Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Digital Evidence Subcommittee

Members of the OSAC Digital Evidence Subcommittee
Members of the Digital Evidence Subcommittee at the July 2019 OSAC Meeting in Orlando, Florida.

Officers | Members | Standards | Discipline-Specific Baseline Documents | Research & Development Needs | Presentations

The Digital Evidence Subcommittee focuses on standards and guidelines related to information of probative value that is stored or transmitted in binary form. 

Officers

Lam Nguyen, Acting Subcommittee Chair, DoD Cyber Crime Center

Vacant, Subcommittee Vice Chair

Vacant, Subcommittee Executive Secretary

Members

Joshua Brunty, Marshall University

Ovie Carroll, U.S. Department of Justice

John Duckworth, U.S. Postal Service - Office of Inspector General

Sabrina Feve, U.S. Department of Justice (Legal Resource Representative)

Barbara Guttman, National Institute of Standards and Technology

David Hallimore, Recorded Evidence Solutions, LLC

James Holland, Wal-Mart Stores, Inc.

John Holloway, University of Pennsylvania (Human Factors Representative)

Mary Horvath, Federal Bureau of Investigation

Christopher Kelly, Massachusetts Attorney General (Legal Resource Representative)

James Lyle, Ph.D., National Institute of Standards and Technology

Mark Phillips, Johnson County (Kansas) Sheriff's Office Criminalistics Laboratory

Ryan Pittman, NASA Office of Inspector General Computer Crimes Division

Paul Reedy, District of Columbia Consolidated Forensic Laboratory - Department of Forensic Sciences

Marcus Rogers, Ph.D., Purdue University

Brian Russell, U.S. Fish & Wildlife Service

Blake Sawyer, Amped Softwear, Inc.

Clayton Schilling, CACI, Inc., Digital Forensics Laboratory (CDFL)

David Shaver, U.S. Army

Jeff M. Smith, University of Colorado, Denver

Jay Varda, U.S. Homeland Security Investigations

Tracy Walraven, District of Columbia Consolidated Forensic Laboratory - Department of Forensic Sciences

Standards

Tier 1: On the OSAC Registry

  • None currently.

Tier 2: Published by a SDO

  • ASTM E2916-19e1 Standard Terminology for Digital and Multimedia Evidence Examination.
  • ASTM E3016-18 Standard Guide for Establishing Confidence in Digital and Multimedia Forensic Results by Error Mitigation Analysis.
  • ASTM E3017-19 Standard Practice for Examining Magnetic Card Readers.
  • ASTM E3046-15 Standard Guide for Core Competencies for Mobile Phone Forensics.
  • ASTM E3150-18 Standard Guide for Forensic Audio Laboratory Setup and Maintenance.

Tier 3: Sent to a SDO

  • Standard Guide for Education and Training in Computer Forensics (this is a new revision to ASTM E2678-09(2014)).
  • Forensic Audio Examination Workflow (ASTM WK66298).
  • Core Competencies for Forensic Audio (ASTM WK67924).

Tier 4: Under development

  • Digital Evidence Testimony Preparation.

  • Quality Management System Framework.

  • Digital Evidence Tool Testing.

  • Forensic Report Writing (SWGDE).

  • Preservation of Evidence from Mobile Devices.

Discipline-Specific Baseline Documents

The Forensic Science Standards Board (FSSB) has provided the opportunity for OSAC Subcommittees to identify baseline documents and reference materials that best reflect the current state of the practice within their respective disciplines. 

These documents contain practical information regarding these disciplines that can help forensic scientists, judges, lawyers, researchers, other interested parties and the general public, to better understand the nature, scope, and foundations of the individual disciplines as they are currently practiced.

It is important to note that the identification of these documents in this venue does not represent an endorsement by OSAC or NIST.  Only documents that are posted on the OSAC Registries constitute OSAC endorsement. All copyrights for these documents are reserved by their owners. Subcommittee position statements or responses to data collections by the subcommittee represent the consensus opinion of the subcommittee, not necessarily the position of the entire OSAC organization or NIST.

SWGDE Best Practices for Digital Audio Authentication
Published: 2016-06-23 | Version: 1.0
The purpose of this document is to provide the background, technical considerations, and potential criteria upon which to conduct forensic authentication examinations of digital audio when its provenance and/or integrity is in question.

