Sealed Digital Evidence Bags

From ForensicsWiki
Jump to: navigation, search

The concept of a Sealed Digital Evidence Bag describes the idea that digital evidence data and possibly its meta-data should be sealed in order to safeguard the integrity of the digital forensic process. In the narrow sense as defined by Schatz and Clark, the concept describes a way of formatting and signing forensic data, its meta-data and providence information in some kind of a digital forensic data storage file format. This narrow definition is useful mostly for the transport of forensic evidence between different parties, locations or practitioners by means of exchange of signed storage formats.

In a broader interpretation the same idea of sealed forensic data, its meta-data and providence information can be used not between people , organisations and legal entities, but between different forensic and non-forensic evidence data processing tools by means of access control and privilege separation techniques. This second approach to Sealed Digital Evidence Bags is used by MattockFS.