23. – 28. Februar 2014, Dagstuhl Seminar 14092
Digital Evidence and Forensic Readiness
Glenn S. Dardick (Longwood University – Farmville, US)
Barbara Endicott-Popovsky (University of Washington – Seattle, US)
Pavel Gladyshev (University College Dublin, IE)
Thomas Kemmerich (Gjøvik University College, NO)
Carsten Rudolph (Fraunhofer SIT – Darmstadt, DE)
1 / 2 >
Auskunft zu diesem Dagstuhl Seminar erteilt
This summary briefly recapitulates the outcomes of our seminar on digital evidence and forensic readiness. The main focus of the seminar was to work on a common cross-discipline understanding of notions of digital evidence and forensic readiness. In particular, technical notions in the view of IT security experts and the legal view were considered. Furthermore, relevance of differences in jurisdictions in different countries was also discussed.
The participants of the seminar came from 4 continents (Europe, U.S., Africa and Australia) and 12 countries. The group was a mix of experts from digital forensics, IT security, cyber security, archival sciences, criminal law, civil law, and cyber law. Thus, all relevant disciplines for digital evidence and forensic readiness were represented in the seminar, creating a perfect group for the task, but also a challenging communication environment that required good leadership in the interaction and discussions.
The main focus of the seminar was to develop a common view on what exactly can be considered secure and admissible digital evidence. The seminar was a first attempt to achieve progress towards this goal and therefore, a comprehensive coverage of the topic was not to be expected. Nevertheless, the international interest in the topic as well as the intensive discussions in the seminar show the relevance of the topic. The results of the seminar identify open issues in the area of digital forensics, but also proposes first substantial steps in the direction of establishing strong and internationally useful notions for digital evidence and forensic readiness.
Initial talks and discussions quickly revealed some of the majour challenges:
- The growing variety of types of potential digital evidence increases the problem to define clear technical guidelines for the collection and evaluation of data records for forensic use. Examples include mobile devices, data stored and processed via cloud service, huge infrastructures with distributed data, or big data with many possible interpretations of data found.
- In many cases, digital evidence cannot be directly related to data on one device. In particular in cloud environments, stored data is distributed over different countries and digital processes easily cross borders. Thus, digital evidence becomes a cross-jurisdictional issue that needs rules on how to deal with differences and contradictions in jurisdiction.
- Teaching and education is another challenge. One cannot expect all lawyers, attorneys, or judges to become experts on technical issues. however, a basic understanding of the area of digital evidence is essential to be able to decide if expert witnesses are required and also to be able to achieve correct interpretations of the report by expert witnesses.
- forensic readiness can guide the development of systems that collect, store, and provide secure digital evidence. However, the applicability of forensically ready technical solutions is restricted by privacy and also economy. Here, processes need to be defined and adequate procedures and regulations (also internationally) need to be found.
Four discussion groups were formed in the seminar to discuss digital forensic readiness processes and procedures for investigators, notions of digital evidence, a forensic readiness landscape, and forensic readiness: evidence in a digital world. More details of the results of the discussions in the working groups can be found in the sections below.
As one of the major results of the seminar can be identified that all participants understood and agreed on the need to initiate future research activities in the area of digital evidence and forensic readiness. The results also clearly show that this research must be international and inter-disciplinary. Furthermore, the seminar has proven that technically oriented IT security experts and experts from law can co-operate to advance the state of the art. The seminar has established new inter-disciplinary and international contacts that are suitable to build a new community that will drive this strand of work in the field of forensic readiness.
Creative Commons BY 3.0 Unported license
Glenn S. Dardick, Barbara Endicott-Popovsky, Pavel Gladyshev, Thomas Kemmerich, and Carsten Rudolph
- Security / Cryptology
- Society / Human-computer Interaction
- Digital evidence
- Forensic readiness
- Mobile forensic
- Trusted computing