SWGDE

Scientific Working Group on Digital Evidence

Search current documents

Browse current documents

The Scientific Working Group on Digital Evidence (SWGDE) brings together organizations actively engaged in the field of digital and multimedia evidence to foster communication and cooperation as well as to ensure quality and consistency within the forensic community.

If these are your interests, we would like to welcome you to our site. We hope you will find the information found within to be of benefit.

Read more in About Us

Mary Horvath, Chair
Federal Bureau of Investigation

James Darnell, Vice Chair
US Secret Service

Announcements

- The September 2019 Meeting announcement, with hotel and travel guidance, has been emailed out to all members and approved guests. If you are a member or approved guest and did NOT receive the meeting announcement, please email the Chair. Anyone planning to attend the meeting must RSVP by September 4th. If you are new to SWGDE and would like to attend, you must first submit a Guest Attendance Request* located on our Membership page.
*The funding window is now closed and we are only accepting new guest/membership applications for those who do not need funding/can self-fund.

- New documents from the June 2019 meeting have been posted.
Membership
SWGDE is actively encouraging new membership! Learn about attending a meeting as a guest or applying for membership.
Newest Publications
SWGDE's most recent published documents are:
  • SWGDE Best Practices for Mobile Device Evidence Collection and Preservation, Handling, and Acquisition
  • SWGDE General Photography Guidelines for the Documentation of Evidence Items in the Laboratory
  • SWGDE Technical Overview for Forensic Image Comparison
Provide Feedback
SWGDE seeks feedback from the DME community on our drafts for public comment:
  • SWGDE Core Technical Concepts for Time-Based Analysis of Digital Video Files
  • SWGDE Best Practices for Digital Evidence Acquisition from Cloud Service Providers
  • SWGDE Best Practice for Frame Timing Analysis of Video Stored in ISO Base Media File Formats

Myth of the Day

Cell phone extraction tools accurately get and show everything on a phone.
Category: All DME Myths
There are multiple steps in the forensic examination of a cell phone. Depending on the functionalities of the particular forensic tool(s) used in an examination, the training and experience of the person conducting the examination, and the scope of legal authority, a physical image or a file system might be extracted, or simply a logical listing of objects (e.g., pictures, SMS messages) could be generated—assuming user pass codes or encryption do not interfere with the process. Once an extraction is complete, most forensic tools will parse, or put into a viewable format, much of the data retrieved from the phone. However, forensic tools rarely parse all data on a phone, and, the person conducting the examination should ensure steps have been taken (possibly including the use of additional forensic tools) to seek out additional user artifacts. It is also the responsibility of the person conducting the examination to be sure validated forensic tools are utilized to accurately extract and interpret data from the cell phone and to validate all findings.
See Myths