Standard Operating Procedure and Privilege Management in Taiwan Digital Forensics

Recently, a new class of crime scenes has become more prevalent. In a variety of criminal activities technologies are used to maintain records, communication, and commit crimes. For this reason, the challenge to investigative professionals is how to retrieve the digital evidence from storage devices and how to take the suspect to court. Digital evidence is different from physical. When the investigative professionals face the cases of computer crime, they must handle digital evidences properly to guarantee integrity and non-repudiation. This paper discusses a standard operating procedure to conduct inquires by the Ministry of Justice, Investigation Bureau (MJIB) in Taiwan, to achieve above goals. To enhance the quality and security of managing digital evidence, we also consider access control and fingerprint mechanisms to protect digital evidence from being misused, disclosed, or modified by malicious users. The results of this paper can be used to improve digital forensics in Taiwan.