Standards and Best Practices in Digital and Multimedia Forensics Shujun LI , Mandeep K. Dhami and Anthony T. S. Ho Department of Computing and Surrey Centre for Cyber Security (sccs)

UK ACPO Good Practice Guide for Digital Evidence (2011a)

Download 0,63 Mb.

Pdf ko'rish

bet	30/54
Sana	30.05.2023
Hajmi	0,63 Mb.
	#945953

1 ... 26 27 28 29 30 31 32 33 ... 54

Bog'liq
9781118640500.excerpt

2.3.5.1
UK ACPO Good Practice Guide for Digital Evidence (2011a)
This guide is the latest edition of a series of such guides started in the 1990s (UK ACPO
1999, 2003, 2007, 2011a). Its title was originally ‘Good Practice Guide For Computer
Based Evidence’ and changed to ‘Good Practice Guide for Digital Evidence’ in its
latest edition, which reflects a major change from focusing on normal computers to
diverse computing devices that can generate evidence in digital form. It is the current
‘gold standard’ for digital forensic examiners in UK police forces and widely accepted
in UK court.
The guide presents instructions on the handling and examination of digital evidence
found on computer devices. It ensures the collection and recovery of evidence in an
efficient and timely fashion. The guide presents four principles for the handling of
digital evidence by law enforcement personnel, as follows (note that we reproduce
wording from the guide itself to be more accurate):

“c02” — 2015/6/19 — 20:53 — page 67 — #30
Standards and Best Practices in Digital and Multimedia Forensics
67
•
Principle 1
: No action taken by law enforcement agencies, persons employed within
those agencies or their agents should change change data which may subsequently
be relied upon in court.
•
Principle 2
: In circumstances where a person finds it necessary to access original
data, that person must be competent to do so and be able to give evidence explaining
the relevance and the implications of their actions.
•
Principle 3
: An audit trail or other record of all processes applied to digital evidence
should be created and preserved. An independent third party should be able to
examine those processes and achieve the same result.
•
Principle 4
: The person in charge of the investigation has overall responsibility for
ensuring that the law and these principles are adhered to.
The main body of the guide covers planning, evidence capturing, analysis and
presentation. Online evidence and mobile phone forensics are covered in this guide
as well. For the presentation part, it covers different forms of presentation of digital
evidence including verbal feedback, formal statements and reports, and as witness
evidence. It also has a section on general issues such as training and education, welfare
in the workplace, digital forensics contractors, disclosure and relevant legislation in
the United Kingdom. The guide refers to another ACPO guide ‘Good Practice Guide
for Managers of e-Crime investigation’ (UK ACPO 2011b) which covers more about
managerial issues around e-crime investigation.
The guide also contains four appendices, one dedicated to network forensics
covering wired and wireless networking devices and also live forensics, one
dedicated to crime involving online evidence (websites, forums, blogs, emails, covert
communications on the Internet, etc.), one dedicated to crime scene investigations and
the last discussing how a law enforcement agency can develop a digital investigation
strategy.

Download 0,63 Mb.

Do'stlaringiz bilan baham:

1 ... 26 27 28 29 30 31 32 33 ... 54