SWGDE Best Practices for Photographic Comparison for All Disciplines
Published: 2016-06-23 | Version: 1.0
The purpose of this document is to provide personnel with guidance regarding practices appropriate when performing photographic comparison as a part of forensic analysis (this includes, but is not limited to, fingerprints, tool marks, odontology, etc.) For the purposes of this document, photographic comparison refers to comparing objects recorded on film, digital images, images from video sources, and printed images.

SWGDE Best Practices for Vehicle Infotainment and Telematics Systems
Published: 2016-06-23 | Version: 2.0
The purpose of this document is to describe best practices for acquiring the data contained within infotainment and telematics systems installed in motor vehicles. The intended audience is first responders and/or others involved in the collection of digital data from vehicles.

SWGDE Digital Image Compression and File Formats Guidelines
Published: 2016-06-23 | Version: 1.0
This document provides a foundation of knowledge of compression algorithms and file formats utilized in digital imaging, including photography and scanning. It does not cover video compression algorithms or file formats. Understanding these processes and their advantages and disadvantages will allow agencies to make informed decisions for the appropriate application of file formats and compression algorithms. For a comprehensive understanding, the reader is encouraged to seek out other sources.

SWGDE Image Processing Guidelines
Published: 2016-02-08 | Version: 1.0
The purpose of this document is to provide guidelines for the use of digital image processing and to ensure the production of quality forensic imagery for the criminal justice system. This document includes brief descriptions of advantages, disadvantages, and potential limitations of each major process.

SWGDE Best Practices for Chip-Off
Published: 2016-02-08 | Version: 1.0
This document describes best practices for acquiring data contained within a device by removing the flash memory chip from the printed circuit board (PCB) and directly reading the data from the chip. This document supplements and expands upon the material in SWGDE Best Practices for Mobile Phone Forensics. While the chip-off method of data extraction is commonly used on mobile devices, this technique can also be used to acquire data from other devices with flash memory attached to a PCB.

SWGDE Best Practices for Collection of Damaged Mobile Devices
Published: 2016-02-08 | Version: 1.1
This document provides basic information on the handling of mobile devices damaged by liquid, structural damage, or thermal exposure. The intended audience is first responders and/or others involved in the collection of damaged mobile devices.

SWGDE Training Guidelines for Video Analysis, Image Analysis and Photography
Published: 2016-02-08 | Version: 1.1
The purpose of this document is to provide guidelines and recommendations to assist organizations in designing a training program for forensic video analysts, image analysts, and photographers to ensure competency in the completion of forensic tasks and analyses.

SWGDE Proficiency Test Guidelines
Published: 2015-09-29 | Version: 1.0
The purpose of this document is to provide guidance for testing core competencies for a Digital and Multimedia Evidence (DME) proficiency test program.

SWGDE Recommendations and Guidelines for Using Video Security Systems
Published: 2015-09-29 | Version: 1.0
The purpose of this document is to provide recommendations and guidelines for the use of video security systems. For the purpose of this document, fixed-site surveillance cameras and recording devices will be discussed. In most cases, these basic principles and recommendations can be applied to any video system using surveillance cameras and video recorders. This document addresses analog and digital video systems. The intent of these recommendations and guidelines is to optimize image quality to facilitate the identification of unknown people and objects depicted therein.

SWGDE Best Practices for Examining Magnetic Card Readers
Published: 2015-09-29 | Version: 2.0
The purpose of this document is to describe best practices for seizing, acquiring, and analyzing the data contained within magnetic card readers, or "credit card skimmer". As a skimming device is not typically deemed contraband, it is the responsibility of the investigator/examiner to determine if the device was used illegally.

SWGDE Best Practices for Examining Mobile Phones Using JTAG
Published: 2015-09-29 | Version: 1.0
The purpose of this document is to describe best practices for acquiring data contained within a mobile device using a Joint Test Action Group (JTAG) boundary scan technique as defined in IEEE 1149.1-2013, IEEE Standard for Test Access Port and Boundary-Scan Architecture. This document supplements and further expands upon the material in SWGDE Best Practices for Mobile Phone Forensics, which should be referenced prior to reading this document.

SWGDE Best Practices for the Forensic Use of Photogrammetry
Published: 2015-09-29 | Version: 1.0
The purpose of this document is to provide personnel with recommendations regarding appropriate practices when performing photogrammetric examinations as a part of forensic analysis.

SWGDE Best Practices for Forensic Audio
Published: 2015-06-30 | Version: 2.1
The purpose of this document is to provide forensic audio practitioners recommendations for the handling and examination of forensic audio evidence in order to successfully introduce such evidence in a court of law.

