Page 62
(1) The Group supports and recommends the following general principles for procedures relating to digital evidence, as well as the definitions, that have been devel-oped by the G8 High-Tech subgroup:
Principles:
- When dealing with digital evidence, all of the general forensic and procedural prin-ciples must be applied.
- Upon seizing digital evidence, actions taken should not change that evidence.
- When it is necessary for a person to access original digital evidence, that person should be trained for the purpose.Page 63
- All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review.
- An individual is responsible for all actions taken with respect to digital evidence whilst the digital evidence is in their possession.
- Any agency, which is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles.
Definitions:
Digital evidence - Information stored or transmitted in binary form that may be relied upon in court.
Original Digital Evidence - Physical items and those data objects, which are associated with those items at the time of seizure.
Duplicate Digital Evidence - A duplicate is an accurate digital reproduction of all data objects contained on the original physical item.
Copy - A copy is an accurate reproduction of all data objects contained on the original physical item.
(2) The Group recommends that, to the extent possible, the Commonwealth Secretariat:
(a) respond favourably to requests for training in this area, from...
