers

  • Digital Evidence: Investigatory Protocols

    Institution

    Berkeley Centre for Human Rights

    Language

    English

    Publication date
    2013-10-01

    Reference link
    https://humanrights.berkeley.edu/publications/digital-evidence-investigatory-protocols
    Executive summary
    n/a
    Purpose
    The document aims to "assist the Office of the Prosecutor (“OTP”) at the International Criminal Court (“ICC”) by discussing cyberinvestigation protocols that enable strategic mobilization and acquisition of digital evidence."
    Description
    "This paper discusses cyberinvestigation protocols relevant to three types of digital evidence: data that is on a device; data that is not on a device or is accessible online; and data that is held privately by a service provider. The first section addresses how an investigator should acquire and authenticate physical devices that may have evidentiary value. The protocols demonstrate methods that reduce the risk of inadmissibility and manipulation. The second section addresses situations where the investigator obtains evidence independent of a physical device, for instance, a video that is posted on a publicly available website. Since this type of digital evidence is not forensically acquired, this section aims to help investigators determine its reliability. Additionally, this section explains how prosecutors might authenticate such evidence by corroboration or testimony. The third section turns to data held by service providers that is not available without their cooperation. This data may be acquired by a direct request from a prosecutor. For United States service providers, the U. S. Stored Communications Act (“SCA”) sets forth procedures for domestic law enforcement access to this data. It is silent on foreign law enforcement access. The Mutual Legal Assistance Treaties (“MLAT”) process addresses foreign law enforcement access to this data; however, this process is lengthy and may be subject to other legal requirements, such as dual criminality. Please note that protocols in all three sections are based on standards that reflect the current technological landscape and therefore should be updated when necessary. Furthermore, the basic procedures discussed here are derived from lengthy treatments of forensic analysis in source documents. In all three types of investigations, situational factors arise in which deviation from the protocols discussed is appropriate. Therefore, each investigation will need to employ specific procedures that are context-dependent."
    Target group
    The Office of the Prosecutor at the International Criminal Court

  • Digital Evidence: Policies and Procedures Manual

    Institution

    Office of Justice Programs, National Institute of Justice (NIJ) (US Department of Justice)

    Language

    English

    Publication date
    2020-05-01

    Reference link
    https://www.ncjrs.gov/pdffiles1/nij/254661.pdf
    Executive summary
    n/a
    Purpose
    The manual is intended to be a base for defining a series of policies and procedures (especially concerning collection, handling and processing of digital evidence) within law enforcement agencies.
    Description
    The manual includes sections on case assignment and prioritization; equipment testing, validation and updates; evidence and property handling; search and seizure; storage and retention of evidence; reports; materials and supplies' digital forensic lab access; information to the media; and quality controls.
    Target group
    Law enforcement agencies

  • Digital Fingerprints Using Electronic Evidence to Advance Prosecutions at the International Criminal Court

    Institution

    Berkeley Centre for Human Rights

    Language

    English

    Publication date
    2014-02-01

    Reference link
    https://www.law.berkeley.edu/files/HRC/Digital_fingerprints_interior_cover2.pdf
    Executive summary
    n/a
    Purpose
    The document aims to promote an open exchange of ideas and expertise on strategies to improve the capacity of investigators and prosecutors to gather and analyze digital evidence relevant to serious international crimes.
    Description
    The report presents recommendations drawn from the workshop convened by the Berkeley HRC in collaboration with CITRIS in Salzburg, Austria, in October 2013. The report includes a background section, presenting an overview on digital evidence at the International Criminal Court (ICC), its history and in trial proceedings. The document addresses issues such as the relevance of building the ICC's internal capacity, and fostering external partnerships. Lastly, the report sets out precise recommendations in this line.
    Target group
    Investigators and prosecutors

  • Directors and Corporate Advisors’ Guide to Digital Investigations and Evidence

    Institution

    Information Assurance Advisory Council (IAAC)

