Digital Forensic Reporting
Digital forensics reporting summarizes significant contents of digital data using open, repeatable, and unbiased methods and tools.
- strong ethical principles must guide forensics analysis:
- Analysis must be performed without bias
- Analysis methods must be repeatable by third parties with access to the same evidence
- Evidence must not be changed or manipulated
- If a device used as evidence must be manipulated to facilitate analysis
- reasons for doing so must be sound
- process of doing so must be recorded
- If a device used as evidence must be manipulated to facilitate analysis
eDiscovery
E-discovery is the procedures and tools to collect, preserve, and analyze digital evidence.
- for electronically stored information (ESI)
- means of filtering the relevant evidence produced from all the data gathered by a forensic examination and storing it in a database in a format such that it can be used as evidence in a trial
Steps
- Preservation
- issuance of a legal hold
- Legal holds require the preservation of relevant electronic and paper records
- suspend the automatic deletion of relevant logs
- issuance of a legal hold
- Collection
- Production
- attorneys review all records to determine what is relevant
- cases rarely to move to production phase
Functions of E-Discovery Tool Suites
- Identify and de-duplicate files and metadata
- E-discovery filters standard installed files and copies, reducing the volume of data that must be analyzed
- Search
- locate files of interest
- keyword search
- Semantic search matches keywords if they correspond to a particular context
- Tags
- apply standardized keywords or labels to files for organization
- Security
- stored without tampering
- Disclosure
- same evidence is made available to both plaintiff and defendant