These documents have been voted for release in draft form by the SWGDE membership and are open to the public
for comments. Please review and submit feedback. All recieved feedback will be reviewed and addressed by
SWGDE before publishing a document as final.
This document provides best practices for the collection, preservation, and acquisition of evidence from mobile devices. The collection and preservation of data from mobile devices is performed in the field, as well as the lab. Increasingly, field personnel are also performing acquisitions. This document provides best practices for the three functions that are likely to be needed by field personnel. The intended audience is personnel qualified to collect, preserve, or acquire digital evidence.
This document provides best practices for Forensic Video Analysis (FVA), which is defined as the scientific examination, comparison, and/or evaluation of video in legal matters. The purpose of this document is to provide forensic video analysts with recommendations on the handling and examination of video evidence to successfully introduce such evidence in a court of law. These guidelines may also be used to assist organizations when developing standard operating procedures (SOPs) for the processing of video evidence.
The purpose of this document is to describe the best practices for portable global positioning system (GPS) device examinations. This document provides basic information on the logical and physical acquisition of data from portable GPS devices.
The purpose of this document is to provide a process for recognizing and describing both errors and limitations associated with tools used to support digital and multimedia evidence forensics. This document proposes that confidence in digital and multimedia evidence forensic results is best achieved by using an error mitigation analysis approach that focuses on recognizing potential sources of error and then applying techniques used to mitigate them. Note: This version update expands the scope of this document to include digital and multimedia evidence; previous it only specified digital evidence.
The purpose of document is to recommend minimum testing requirements for commonly used forensic tools and procedures. Testing is often referred to as validation or verification testing. This document addresses testing to evaluate whether a tool or procedure performs as expected and to understand the limitations of tools.
The purpose of this document is to define the minimum required elements of an examination report used to document a forensic examination of digital and multimedia evidence. This document is intended for any persons preparing reports to document the processes and/or results of a forensic examination of digital and multimedia evidence.
This document provides a general awareness of FFmpeg (Fast Forward mpeg), its functions, basic use, and common uses as it pertains to digital forensics. FFmpeg is an open source, cross-platform framework that uses command line to play, convert, and stream audio and video. This framework is used by multiple applications for forensic and commercial purposes. Note: This update includes audio specific functions.
The purpose of this document is to provide guidance for redaction of digital recordings and associated data, which may include video, audio, and metadata streams. This document is intended for use by practitioners with a basic understanding of digital video and audio concepts. It is limited to redaction of digital video and/or audio content that must be withheld. This document addresses reasons for redaction, overview of software, redaction forms, filters, documentation, and workflow.