Overview of Existing Procedures for Exchanging Electronic Evidence at National and European Levels

WP4 ‘Technical Issues’ Team just issued their second report. Deliverable D4.2 ‘Status Quo Assessment and Analysis of Primary Challenges and Shortcoming’ provides an overview of existing procedures for exchanging electronic evidence at national and European levels. Moreover it proposes a standard for representing data and metadata involved in the Exchange process and formal languages for their representation. Finally it introduces a cloud platform for implementing the Exchange process, listing the main features that this platform should have and putting the focus for a desirable integration with other existing platforms already in place and managed by an European/International public body.

In composing this overview we have considered the following sources:

  • existing guidelines and technical standards;
  • practical and operational feedback by Law Enforcement Agencies and forensics specialists by means of questionnaires/interviews and workshops with expert group meetings both in the legal and technical fields.

This document has been structured in the following five Parts:

  • Part I: Electronic Evidence Exchange, status quo and a standard proposal for its representation
  • Part II: Electronic Evidence Exchange, Use cases and metadata
  • Part III: Use cases expressed in the proposed formalism and open issues
  • Part V: Electronic Evidence Exchange platform: main features and integration with already existing systems
  • Conclusions.

In Part I, Electronic Evidence Exchange, an overview of the existing guidelines and best practices in Evidence Exchange is presented. Furthermore the standard proposal related to both metadata describing the evidence exchange process and the formalisms for their representation are given.

In Part II, Electronic Evidence Exchange, Use cases and metadata, the information that may be relevant during a typical evidence exchange, has been defined. Basically three different time points where a digital evidence exchange may happen have been taken into consideration:

  • just after a seizing process has been carried out: in this case what is exchanged is the Source of Evidence, that is the physical devices under sequestration;
  • after a forensics acquisition: in this case the digital evidence acquisition/forensic copy is exchanged. The copy may be represented by a single image file or the generated files by a forensics acquisition (e.g. memory dump, network dump, malware specimen, etc.);
  • final reports with alleged findings.

In Part III, Use cases expressed in the proposed formalisms and open issues, the use cases shown in the previous Part II, have been expressed using the chosen formal languages of the standard proposal.

In Part IV: Electronic Evidence Exchange platform for implementing the process in a standard way, is described through the main features to be implemented. The desirable solution is the integration with other platforms already in place, especially those managed by major European/International public bodies.

Finally issues and a possible way forward to develop solid and full operational solutions to cope with the Electronic Evidence Exchange standard is illustrated.