skip navigation

Add your conference to our Justice Events calendar


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection. To conduct further searches of the collection, visit the NCJRS Abstracts Database. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

  NCJ Number: NCJ 199408   Add to Shopping cart   Find in a Library
  Title: Forensic Examination of Digital Evidence: A Guide for Law Enforcement
  Document URL: Text PDF 
  Corporate Author: National Institute of Standards and Technology (NIST)
United States of America
  Date Published: 2004
  Page Count: 101
  Annotation: This document presents a guide for use by law enforcement officers responsible for the examination of digital evidence.
  Abstract: The guide deals with common situations encountered during the examination of digital evidence. It is a guide agencies can use to help them develop their own policies and procedures. When dealing with digital evidence, general forensic and procedural principles should be applied. Actions taken to secure and collect digital evidence should not affect the integrity of that evidence. Persons conducting an examination of digital evidence should be trained for that purpose. Activity relating to the seizure, examination, storage, or transfer of digital evidence should be documented, preserved, and available for review. The examiner should be cognizant of the need to conduct an accurate and impartial examination of the digital evidence. Digital evidence is fragile and can be altered, damaged, or destroyed by improper handling or examination. Examination is best conducted on a copy of the original evidence. The original evidence should be acquired in a manner that protects and preserves the integrity of the evidence. The purpose of the examination process is to extract and analyze digital evidence. Extraction refers to the recovery of data from its media. Analysis refers to the interpretation of the recovered data and putting it in a logical and useful format. Actions and observations should be documented throughout the forensic processing of evidence. Agencies likely to handle digital evidence should identify appropriate external resources for the processing of digital evidence before they are needed. These resources should be readily available for situations that are beyond the technical expertise or resources of the department. Agencies should also develop policies and procedures to ensure compliance with Federal, State, and local laws. The basic steps to conduct a computer forensic examination are policy and procedure development, evidence assessment, evidence acquisition, evidence examination, and documenting and reporting. 8 appendices
  Main Term(s): Criminal investigation training ; Computer evidence
  Index Term(s): Evidence collection ; Rules of evidence ; Document analysis ; Evidence ; Computer aided investigations ; Police computer training ; NIJ grant-related documents
  Sponsoring Agency: National Institute of Justice (NIJ)
US Department of Justice
Office of Justice Programs
United States of America
  Grant Number: 1999-IJ-R-094
  Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America

NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America
  Type: Policy/Procedure Handbook/Manual
  Country: United States of America
  Language: English
  To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.