Forensic Examination of Digital Evidence: A Guide for Law Enforcement is the second guide published since NIST was asked in 1998 by the National Institute of Justice (NIJ) to work on computer forensics.
At the request of NIJ, NIST recently convened a panel of computer forensics experts that pooled their expertise to shape the content of the new guide. NIST staff then organized the information into an easily understood and highly usable document.
The guide provides practical techniques for extracting digital data without either inadvertently altering the information or making it appear that it has been altered. For example, one section describes the right type of search warrant to access the data. Another lesson explains how data must be extracted without changing "modified dates" or other record fields that may lead to charges of evidence tampering.
Other topics covered in the publication include securing digital evidence, hardware/software operating systems, physical access, internal or external storage devices, and the retrieval of configuration information.
The guide can be downloaded in ASCII text and Adobe Acrobat (pdf) format from the NIJ Web site. Go to www.ojp.usdoj.gov/nij/pubs.htm and enter publications number NCJ 199408 into the search engine.