Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools

  • Hamda Bariki
  • Mariam Hashmi
  • Ibrahim Baggili
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 53)


Due to the lack of standards in reporting digital evidence items, investigators are facing difficulties in efficiently presenting their findings. This paper proposes a standard for digital evidence to be used in reports that are generated using computer forensic software tools. The authors focused on developing a standard digital evidence items by surveying various digital forensic tools while keeping in mind the legal integrity of digital evidence items. Additionally, an online questionnaire was used to gain the opinion of knowledgeable and experienced stakeholders in the digital forensics domain. Based on the findings, the authors propose a standard for digital evidence items that includes data about the case, the evidence source, evidence item, and the chain of custody. Research results enabled the authors in creating a defined XML schema for digital evidence items.


digital evidence item reports in forensic tools digital forensics standard report 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The Common Evidence Format Working Group (Carrier, B., Casey, E, Garfinkel, S., Kornblum, J., Hosmer, C., Rogers, M., Turner, P.): Standardizing Digital Evidence Storage. Communications of the ACM (February 2006)Google Scholar
  2. 2.
    Anson, S., Bunting, S.: Mastering Windows Network Forensics and Investigation. Wiley Publishing, Inc., Canada (2007)Google Scholar
  3. 3.
    Devine, J.: The Importance of the Chain of Custody (October 30, 2009), (retrieved March 18, 2010)
  4. 4.
    Garfinkel, S., Malan, S., Dubec, K., Stevens, C., Pham, C.: Disk Imaging with the Advanced Forensics Format, Library and Tools. In: The Second Annual IFIP WG 11.9 International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, USA, January 29-February 1 (2006)Google Scholar
  5. 5.
    Glendale, D.: Guidance Software EnCase (2010), retrieved from
  6. 6.
    Levine, B., Liberatore, M.: DEX: Digital evidence provenance supporting reproducibility and comparison. Digital Investigation 6, S48–S56 (2009)CrossRefGoogle Scholar
  7. 7.
    Liquid Technologies Limited: Liquid XML Studio 2010 (version, [Software] available from
  8. 8.
    Marcella, A.J., Menendez Jr., D.: Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes. In: Information Security, 2nd edn. Auerbach publications, Taylor & Francis Group (2007)Google Scholar
  9. 9.
    Nelson, B., Phillips, A., Enfringer, F., Steuart, C.: Guide to Computer Forensics and Investigations. GEX Publishing Services, Canada (2008)Google Scholar
  10. 10.
    Petruzzi, J.: How to Keep a Digital Chain of Custody (December 01, 2005), retrieved from
  11. 11.
    Pladna, B.: Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them. East Carolina University, East Carolina (2008)Google Scholar
  12. 12.
    ProDiscover. (n.d.) Technology Pathways, (retrieved February 22, 2010)
  13. 13.
    Rand, A., Loftus, T.: Chain of Custody Procedure (2003), retrieved from
  14. 14.
    Steen, S., Hassell, J.: Computer Forensics 101 (October 2004), retrieved from

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2011

Authors and Affiliations

  • Hamda Bariki
    • 1
  • Mariam Hashmi
    • 1
  • Ibrahim Baggili
    • 1
  1. 1.Advanced Cyber Forensics Research Laboratory College of Information TechnologyZayed UniversityAbu DhabiUAE

Personalised recommendations