    Language

    English

    Publication date
    2005-09-01

    Reference link
    http://www.4law.co.il/cr31005.pdf
    Executive summary
    Nearly all organisations underestimate how often they may be called on to produce reliable evidence of what has happened in and around their information and communication technology (ICT) systems. They also underestimate the demands that the legal system makes in terms of ensuring the admissibility and reliability of digital evidence. Both of these can have a profound impact on business welfare. The detail of the problems that arise may be “techie”, but the implications for the continued smooth running of the organisation require proper control from, and the full understanding of, the organisation’s most senior decision-makers. Evidence is required in a very wide range of circumstances, for example: • in disputed transactions; • in allegations of employee misbehaviour; • to show compliance with legal and regulatory rules; • to avoid charges of negligence or breach of contract; • to assist law enforcement in criminal and anti-terrorist investigations; • to meet disclosure requirements in civil claims; • to support insurance claims after a loss. “Computer forensics” is now an established set of disciplines and the very high standards in place for preserving material from personal computers creates high expectations of other forms of digital evidence, including those from large corporate systems and networks, across the Internet and the emerging families of personal digital assistants (PDAs), mobile phones and portable media units. Unless the organisation has developed a detailed planned response to typical risk scenarios, much potential evidence will never be collected or will become worthless as a result of contamination. Moreover, during an investigation, the organisation will be constantly faced with a dilemma: lose business when essential systems are switched off so that evidence can be properly preserved; or be profoundly handicapped and incur losses because evidence cannot be produced. What is needed is a forensic readiness plan. The first part of this guide is directed at major decision-makers, corporate strategists and their senior advisers, including lawyers. It covers the following: • explaining the legal requirements of “evidence” and the problems of admissibility; • showing the life-cycle of incidents and how evidence collection needs to be integrated into regular crisis management, incident response and litigation plans; • showing the management planning, processes and disciplines necessary if an organisation is to emerge with the greatest possible range of options; • providing a scheme for deciding the resources that will be required and when and how far requirements can be outsourced to specialist third parties. The second part of the guide is for those who will have to implement policy such as information security staff, computer security incident response staff and those tasked with dealing with the sharp end of an investigation. It offers essential background information, including: • techniques for evidence preservation; • descriptions of the relevant laws of evidence and admissibility; • disclosure, human rights and data protection issues; • the limits of powers to carry out various forms of surveillance and investigation; • the handling of obscene and paedophiliac material; • points of contact in law enforcement agencies; • pointers to further information; • a glossary Lawyers called upon to provide detailed guidance will also find some of the technical material on types of evidence and methodologies for acquisition helpful. Although this guide is designed for use within the United Kingdom and the descriptions of the law refer to English law, many of the principals are universal in all jurisdictions.
    Purpose
    "This guide aims to help directors, senior managers and their legal advisers to understand the key strategic and management issues. It is designed to anticipate the need for provision of digital evidence and investigations by setting up management procedures, acquiring appropriate resources and identifying third-party sources of emergency assistance. For lawyers, it provides an overview of the types of digital evidence and the associated problems of probative value, admissibility and disclosure. But it is only a starting point – other, more specialist publications will need to be consulted while a detailed plan is formulated."
    Description
    This guide is relevant beyond criminal investigations. It focuses on guiding managers, as well as practiioners through preserving evidence not only from the standpoint of 'actual' evidence. It looks into decision making and long-term planning in business world to maintain the increased demand of digitalization.
    Target group
    Decision-makers, legal advisers, managers and lawyers

  • Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

    Institution

    Office of Justice Programs, National Institute of Justice (NIJ) (US Department of Justice)

    Language

    English

    Publication date
    2008-04-01

    Reference link
    https://www.ncjrs.gov/pdffiles1/nij/219941.pdf
    Executive summary
    n/a
    Purpose
    Assist state and local law enforcement and other first responders who may be responsible for preserving an electronic crime scene and for recognizing, collecting, and safeguarding digital evidence.
    Description
    The document includes definitions and basic concepts relevant when dealing with digital evidence. The guide addresses potential electronic devices, investigative tools and equipment. Moreover, it sets out practices concerning securing and evaluating the scene, documenting the scene, collecting evidence, and handling of digital evidence. Lastly, it includes a section on electronic crimes and digital evidence. The document also has a glossary of relevant concepts.
    Target group
    State and local law enforcement and other first responders.

