Preservation of digital evidence: Application in criminal investigation

Any digital device generates information that may become valuable evidence in the event of a cybercrime incident, security incident, or cyber-attack, but often the collection, management and preservation of this information is not done properly. In the legal field, once information has been obtained from the devices, it is very important to maintain it and preserve it from the initial time, through investigation, until the trial or investigation is concluded, and to preserve it for long term use, in order to avoid it to be tainted, damaged, changed or manipulated and so assuring reliability through the whole process. Preservation of digital evidence is an important aspect when deciding its admissibility in a trial in process, or in any future process, reopened by appeal, or as source of historical information. This paper contains a review of the state of the art about digital preservation in institutions dedicated to criminal investigation, analyzing concepts, related projects, tools and legal support in this area. The motivation of this paper is the idea of finding how close we are to having a framework useful to preserve digital evidence, ensuring integrity, hence increasing its admissibility, and supported by long term preservation technique.