Title

Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools

Document Type

Book Chapter

Publication Date

2011

Subject: LCSH

Cyber forensics, computer forensics

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

Due to the lack of standards in reporting digital evidence items, investigators are facing difficulties in efficiently presenting their findings. This paper proposes a standard for digital evidence to be used in reports that are generated using computer forensic software tools. The authors focused on developing a standard digital evidence items by surveying various digital forensic tools while keeping in mind the legal integrity of digital evidence items. Additionally, an online questionnaire was used to gain the opinion of knowledgeable and experienced stakeholders in the digital forensics domain. Based on the findings, the authors propose a standard for digital evidence items that includes data about the case, the evidence source, evidence item, and the chain of custody. Research results enabled the authors in creating a defined XML schema for digital evidence items.

Comments

Dr. Baggili was appointed to the University of New Haven’s Elder Family Endowed Chair in 2015.

Purchase book or chapter

Locate in UNH library

DOI

10.1007/978-3-642-19513-6_7

Publisher Citation

Bariki, H., Hashmi, M., & Baggili, I. (2011). Defining a standard for reporting digital evidence items in computer forensic tools. In Baggili, Ibrahim, ed. Digital Forensics and Cyber Crime: Second International ICST Conference, ICDF2C 2010, Abu Dhabi, United Arab Emirates, October 4-6, 2010, Revised Selected Papers, pp. 78-95. Springer Berlin Heidelberg. ISBN 978-3-642-19513-6