Overview of Existing Standard for Treatment and Exchange of Electronic Evidence

Deliverable D4.1 ‘Overview of Existing Standard for Treatment and Exchange of Electronic Evidence’ provided an overview of existing standard for treatment and exchange of electronic evidence also taking into consideration tools that are thoroughly tested and generally accepted in the computer forensics field in the EU Member States context.

In composing the overview WP4 team have considered relevant literatures, existing guidelines and technical standards, and practical and operational feedback by Law Enforcement Agencies and forensics specialists y means of questionnaires/interviews and workshops with expert group meetings both in the legal and technical fields.

The report has been structured in the four main parts:

  • Part I: Overview of Existing Standard for the Handling of Electronic Evidence
  • Part II: Digital Forensics Tools Catalogue
  • Part III: Overview and Status Quo for the Exchanging of Electronic Evidence
  • Conclusions.

The ‘Overview of Existing Standard for the Handling of Electronic Evidence’ part has been organized according to the electronic evidence lifecycle as identified in Deliverable D2.1 ‘Semantic Structure’. The lifecycle highlights the main processes of the investigation phase in which a potential electronic evidence is identified, collected, and acquired and then safely preserved; and has been further developed according to survey findings and operational feedback. As a result a digital evidence management timeline is described.

Part II ‘Digital Forensics Tools Catalogue’ describes how the development of the Catalogue has been accomplished. In composing the overview of existing standard for the handling of electronic evidence, a wide number of digital forensics tools for the acquisition and analysis processes have been gathered and on the basis of this collection a Forensics Tools Catalogue has been build up. The Catalogue relies on a classification of the main branches, acquisition and analysis, and is visible via http://wp4.evidenceproject.eu

The deliverable also testifies the growing need in the forensics community to assure the trustworthiness of the digital forensics tools. It is of utmost importance to establish a methodology for testing computer forensics tools through a development of general tool specifications, test procedures, test criteria, test sets, and test hardware.

It is crucial to define a set of measurements to determine the appropriateness of a specific forensic tool for a specific situation. The objective is to determine the measurable criteria and desired outcomes required of software tools by the forensics community. An overview of Digital Forensics Tools Evaluation is presented, based on the last resources found on scientific literature.

Part III ‘Overview and Status Quo for the Exchanging of Electronic Evidence’ has been composed on the basis of the information gathered during group experts meetings and by specific questionnaires.

Finally, challenges and possible solutions to cope with the electronic evidence exchange issues are briefly introduced.