New NIST guide helps book'em on digital evidence


Criminal investigators increasingly find that personal computers, handheld devices and even mobile phones contain pictures, e-mail and other data critical to the prosecution of cases. A new guide written by computer forensics experts under the direction of the Office of Law Enforcement Standards (OLES) at the National Institute of Standards and Technology (NIST) provides step-by-step instructions to assist investigators in locating digital evidence so that it stands up to scrutiny once cases are tried.

Forensic Examination of Digital Evidence: A Guide for Law Enforcement is the second guide published since NIST was asked in 1998 by the National Institute of Justice (NIJ) to work on computer forensics.

At the request of NIJ, NIST recently convened a panel of computer forensics experts that pooled their expertise to shape the content of the new guide. NIST staff then organized the information into an easily understood and highly usable document.

The guide provides practical techniques for extracting digital data without either inadvertently altering the information or making it appear that it has been altered. For example, one section describes the right type of search warrant to access the data. Another lesson explains how data must be extracted without changing "modified dates" or other record fields that may lead to charges of evidence tampering.

Other topics covered in the publication include securing digital evidence, hardware/software operating systems, physical access, internal or external storage devices, and the retrieval of configuration information.

Source: Eurekalert & others

Last reviewed: By John M. Grohol, Psy.D. on 21 Feb 2009
    Published on All rights reserved.