Difference between revisions of "Digital Evidence Bags"

From ForensicsWiki
Jump to: navigation, search
m
 
m
 
Line 1: Line 1:
The Digital Evidence Bag (DEB) format mimics in a digital environment the
+
The '''Digital Evidence Bag''' ('''DEB''') format mimics in a digital environment the bags, tags and seals used to traditionally wrap evidence.
bags, tags and seals used to traditionally wrap evidence.  
+
  
When a DEB is
+
When a DEB is created three files are generated:
created three files are generated:
+
  
# A .tag file which is plain text and stores case specific meta data such and evidence reference identifier, examiner, location, timestamps and tag continuity blocks that record DEB access activity. In addition to this the tag file contains the cryptographic hashes (seals) that are used to maintain and assure the integrity of the DEB structure.  
+
# A '''.tag''' file which is [[plain text]] and stores case specific [[metadata]] such and evidence reference identifier, examiner, location, timestamps and tag continuity blocks that record DEB access activity. In addition to this the tag file contains the cryptographic [[hash]]es (seals) that are used to maintain and assure the integrity of the DEB structure.
# A .index file is a plain text file that records device, file or data source meta data.
+
# An '''.index''' file is a plain text file that records device, file or data source metadata.
# A .bag file that holds the evidential data e.g. the raw device bit stream, logical files, network packet capture data.
+
# A '''.bag''' file that holds the evidential data e.g. the raw device bit stream, logical files, network packet capture data.
 +
 
 +
[[Category:File Formats]]

Latest revision as of 13:25, 3 May 2006

The Digital Evidence Bag (DEB) format mimics in a digital environment the bags, tags and seals used to traditionally wrap evidence.

When a DEB is created three files are generated:

  1. A .tag file which is plain text and stores case specific metadata such and evidence reference identifier, examiner, location, timestamps and tag continuity blocks that record DEB access activity. In addition to this the tag file contains the cryptographic hashes (seals) that are used to maintain and assure the integrity of the DEB structure.
  2. An .index file is a plain text file that records device, file or data source metadata.
  3. A .bag file that holds the evidential data e.g. the raw device bit stream, logical files, network packet capture data.