EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 1 : Computer Forensics in Today's World |
||||
Notes available : 31 |
You are not logged in. Please Login for track your learning progress |
|||
Bookmark this Note
Note ID: 109
ACPO Principles of Digital Evidence
If you want to share the link of this note, please click here to "Copy note link" and share that generated link. Link from URL may change in future.
The Association of Chief Police Officers (ACPO) Principles of Digital Evidence
This guide is primarily written for the guidance of UK law enforcement personnel who may deal with
digital evidence. This will include:
• Persons who are involved in the securing, seizing and transporting of equipment from
search scenes with a view to recovering digital evidence, as well as in the identification of
the digital information needed to investigate crime;
• Investigators who plan and manage the identification, presentation and storage of digital
evidence, and the use of that evidence;
• Persons who recover and reproduce seized digital evidence and are trained to carry out the
function and have relevant training to give evidence in court of their actions. Persons who
have not received appropriate training and are unable to comply with the
principles should not carry out this category of activity;
• Persons who are involved in the selection and management of persons who may be required
to assist in the recovery, identification and interpretation of digital evidence.
Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court
Principle 2: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to explain his/her actions and the impact of those actions on the evidence, in the court
Principle 3: An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to
Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court
Principle 2: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to explain his/her actions and the impact of those actions on the evidence, in the court
Principle 3: An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to
Go to notes |