Abstract
“Forensically sound” is a term used extensively in the digital forensics community to qualify and, in some cases, to justify the use of a particular forensic technology or methodology. Indeed, many practitioners use the term when describing the capabilities of a particular piece of software or when describing a particular forensic analysis approach. Such a wide application of the term can only lead to confusion. This paper examines the various definitions of forensic computing (also called digital forensics) and identifies the common role that admissibility and evidentiary weight play. Using this common theme, the paper explores how the term “forensically sound” has been used and examines the drivers for using such a term. Finally, a definition of “forensically sound” is proposed and four criteria are provided for determining whether or not a digital forensic process may be considered to be “forensically sound.”
Chapter PDF
Similar content being viewed by others
References
A. Anderson, G. Mohay, L. Smith, A. Tickle and I. Wilson, Computer Forensics: Past, Present and Future, Technical Report, Information Security Research Centre, Queensland University of Technology, Brisbane, Australia, 1999.
Australian Law Reform Commission, Review of the Uniform Evidence Acts, ALRC Discussion Paper 69, Sydney, Australia (www.austlii.edu.au/au/other/alrc/publications/dp/69/index.html),2005.
B. Carrier, Defining digital forensic examination and analysis tools using abstraction layers, International Journal of Digital Evidence, vol. 1(4), 2003.
E. Casey, Error, uncertainty and loss in digital evidence, International Journal of Digital Evidence, vol. 1(2), 2002.
E. Casey, Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet, Academic Press, San Diego, California, 2004.
P. Craiger, M. Pollitt and J. Swauger, Law enforcement and digital evidence, in Handbook of Information Security, Volume 2, H. Bidgoli (Ed.), John Wiley, New York, pp. 739-777, 2006.
A. Ghosh, Handbook 171-2003: Guidelines for the Management of IT Evidence, Standards Australia, Sydney, Australia, 2003.
M. Hannan, To revisit: What is forensic computing? Proceedings of the Second Australian Computer, Network and Information Forensics Conference, pp. 103-111, 2004.
M. Hannan, S. Frings, V. Broucek and P. Turner, Forensic computing theory and practice: Towards developing a methodology for a standardized approach to computer misuse, Proceedings of the First Australian Computer, Network and Information Forensics Conference, 2003.
International Organization on Computer Evidence, Guidelines for Best Practice in the Forensic Examination of Digital Technology, Digital Evidence Standards Working Group, 2002.
S. McCombie and M. Warren, Computer forensic: An issue of defi- nition, Proceedings of the First Australian Computer, Network and Information Forensics Conference, 2003.
R. McKemmish, What is forensic computing? Trends and Issues in Crime and Criminal Justice, no. 118 (www.aic.gov.au/publications/tandi/ti118.pdf ), 2002.
National High Tech Crime Unit, Good Practice Guide for Computer Based Electronic Evidence, Association of Chief Police Officers, London, United Kingdom (www.acpo.police.uk/asp/policies/Data/gpg computer based evidence v3.pdf ), 2003.
National Institute of Forensic Science, Melbourne, Australia (www.nifs.com.au).
National Institute of Standards and Technology, Gaithersburg, Maryland (www.nist.gov).
National Institute of Standards and Technology, Disk Imaging Tool Specification (Version 3.1.6), Gaithersburg, Maryland (www.cftt.nist.gov/disk imaging.htm), 2001.
Oxford University Press, Compact Oxford English Dictionary (Third Edition), Oxford, United Kingdom, 2005.
L. Pan and L. Batten, Reproducibility of digital evidence in forensic investigations, Proceedings of the 2005 Digital Forensic Research Workshop, 2005.
D. Ryan and G. Shpantzer, Legal aspects of digital forensics (www.danjryan.com/papers.htm), 2002.
Scientific Working Group on Digital Evidence (www.swgde.org).
C. Spenceley, Evidentiary Treatment of Computer-Produced Material: A Reliability Based Evaluation, Ph.D. Thesis, University of Sydney, Sydney, Australia, 2003.
U.S. Department of Justice, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, Com- puter Crime and Intellectual Property Section, Washington, DC (www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm), 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
McKemmish, R. (2008). When is Digital Evidence Forensically Sound?. In: Ray, I., Shenoi, S. (eds) Advances in Digital Forensics IV. DigitalForensics 2008. IFIP — The International Federation for Information Processing, vol 285. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-84927-0_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-84927-0_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84926-3
Online ISBN: 978-0-387-84927-0
eBook Packages: Computer ScienceComputer Science (R0)