  • Electronic Crime Scene Investigation: An On-the-Scene Reference for First Responders

    Institution

    Office of Justice Programs, National Institute of Justice (NIJ) (US Department of Justice)

    Language

    English

    Publication date
    2009-11-01

    Reference link
    https://www.ncjrs.gov/pdffiles1/nij/227050.pdf
    Executive summary
    n/a
    Purpose
    The document is intended as a quick reference for first responders and as a companion piece to 'Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition'.
    Description
    The guide addresses potential electronic devices, and sets out practices concerning securing and evaluating the scene, documenting the scene, collecting evidence, and packaging and transporting digital evidence. Lastly, it includes a section on electronic crimes and digital evidence.
    Target group
    First responders.

  • Electronic evidence - a basic guide for First Responders Good practice material for CERT first responders

    Institution

    European Union Agency for Cybersecurity (ENISA)

    Language

    English

    Reference link
    https://www.enisa.europa.eu/publications/electronic-evidence-a-basic-guide-for-first-responders
    Executive summary
    Threats to cybersecurity and cyber-attacks respect no boundaries. For that reason ENISA in the last couple of years has helped to bridge the gap between the CERT- and the law enforcement communities. This report is a continuation of the work of ENISA in this field, and aims at providing a guide for first responders in the area of gathering of evidence related to a cybercrime. While the securing of digital evidence is ultimately a task and a responsibility of law enforcement, CERT staff can nevertheless contribute to that work by helping to preserve it during for example the detection of a cybercrime. This guide does not intend to be exhaustive, nor does it aim to be a full step-by-step guide on how to approach digital evidence as a first responder. Gathering of evidence for example typically involves ad hoc decisions that need to be made during the process, based on factors that cannot be determined in advance. Instead, this guide aims at explaining the principles of sound evidence gathering and tries to raise the right questions to be asked by first responders before starting to work. The document starts with an explanation what is understood by “electronic evidence”. Different definitions are presented as well as different sources of electronic evidence (laptops, PDAs, etc.). Next we discuss the different fundamental principles in the field of evidence gathering. One set of particular interest is the principles described in the Electronic evidence guide - A basic guide for police officers, prosecutors and judges1, developed within the framework of the European Union and the Council of Europe joint project (CyberCrime@IPA project2). It identifies five principles that establish a basis for all handling of electronic evidence. Without trying to be exhaustive we touch then the different phases first responders encounter when performing digital forensics or electronic evidence gathering. We describe how they should act before and while arriving at the (crime) scene, what they should keep in mind when performing memory forensics, etc. After that we touch upon some important legal topics and questions such as: - How to determine the applicable law? - What is the adequacy of the exisiting rules? - Which jurisdiction applies? We believe that a key success factor for a CERT first responder deling with gathering of electronic evidence is appropriate communication with law enforcement.
    Purpose
    This guide aims at explaining the principles of sound evidence gathering and tries to raise the right questions to be asked by first responders before starting to work.
    Description
    The document starts with an explanation of what is “electronic evidence” as well as the different fundamental principles in the field of evidence gathering. The document also addresses the different phases first responders encounter when performing digital forensics or electronic evidence gathering. We describe how they should act before and while arriving at the (crime) scene, what they should keep in mind when performing memory forensics, etc. Finally, the document addresses some important legal topics and questions such as: - How to determine the applicable law? - What is the adequacy of the existing rules? - Which jurisdiction applies?
    Target group
    First responders

This is free software. Created with LinkAhead and Django. Licenced under AGPL version 3.0 (Sources).