SWGDE Establishing Confidence in Digital Forensic Results by Error Mitigation Analysis
Published: 2015-02-05 | Version: 1.5
The purpose of this document is to provide a process for recognizing and describing both errors and limitations associated with tools used to support digital forensics. This document proposes that confidence in digital forensic results is best achieved by using an error mitigation analysis approach that focuses on recognizing potential sources of error and then applying techniques used to mitigate them.

SWGDE Focused Collection and Examination of Digital Evidence
Published: 2014-09-05 | Version: 1.0
The purpose of this document is to provide the examiner with considerations to address when dealing with the review of large amounts of data and/or numerous devices.

SWGDE Best Practices for Handling Damaged Hard Drives
Published: 2014-09-05 | Version: 1.0
The purpose of this document is to describe the best practices for handling magnetic media hard drives when the data cannot be accessed via standard methods.

SWGDE Best Practices for Computer Forensics
Published: 2014-09-05 | Version: 3.1
The purpose of this document is to describe the best practices for collecting, acquiring, analyzing and documenting the data found in computer forensic examinations.

SWGDE Capture of Live Systems
Published: 2014-09-05 | Version: 2.0
The purpose of this document is to provide guidance to the forensic community on acquiring data from live computer systems. A primary concern is the ability to capture and save data in a usable format. Factors such as the volatility or the volume of data, restrictions imposed by legal authority, or the use of encryption may dictate the need to capture data from systems without interrupting the power cycle.

SWGDE Recommended Guidelines for Validation Testing
Published: 2014-09-05 | Version: 2.0
Validation testing is critical to the outcome of the entire examination process. Validation, based on sound scientific principles, is required to demonstrate that examination tools (hardware and software), techniques and procedures are suitable for their intended purpose. Tools, techniques and procedures should be validated prior to initial use in digital forensic processes. Failure to implement a validation program can have detrimental effects.

SWGDE Best Practices for Mobile Phone Forensics
Published: 2013-02-11 | Version: 2.0
The purpose of this document is to describe the best practices for mobile phone forensics.

SWGDE Core Competencies for Mobile Phone Forensics
Published: 2013-02-11 | Version: 1.0
This document provides an outline of the knowledge and abilities all practitioners of mobile phone forensics should possess. The following elements provide a basis for training and testing programs. This basis is suitable for certification, competency and proficiency testing.

SWGDE Best Practices for Portable GPS Devices
Published: 2012-09-12 | Version: 1.1
The purpose of this document is to describe the best practices for portable GPS device examinations and provides basic information on the logical and physical acquisition of GPS devices.

SWGDE Core Competencies for Forensic Audio
Published: 2011-09-15 | Version: 1.0
This document provides an outline of the knowledge and abilities all practitioners of forensic audio must possess. Its elements provide a basis for training and testing programs. This basis is also suitable for certification, competency, and proficiency testing.

Minimum Requirements for Quality Assurance in the Processing of Digital and Multimedia Evidence
Published: 2010-05-15 | Version: 1.0
The purpose of this document is to describe the minimum requirements necessary to achieve quality assurance in regard to completing forensic examinations.

SWGDE-SWGIT Guidelines and Recommendations for Training
Published: 2010-01-15 | Version: 2.0
The purpose of this document is to provide guidelines and recommendations to assist with designing a proper training program.

ACPO Good Practice Guide for Digital Evidence

Searching and Seizing Computers and Obtaining Electronic Evidence In Criminal Investigations

Digital Forensics Analysis Flow Methodology Chart

Guidelines for Best Practice In the Examination of Digital Technology

Best Practice Manual for the Forensic Examination of Digital Technology (LINK EXPIRED)

NIST Computer Forensic Tool Testing Program

NIST Computer Forensic Reference Data Sets (CFReDS)

DHS Computer Forensic Tool Testing (CFTT) Reports

ISO/IEC 27037:2012 Guidelines for identification, collection, acquisition and preservation of digital evidence

ASTM E30.12

****Forensic Science Regulator

Research & Development Needs

Presentations

  • None currently.

In general, the development of standards and guidelines is transitioning from the Scientific Working Groups (SWGs) to the OSAC. Some SWGs will continue to operate to provide other resources within their discipline. The existing SWG documents will remain in effect until updated documents are disseminated by the OSAC or the SWG. SWGDAM will retain the responsibility for updating the FBI DNA Quality Assurance Standards.

– Forensic Science Standards Board: March 2015

Created December 18, 2014, Updated April 9, 2020