• Skip to primary navigation
  • Skip to main content

CINA.

  • About
    • Mission
    • People
  • Research
    • Research
    • Projects
    • RFPs
  • Education
    • Resources
    • Internships
  • Publications
    • Newsletter Archive
    • Director’s Blog
  • News & Events
    • News
    • CINA Director’s Blog
    • Digital Archive
    • Events
    • Work with Us
  • Contact
  • Search Toggle
  • Skip to content

Best Practices for Sharing Digital Evidence

Jan 2018

  • Project Fact Sheet

The purpose of this project is to assist DHS in identifying best practices for cyber forensics. The best practices will be used to identify gaps in current DHS training programs and to develop certification standards for DHS investigative organizations. Investigations of crimes increasingly involve capturing, storing, analyzing, and sharing digital evidence. Digital evidence may be extracted from a great variety of smart devices, including smartphones, computers (that store cookies, emails, browsing histories), portable storage devices, components of the Internet (e.g., cloud-based storage, P2P networks, social media), in-vehicle navigation systems, dashboard- and body-cameras, and a growing number of devices comprising the Internet of Things. The chain of evidence from initial collection through its analysis and presentation in court involves different people, organizations, storage mechanisms, and networks. Not only must a chain of custody be maintained, but also care must be taken to ensure that data is protected so the digital evidence is “as originally discovered,” and the privacy rights of victims, suspects, and others are protected. The situation is dynamic, since computer-based and computer-enabled crime is constantly changing. For example, the methods of identity theft today are totally different than they were ten years ago. Smartphones today are ubiquitous and a potentially rich source of evidence for many crimes if seized and handled appropriately. Cloud-based storage means that evidence may physically reside in a different state or a different nation than where a crime was committed. Laws governing privacy and search and seizure can differ across these boundaries. Legal rulings and equipment manufacturers’ practices regarding encrypted information are evolving. Investigators and law enforcement need to understand how and whether they can legally obtain digital evidence. Effectively and legally managing all aspects of digital evidence requires a set of best practices for investigators. A recent RAND study (Goodison et al., 2015) identified what is needed to improve performance in criminal justice agencies. Among its recommendations are two that speak to the significance of the proposed work: (a) “Enable first-responding patrol officers and detectives to be better prepared for incident scenes where digital evidence might be present.” This recommendation requires best practices and training “to secure and use digital evidence to preserve chain of custody and later admissibility in court.” (b) “Provide better prioritization and triage analysis of digital evidence given scarce resources.” This recommendation speaks to improving the efficiency of managing digital evidence.

Authors

  • Fred Roberts
  • Midge Cozzens
  • Linda Tartaglia
  • Dennis Egan
  • Christie Nelson

Topics:

  • Forensic Investigations
  • Training

Research Areas:

  • Criminal investigative processes
  • Digital evidence
  • Training

*The programs and services offered by George Mason University are open to all who seek them. George Mason does not discriminate on the basis of race, color, religion, ethnic national origin (including shared ancestry and/or ethnic characteristics), sex, disability, military status (including veteran status), sexual orientation, gender identity, gender expression, age, marital status, pregnancy status, genetic information, or any other characteristic protected by law. After an initial review of its policies and practices, the university affirms its commitment to meet all federal mandates as articulated in federal law, as well as recent executive orders and federal agency directives.

CINA Now

Events

All Events

Publications

The Key to Deobfuscation is Pattern of Life, not Overcoming Encryption

Published: Oct 4, 2025

The Organized Activities of Ransomware Groups: A Social network Approach

Published: Mar 14, 2025
All Publications

News

CINA Distinguished Speaker Series with Colton Seale: Interviewer Mindset

CINA  |   April 3, 2025  |   Posted In:
  • Digital Archive
  • Uncategorized

CINA  |   March 6, 2025  |   Posted In:
  • Uncategorized
All News

Science and Technology Directorate’s Office of University Programs
CINA at George Mason University Logo
Copyright © 2025 All Rights Reserved | CINA Is A Department of Homeland Security Center of Excellence led by George Mason University
  • Facebook
  • Twitter
  • Instagram
  • Linkedin
  • YouTube