The Digital Forensics Evidence Management (DFEM) aims to protect digital evidence admissible to the court, which requires that the digital forensic evidence handling and protection techniques used are not flawed in such a way that the evidence or intelligence generated can be questioned.
The procedure is based on best practice standards such as ISO/IEC 27037, NIST SP 800-86 standards and is customizable as per client’s business environment.
The procedure includes the following phases:
- Identification of the priorities for evidence collection based on the value and volatility of evidence
- Collection of the digital devices that could potentially contain data of evidentiary value
- Acquisition of digital evidence without compromising the integrity of the data
- Preservation of the integrity of digital devices and digital evidence can be established with a chain of custody