The Association of Chief Police Officers
The Association of Chief Police Officers of England, Wales and Northern Ireland (ACPO) was a not-for-profit private limited company that, for many years, was the lead in developing policing practices in England, Wales, and Northern Ireland. The association provided a forum for chief police officers to share ideas and coordinate strategic operational responses to specific needs, and as such, became the de facto forum through which the guidelines for dealing with all aspects obtaining and presenting electronic digital evidence were created and maintained.
“Having given expert testimony for cases in the UK, Europe, Asia, the USA and the Middle East. It is clear that in all but name the principles set out in guidelines have become the de facto standards by which electronic evidence is dealt with in these territories too.”
The current guidelines comprise many hundreds of pages, full details of which can be found here. However, there are four key principles that need to be borne in mind when obtaining electronic data for evidential purposes.
Principle two states:
In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining both the relevance and implications of their actions.
In other words, this activity should be undertaken by someone qualified to do so – an expert.
Principle three states:
An audit trail or other record of all processes applied to digital evidence should be created and preserved. And that an independent third party should be able to examine those processes, replicate them and achieve the same result.
Principle four states:
That the person in charge has overall responsibility for ensuring that the principles are adhered to.
EviTrack application compliance
When designing and modifying the applications that have and will be made publicly available, we took into consideration ACPO guidelines. And assuming the application has been used correctly, the principles set in the guidelines will be complied with.
As an example, EviTrack’s Assure application is provided on a Linux based platform that ensures:
- The operating system and built-in applications primarily operate in read only mode and only create output or write to known storage areas.
- The read-only status is monitored and maintained throughout the acquisition process. And as such remains compliant with the standards.
- In forensic mode, md5 hashing of both the source and copy data are undertaken to confirm that an exact replica of the digital evidence has been obtained.
For more information go to Forensics (college.police.uk)