It gives me great pleasure to introduce the fourth version of the Association of Chief Police Officers’ (ACPO) Good Practice Guide for Computer-Based Electronic Evidence. I would like to personally thank all of the public and private sector authors for their valuablecontributions towards making this latest revision a timely reality. In particular, I would like to thank 7Safe for their assistance in publishing the document itself. With ever-increasing numbers of digital seizures and constantly developing technology, these guidelines are essential to informing the collection and preservation of this most fragile form of evidence. Previous versions of thisdocument have set vital standards for law enforcement and corporate investigators alike, a position I would like to see continue with this and future revisions of the document. The continuing fast paced evolution of both hardware and software makes it essential to develop best practice in line with the technical challenges which we face when capturing digital evidence, in order to prevent itscontamination or loss. This latest revision has been not only timely, but also essential, in order that our practices are fit for purpose when considering recent and upcoming advances in every day technology. Historically, the impact of e-crime or computer related crime has involved only a small proportion of victims and investigators. However, this position is changing and the impact of digital evidencewithin ‘conventional’ investigations is already widespread. Indeed, any investigation within the public or private arena is likely to involve the seizure, preservation and examination of electronic evidence, therefore a digital evidence strategy must form an integral part of the wider investigative process. I commend this guide and recommend the application of its principles to both managers andpractitioners alike. Sue Wilkinson Commander, Metropolitan Police Service Chair of the ACPO E-Crime Working Group
7Safe has partnered with the ACPO E-Crime Working Group in the publication of this guide. As a contributing author of this document, 7Safe’s considerable research in the field of digital forensics has focused not only on traditional approaches to digital evidence, butalso the fast-evolving areas of volatile data, live acquisition and network forensics. The future of digital forensics will present many challenges and in order to optimise the credibility of investigators, the progressive and proven practices outlined in this guide should be adhered to. The traditional “pull-the-plug” approach overlooks the vast amounts of volatile (memory-resident andephemeral) data that will be lost. Today, investigators are routinely faced with the reality of sophisticated data encryption, as well as hacking tools and malicious software that may exist solely within memory. Capturing and working with volatile data may therefore provide the only route towards finding important evidence. Thankfully, there are valid options in this area and informed decisions can be madethat will stand the scrutiny of the court process. The guide also considers network forensics pertaining to “information in transit” i.e. as it passes across networks and between devices, on a wired and wireless basis. As forensic investigators, we need to take into consideration, where legally permitted, the flow of data across networks. This type of approach can prove critical when analysingand modelling security breaches and malicious software attacks. 7Safe advocates best practice in all dealings with electronic evidence. By publishing this guide in conjunction with ACPO, our aim is to help ensure that procedural problems do not arise during investigations or in the court room and that the very highest of standards are achieved and maintained by those working in the electronic...