Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools

Bariki, Hamda; Hashmi, Mariam; Baggili, Ibrahim

doi:10.1007/978-3-642-19513-6_7

Hamda Bariki¹⁶,
Mariam Hashmi¹⁶ &
Ibrahim Baggili¹⁶

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 53))

Included in the following conference series:

International Conference on Digital Forensics and Cyber Crime

Abstract

Due to the lack of standards in reporting digital evidence items, investigators are facing difficulties in efficiently presenting their findings. This paper proposes a standard for digital evidence to be used in reports that are generated using computer forensic software tools. The authors focused on developing a standard digital evidence items by surveying various digital forensic tools while keeping in mind the legal integrity of digital evidence items. Additionally, an online questionnaire was used to gain the opinion of knowledgeable and experienced stakeholders in the digital forensics domain. Based on the findings, the authors propose a standard for digital evidence items that includes data about the case, the evidence source, evidence item, and the chain of custody. Research results enabled the authors in creating a defined XML schema for digital evidence items.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

The Common Evidence Format Working Group (Carrier, B., Casey, E, Garfinkel, S., Kornblum, J., Hosmer, C., Rogers, M., Turner, P.): Standardizing Digital Evidence Storage. Communications of the ACM (February 2006)
Google Scholar
Anson, S., Bunting, S.: Mastering Windows Network Forensics and Investigation. Wiley Publishing, Inc., Canada (2007)
Google Scholar
Devine, J.: The Importance of the Chain of Custody (October 30, 2009), http://ezinearticles.com/?The-Importance-of-the-Chain-of-Custody&id=3182472 (retrieved March 18, 2010)
Garfinkel, S., Malan, S., Dubec, K., Stevens, C., Pham, C.: Disk Imaging with the Advanced Forensics Format, Library and Tools. In: The Second Annual IFIP WG 11.9 International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, USA, January 29-February 1 (2006)
Google Scholar
Glendale, D.: Guidance Software EnCase (2010), retrieved from http://www.digitalintelligence.com/software/guidancesoftware/encase/
Levine, B., Liberatore, M.: DEX: Digital evidence provenance supporting reproducibility and comparison. Digital Investigation 6, S48–S56 (2009)
Article Google Scholar
Liquid Technologies Limited: Liquid XML Studio 2010 (version 8.1.2.2399), [Software] available from http://www.liquid-technologies.com/
Marcella, A.J., Menendez Jr., D.: Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes. In: Information Security, 2nd edn. Auerbach publications, Taylor & Francis Group (2007)
Google Scholar
Nelson, B., Phillips, A., Enfringer, F., Steuart, C.: Guide to Computer Forensics and Investigations. GEX Publishing Services, Canada (2008)
Google Scholar
Petruzzi, J.: How to Keep a Digital Chain of Custody (December 01, 2005), retrieved from http://www.csoonline.com/article/220718/How_to_Keep_a_Digital_Chain_of_Custody
Pladna, B.: Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them. East Carolina University, East Carolina (2008)
Google Scholar
ProDiscover. (n.d.) Technology Pathways, http://www.techpathways.com/DesktopDefault.aspx?tabindex=3&tabid=12 (retrieved February 22, 2010)
Rand, A., Loftus, T.: Chain of Custody Procedure (2003), retrieved from http://www.lagoonsonline.com/laboratory-articles/custody.htm
Steen, S., Hassell, J.: Computer Forensics 101 (October 2004), retrieved from http://www.expertlaw.com/library/forensic_evidence/computer_forensics_101.html

Download references

Author information

Authors and Affiliations

Advanced Cyber Forensics Research Laboratory College of Information Technology, Zayed University, Abu Dhabi, UAE
Hamda Bariki, Mariam Hashmi & Ibrahim Baggili

Authors

Hamda Bariki
View author publications
You can also search for this author in PubMed Google Scholar
Mariam Hashmi
View author publications
You can also search for this author in PubMed Google Scholar
Ibrahim Baggili
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Advances Cyber Forensics Research Laboratory, College of Information Technology, Zayed University, Abu Dhabi, UAE
Ibrahim Baggili

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bariki, H., Hashmi, M., Baggili, I. (2011). Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools. In: Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19513-6_7

Download citation

DOI: https://doi.org/10.1007/978-3-642-19513-6_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19512-9
Online ISBN: 978-3-642-19513-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics