International principles for computer evidence.
International Organization on Computer Evidence (IOCE)
The International Organization on Computer Evidence (IOCE) was established in 1995 to provide international law enforcement agencies a forum for the exchange of information concerning computer crime investigation and other computer-related forensic issues. Comprised of accredited government agencies involved in computer forensic investigations, IOCE identifies and discusses issues of interest to its constituents, facilitates the international dissemination of information, and develops recommendations for consideration by its member agencies. In addition to formulating computer evidence standards, IOCE develops communications services between member agencies and holds conferences geared toward the establishment of working relationships.
In response to the G-8 Communique and Action plans of 1997, IOCE was tasked with the development of international standards for the exchange and recovery of electronic evidence. Working groups in Canada, Europe, the United Kingdom, and the United States have been formed to address this standardization of computer evidence.
During the International Hi-Tech Crime and Forensics Conference (IHCFC) of October 1999, the IOCE held meetings and a workshop which reviewed the United Kingdom Good Practice Guide and the SWGDE Draft Standards. The working group proposed the following principles, which were voted upon by the IOCE delegates present with unanimous approval.
IOCE International Principles
The international principles developed by IOCE for the standardized recovery of computer-based evidence are governed by the following attributes:
* Consistency with all legal systems;
* Allowance for the use of a common language;
* Ability to cross international boundaries;
* Ability to instill confidence in the integrity of evidence;
* Applicability to all forensic evidence; and
* Applicability at every level, including that of individual, agency, and country.
These principles were presented and approved at the International Hi-Tech Crime and Forensics Conference in October 1999. They are as follow:
* Upon seizing digital evidence, actions taken should not change that evidence.
* When it is necessary for a person to access original digital evidence, that person must be forensically competent.
* All activity relating to the seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review.
* An individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession.
Any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles.
Other items recommended by IOCE for further debate and/or facilitation included:
* Forensic competency and the need to generate agreement on international accreditation and the validation of tools, techniques, and training;
* Issues relating to practices and procedures for the examination of digital evidence; and
* The sharing of information relating to hi-tech crime and forensic computing, such as events, tools, and techniques.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Digital Evidence: Standards and Priciples|
|Publication:||Forensic Science Communications|
|Date:||Apr 1, 2000|
|Previous Article:||Proposed standards for the exchange of digital evidence.|
|Next Article:||Message from the Attorney General.|