Recommendations on Digital Evidence Forensics

Author:Gregory, John - Pestaina, Mr Gene
Profession:General Counsel, Policy Branch - Attorney-at-law
Pages:62-63

Page 62

(1) The Group supports and recommends the following general principles for procedures relating to digital evidence, as well as the definitions, that have been devel-oped by the G8 High-Tech subgroup:

Principles:

- When dealing with digital evidence, all of the general forensic and procedural prin-ciples must be applied.

- Upon seizing digital evidence, actions taken should not change that evidence.

- When it is necessary for a person to access original digital evidence, that person should be trained for the purpose.Page 63

- All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review.

- An individual is responsible for all actions taken with respect to digital evidence whilst the digital evidence is in their possession.

- Any agency, which is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles.

Definitions:

Digital evidence - Information stored or transmitted in binary form that may be relied upon in court.

Original Digital Evidence - Physical items and those data objects, which are associated with those items at the time of seizure.

Duplicate Digital Evidence - A duplicate is an accurate digital reproduction of all data objects contained on the original physical item.

Copy - A copy is an accurate reproduction of all data objects contained on the original physical item.

(2) The Group recommends that, to the extent possible, the Commonwealth Secretariat:

(a) respond favourably to requests for training in this area, from...

To continue reading

Request your trial