The guide aims to be a practical tool explaining the principles of sound evidence gathering and raising the right questions for collecting and securing digital evidence. The study complements the existing, vast, material on ‘digital forensics and evidence gathering’, which in most cases is written from the law enforcement perspective. For most CERTs this is a limited, and for many, a relatively new field of operation with a growing importance.
Digital investigation and forensics are usually provided by CERTs as a service, on an ‘on-demand’ basis. A higher level of mutual understanding and collaboration between CERTs and law enforcement is considered to be the way forward to improve both the quality and the speed of results achieved in the fight against cybercrime.
For the full report: Electronic evidence - a basic guide for First Responders
For the last three years, ENISA has engaged with the CERT and law enforcement communities to collect and share good practices, and useful fields of collaboration, in the area of fighting cybercrime, while also organising regular collaboration workshops.
The report is a continuation of the work done by ENISA in the field of good practices for CERTs and LEAs in the fight against cybercrime. It follows the Baseline capabilities of non Governmental CERTs - Updated Recommendations 2012, the updated set of recommendations on baseline capabilities for non-Governmental CERTs in Europe, and the training material developed based on these principles, namely the Digital Forensics Training Handbook.
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!