Justice issues guidelines for handling digital evidence

Justice issues guidelines for handling digital evidence

The Justice Department's National Institute of Justice has published the second in a series of guidelines for IT crime investigations.

'Forensic Examination of Digital Evidence: A Guide for Law Enforcement' was created at the agency's request by the National Institute of Standards and Technology. It outlines techniques for extracting digital data while preserving its integrity.

Computers and other digital media are increasingly important sources of evidence in criminal investigations. The challenge for investigators in the courtroom 'is the demonstration that the particular electronic media contained the incriminating evidence,' the guide says.

Because digital data is easily altered and it is difficult to distinguish between original data and copies, extracting, securing and documenting digital evidence requires special attention. The guidelines lay out the following general principles for handling digital evidence:

  • The process of collecting digital evidence should not alter it or raise questions about its integrity.

  • Examination of digital evidence should be done by trained personnel.

  • All actions in processing the evidence should be documented and preserved for review.

  • Examination should be conducted on a copy of the original evidence. The original should be preserved intact.

The guidelines are not a mandate or official policy, but represent the consensus of a working group of computer forensics experts convened by NIST's Office of Law Enforcement Standards. The procedures may need to be adjusted according to circumstances of each investigation and to comply with local laws and rules of evidence.

The first publication in the series is 'Electronic Crime Scene Investigation: A Guide for First Responders.' Future guidelines will cover:

  • Using technology in investigations

  • Investigating IT crimes

  • Creating a digital-evidence forensic unit

  • Presenting digital evidence in court.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected