What is Digital Evidence?
Digital evidence is any information of probative value that is either stored or transmitted in a binary form. This field includes not only computers in the traditional sense but also includes digital audio and video. It includes all facets of crime where evidence may be found in a digital or binary form. (SWGDE, 1998). Perhaps the most common computer crime in the news is child pornography, but computers are also instrumental in crimes ranging from check fraud to conspiracy to commit murder.
What is Digital Forensics?
Digital forensics involves the identification, collection, preservation, examination, and analysis of digital evidence. It is a technical, computer-related field involved in the collection and examination of evidence from computers, including audio, video, and graphical images.
Introduction
The Scientific Working Group on Digital Evidence (SWGDE) was established in February 1998 through a collaborative effort of the Federal Crime Laboratory Directors. SWGDE, as the U.S.-based component of standardization efforts conducted by the International Organization on Computer Evidence (IOCE), was charged with the development of cross-disciplinary guidelines and standards for the recovery, preservation, and examination of digital evidence, including audio, imaging, and electronic devices.
The following document was drafted by SWGDE and presented at the International Hi-Tech Crime and Forensics Conference (IHCFC) held in London, United Kingdom, October 4-7, 1999. It proposes the establishment of standards for the exchange of digital evidence between sovereign nations and is intended to elicit constructive discussion regarding digital evidence. This document has been adopted as the draft standard for U.S. law enforcement agencies.
Definitions
Acquisition of Digital Evidence: Begins when information and/or physical items are collected or stored for examination purposes. The term “evidence” implies that the collector of evidence is recognized by the courts. The process of collecting is also assumed to be a legal process and appropriate for rules of evidence in that locality. A data object or physical item only becomes evidence when so deemed by a law enforcement official or designee.
Data Objects: Objects or information of potential probative value that are associated with physical items. Data objects may occur in different formats without altering the original information.
Digital Evidence: Information of probative value stored or transmitted in digital form.
Physical Items: Items on which data objects or information may be stored and/or through which data objects are transferred.
Original Digital Evidence: Physical items and the data objects associated with such items at the time of acquisition or seizure.
Duplicate Digital Evidence: An accurate digital reproduction of all data objects contained on an original physical item.
Copy: An accurate reproduction of information contained on an original physical item, independent of the original physical item.
Standards ….
see more here for detail
