A guide intended for use by law enforcement and judicial authorities has been developed within the framework of EU-funded CyberSouth Project. This guide includes Standard Operating Procedures (SOP) aiming at covering procedures to be followed for the onsite retrieval, securing, transport and handling of digital evidence, as well as its analysis and presentation.
The guide also includes procedures to cover new technologies such as mobile devices and cloud storage. It has a section about live data forensics raising awareness for the importance of acquiring volatile data.
A forensic analysis of a computer system, computer data or storage device requires not only the approval of a competent authority but also the observance of technical requirements and well-defined steps to ensure the integrity of the extracted data and their presentation in a way that allows prosecutors and judges to understand and admit them in prosecutions or court cases.
CyberSouth is a joint project of the European Union and the Council of Europe. It contributes to the prevention and control of cybercrime and other offences involving electronic evidence in the region of the Southern Neighbourhood, in line with international human rights and rule of law standards and good practices.