EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 1 : Computer Forensics in Today's World |
||||
Notes available : 31 |
You are not logged in. Please Login for track your learning progress |
|||
Scientific Working Group on Digital Evidence (SWGDE)
The Scientific Working Group on Digital Evidence (SWGDE) brings together organizations actively engaged in the field of digital and multimedia evidence to foster communication and cooperation as well as to ensure quality and consistency within the forensic community. It is the U.S. component of the IOCE‘s standardization efforts. SWGDE‘s principles include:
validation testing: Validation is required to demonstrate that examination tools, techniques, and procedures are suitable for their intended purpose.
Redaction: Guidelines include video and audio redaction.
Technical notes: Technical notes on FFmpeg (FFmpeg is an open-source platform that can be implemented across most operating systems) for forensic audio examination.
Best practices: Best practices for computer forensic acquisitions and on-scene identification, seizure, and preservation of Internet of Things (IoT) devices.
Principle 1: In order to ensure that the digital evidence is collected, preserved, examined, or transferred in a manner safeguarding the accuracy and reliability of the evidence, law enforcement and forensic organizations must establish and maintain an effective quality system.
Standards and Criteria 1.1: All agencies that seize and/or examine digital evidence must maintain an appropriate SOP document. All elements of an agency‘s policies and procedures concerning digital evidence must be clearly set forth in this SOP document, which must be issued under the agency‘s management authority.
Standards and Criteria 1.2: Agency management must review the SOPs on an annual basis to ensure their continued suitability and effectiveness
Standards and Criteria 1.3: Procedures used must be generally accepted in the field or supported by data gathered and recorded in a scientific manner.
Standards and Criteria 1.4: The agency must maintain written copies of appropriate technical procedures
Standards and Criteria 1.5: The agency must use hardware and software that are appropriate and effective for the seizure or examination procedure
Standards and Criteria 1.6: All activity relating to the seizure, storage, examination, or transfer of the digital evidence must be recorded in writing and be available for review and testimony
Standards and Criteria 1.7: Any action that has the potential to alter, damage, or destroy any aspect of the original evidence must be performed by qualified persons in a forensically sound manner
![]() |
Go to notes | ![]() |