Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Validation for Digital Forensics

Abstract: This paper discusses the issues revolving around the need for validation and error in digital environments for the admission of evidence. Second, we discuss the how digital evidence intrinsically differs and conflicts with privacy protection that is intrinsic to traditional computer security. Finally, we begin to lay the theoretical foundations for the provision of validation and the computation of error in digital environments. This becomes particularly critical in software environments in which error has not traditionally been considered.

Overlooking forensic evidence? A review of the 2014 International Protocol on the Documentation and Investigation of Sexual Violence in Conflict

Abstract: The main task of this article is to determine whether the attention paid to the coverage of documenting, collecting and preserving physical and digital evidence is sufficient to ensure its admissibility in both national and international courts. This article undertakes this task by critically examining the 2014 International Protocol on the Documentation and Investigation of Sexual Violence in Conflict, which was part of the 2014 Global Summit to End Sexual Violence in Conflict. The objectives of this article are threefold. It first considers the special evidentiary rules of international courts. Secondly, it reviews the limited references to physical and digital evidence in the 2014 Protocol and discusses the potential pitfalls of failing to recognise the weight this evidence carries in national and international courts. Finally, the article recommends the use of trained forensic experts in the investigations of sexual violence and the establishment of uniform and comprehensive policies and proce...

Sufficiency of Windows Event Log as Evidence in Digital Forensics

Abstract: The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows OS, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows OS within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).

Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools

Abstract: Due to the lack of standards in reporting digital evidence items, investigators are facing difficulties in efficiently presenting their findings. This paper proposes a standard for digital evidence to be used in reports that are generated using computer forensic software tools. The authors focused on developing a standard digital evidence items by surveying various digital forensic tools while keeping in mind the legal integrity of digital evidence items. Additionally, an online questionnaire was used to gain the opinion of knowledgeable and experienced stakeholders in the digital forensics domain. Based on the findings, the authors propose a standard for digital evidence items that includes data about the case, the evidence source, evidence item, and the chain of custody. Research results enabled the authors in creating a defined XML schema for digital evidence items.