14-f-001
Disclaimer:
As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail before or contemporaneous to the introduction of this document, or any portion thereof, as a marked exhibit offered for or moved into evidence in any judicial, administrative, legislative or adjudicatory hearing or other proceeding (including discovery proceedings) in the United States or any Foreign country. Such notification shall include: 1) The formal name of the proceeding, including docket number or similar identifier; 2) the name and location of the body conducting the hearing or proceeding; 3) subsequent to the use of this document in a formal proceeding please notify SWGDE as to its use and outcome; 4) the name, mailing address (if available) and contact information of the party offering or moving the document into evidence. Notifications should be sent to secretary@swgde.org.
It is the reader’s responsibility to ensure they have the most current version of this document. It is recommended that previous versions be archived.
Redistribution Policy:
SWGDE grants permission for redistribution and use of all publicly posted documents created by SWGDE, provided that the following conditions are met:
- Redistribution of documents or parts of documents must retain the SWGDE cover page containing the disclaimer.
- Neither the name of SWGDE nor the names of contributors may be used to endorse or promote products derived from its documents.
- Any reference or quote from a SWGDE document must include the version number (or create date) of the document and mention if the document is in a draft status.
Requests for Modification:
SWGDE encourages stakeholder participation in the preparation of documents. Suggestions for modifications are welcome and must be forwarded to the Secretary in writing at secretary@swgde.org. The following information is required as a part of the response:
- Submitter’s name
- Affiliation (agency/organization)
- Address
- Telephone number and email address
- Document title and version number
- Change from (note document section number)
- Change to (provide suggested text where appropriate; comments not including suggested text will not be considered)
- Basis for change
Intellectual Property:
Unauthorized use of the SWGDE logo or documents without written permission from SWGDE is a violation of our intellectual property rights.
Individuals may not misstate and/or over represent duties and responsibilities of SWGDE work. This includes claiming oneself as a contributing member without actively participating in SWGDE meetings; claiming oneself as an officer of SWGDE without serving as such; claiming sole authorship of a document; use the SWGDE logo on any material and/or curriculum vitae.
Any mention of specific products within SWGDE documents is for informational purposes only; it does not imply a recommendation or endorsement by SWGDE.
The purpose of this paper is to provide an abstract to assist the reader in understanding that digital forensics is a forensic science and to address confusion about the dual nature of the application of digital forensics techniques as both a forensic science and as an investigatory tool.
Digital forensics as a science is the process used to acquire, preserve, analyze, and report on electronically stored information using scientific methods that are demonstrably reliable, verifiable, and repeatable, such that they may be used in judicial and other formal proceedings. As with other forensic science disciplines, the key attributes of digital forensics applied throughout the entire examination process, from collection through analysis and reporting, are:
- Use of a quality management system containing standard operating procedures and an effective quality assurance program.
- Proficient analysts with appropriate training, expertise, and experience.
- Use of validated tools, processes, and methodologies.
- Objectivity – the forensic analyst must be insulated from work-related undue pressures that could compromise the quality of work.
However, when the techniques commonly associated with digital forensics science are applied as an investigative tool, the focus is on the identification and recovery of information. This approach encourages research and innovation in finding relevant information that could be contained in any number of types of digital media and applications (e.g., computers, cell phones, social media websites, vehicle infotainment systems, home gaming systems, and other dynamic sources of information).
Information can easily flow from digital investigations into digital forensics, but it must be subjected to the rigorous process demanded by the scientific method and rules of evidence. By contrast, the output of digital forensics can easily be used as direct input in digital investigations.
History
| Revision | Issue Date | Section | History |
|---|---|---|---|
|
Draft |
01/16/2014 |
All |
Initial draft for public comment. |
|
1.0 |
02/06/2014 |
All |
Formatting and technical edit performed for
release as a Draft for Public Comment.
|
|
2.0
|
06/06/2014 |
All |
Re-write based on public feedback. Title changed from Digital Forensics as a Forensic Science Discipline to Digital and Multimedia Evidence (Digital Forensics) as a Forensic Science Discipline. Re-release as Draft for Public Comment. |
|
2.0 |
06/11/2014 |
All |
Formatting and technical edit performed for release as a Draft for Public Comment.
|
|
2.0 |
08/28/2014 |
None |
No changes made; voted to publish as an
Approved document. |
|
2.0 |
09/05/2014 |
All |
Formatting and technical edit performed for release as an Approved document.
|
Version: 2.0 (September 05, 2014)