Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools
Cyber forensics, computer forensics
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Due to the lack of standards in reporting digital evidence items, investigators are facing difficulties in efficiently presenting their findings. This paper proposes a standard for digital evidence to be used in reports that are generated using computer forensic software tools. The authors focused on developing a standard digital evidence items by surveying various digital forensic tools while keeping in mind the legal integrity of digital evidence items. Additionally, an online questionnaire was used to gain the opinion of knowledgeable and experienced stakeholders in the digital forensics domain. Based on the findings, the authors propose a standard for digital evidence items that includes data about the case, the evidence source, evidence item, and the chain of custody. Research results enabled the authors in creating a defined XML schema for digital evidence items.
Bariki, Hamda; Hashmi, Mariam; and Baggili, Ibrahim, "Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools" (2011). Electrical & Computer Engineering and Computer Science Faculty Publications. 21.
Bariki, H., Hashmi, M., & Baggili, I. (2011). Defining a standard for reporting digital evidence items in computer forensic tools. In Baggili, Ibrahim, ed. Digital Forensics and Cyber Crime: Second International ICST Conference, ICDF2C 2010, Abu Dhabi, United Arab Emirates, October 4-6, 2010, Revised Selected Papers, pp. 78-95. Springer Berlin Heidelberg. ISBN 978-3-642-19513-6