Evidence collection Prior to the investigation, it is important for the incident responder to understand the principles of digital evidence. The submission of evidence collection in a legal proceeding, especially in computer crime cases, can have major challenges. Specific knowledge is required to collect, preserve, and transport the evidence because the evidence obtained from a cyber-crime case might vary from the traditional forms of evidence collection . Often, evidence associated with computer crimes is in the form of an electronic pulse, that is, in digital form.
This section discusses about Association of Chief Police Officers (ACPO) principles of digits’ evidence collection and Scientific Working Group on Digital Evidence (SWGDE).
ACP Principles of Digital Evidence Source:
– Principle 1
No action taken by law enforcement agencies or their agents should change data held on a computer or storage media, which may subsequently be relied upon in court.
– Principle 2
In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Related Product : EC-Council Certified Incident Handler | ECIH v2
– Principle 3
An audit trail or alternative record of all processes applied to computer-based electronic evidence should be created and preserved. an independent third party should be able to examine those processes and achieve the same result.
– Principle 4
The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
Scientific Working Group on Digital Evidence
– Principle 1
To ensure that digital proof is collected, preserved, examined, or transferred in a very manner that safeguards the accuracy and liableness of the proof, enforcement and rhetorical organizations should establish and maintain a good system for internal control.
Standard operational Procedures (SOPS)
Standard operating procedures (SOPs) are documented quality-control tips that has to be supported by correct case records and loosely accepted procedures, equipment, and materials. Implementation of SOPS permits you to control company-compliant policies and plans.
– Standards and Criteria 1.1
All agencies that seize and/or examine digital evidence should maintain an applicable SOP document. All elements of an agency’s policies and procedures regarding digital proof should be clearly set forth during this SOP document that should be issued beneath the agency’s management authority.
Discussion: the utilization of SOPs is key to both enforcement and forensic science. Tips that are consistent with scientific and legal principles are essential to the acceptance of results and conclusions by courts and alternative agencies.
– Standards and Criteria 1.2
Agency management should review the SORE on an annual basis to make sure their continued suitability and effectiveness.
Discussion: fast technological changes are the hallmark of digital proof, whereby the kinds, formats, and methods for seizing and examining digital proof change quickly. to make sure that personnel, training, equipment, and procedures still be appropriate and effective, the management should review and update SDP documents annually.
– Standards and Criteria 1.3
SDPs should be generally accepted within the field or supported by data gathered and recorded in a very scientific manner.
Discussion: As a variety of scientific procedures might validly be applied to a given problem, standards and criteria for assessing procedures got to be versatile. The validity of a procedure is also established by demonstrating the accuracy and reliability of specific techniques. within the digital proof space, peer review of SOPs by other agencies is also helpful.
– Standards and Criteria 1.4
The agency must maintain written copies of the appropriate technical procedures.
Discussion: Procedures ought to set forth their purpose and acceptable application. Needed components like hardware and software should be listed and also the correct steps for roaring use ought to be listed or mentioned. Any limitations within the use of the procedure or the utilization or interpretation of the results ought to be established. Personnel UN agency use these procedures should be conversant in them and have them out there for reference.
– Standards and Criteria 1.5
The agency should use hardware and software system that area unit acceptable and effective for the seizure or examination procedure.
Discussion: though several acceptable procedures is also wont to perform a task, hefty variation among cases needs that personnel have the pliability to exercise judgment in choosing a way acceptable to the matter.
Also Read : Securing the Crime Scene
– Standards and Criteria 1.6
All activities associated with the seizure, storage, examination, or transfer of digital proof should be recorded in writing and be out there for review and testimony.
Discussion: normally, documentation to support conclusions should be such, within the absence of the mastermind, another competent person will appraise what was done, interpret the information, and attain constant conclusions because the mastermind.
– Standards and Criteria 1.7
Any action that has the potential to change, damage, or destroy any facet of original proof should be performed by qualified persons in a very forensically sound manner.
Discussion: As made public within the preceding standards and criteria, proof has worth providing it may be shown to be correct, reliable, and controlled. A high-quality forensic program consists of properly trained personnel and acceptable instrumentation, software, and procedures to together guarantee these attributes.
Questions related to this topic
- Principles of digital forensics
- Forensics principles
- The two basic principles in computer forensics are to
- Collecting digital evidence flowchart
- Steps to gathering or handling digital evidence
- Application of digital evidence
Top Incident Handling Knowledge
- What is an Information Security Incident?
- Top 10 Most Common Types of Cyber Attacks
- Competitive Intelligence
- What is Evidence Collection?
- Variety of important anti-forensic techniques
- Enhancing Incident Response by Establishing SOPs
- Threat Intelligence Informed Risk Management
- An Introduction of Computer Forensics
- Overview of Digital evidence
- Forensics Investigation method of Computer
- Forensic Readiness planning
- The Principles of Digital Evidence Collection
- Securing the Crime Scene
- Forensic Readiness an Overview
- Securing the Evidence
- Life Cycle of forensics information in the system
- Forensic Investigation Analysis
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com