Digital Evidence Bag

Bag it and tag it, electronically, with a Digital Evidence Bag. It's the computerized version of an evidence bag used to store things kept to solve a case and convict a perpetrator.

A Digital Evidence Bag actually consists of several related files:


 * A .bag file containing the raw data (network captures, device bit stream, etc.)
 * A .tag file containing metadata (in plain text) that is specific to the case.
 * A .index file containing metadata related to the data sources, file formats, and devices used.

Like with a lot of obvious, generic concepts, somebody is trying to get a patent on this whole idea of keeping evidence in a digital file with a tag file accompanying it.

Links

 * Forensics Wiki page
 * Article on digital evidence bags
 * Best Practices In Digital Evidence Collection
 * Forensic discovery auditing of digital evidence containers
 * Filesystem support for digital evidence bags
 * US Patent Application US20080195543 A1