Digital Evidence Bag
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) (Created page with "{{FormatInfo |formattype=electronic |subcat=Forensics and Law Enforcement |extensions={{ext|bag}}, {{ext|tag}}, {{ext|index}} }} Bag it and tag it, electronically, with a '''[...") |
(Updating Forensics Wiki links) |
||
| Line 4: | Line 4: | ||
|extensions={{ext|bag}}, {{ext|tag}}, {{ext|index}} | |extensions={{ext|bag}}, {{ext|tag}}, {{ext|index}} | ||
}} | }} | ||
| − | Bag it and tag it, electronically, with a ''' | + | Bag it and tag it, electronically, with a '''Digital Evidence Bag'''. It's the computerized version of an evidence bag used to store things kept to solve a case and convict a perpetrator. |
A Digital Evidence Bag actually consists of several related files: | A Digital Evidence Bag actually consists of several related files: | ||
| Line 15: | Line 15: | ||
== Links == | == Links == | ||
| − | * [ | + | * [{{ForensicsWikiURL|digital_evidence_bags}} Forensics Wiki page] |
* [http://www.sriramrajan.com/files/deb.pdf Article on digital evidence bags] | * [http://www.sriramrajan.com/files/deb.pdf Article on digital evidence bags] | ||
* [http://computer-forensics.sans.org/blog/2009/09/12/best-practices-in-digital-evidence-collection/ Best Practices In Digital Evidence Collection] | * [http://computer-forensics.sans.org/blog/2009/09/12/best-practices-in-digital-evidence-collection/ Best Practices In Digital Evidence Collection] | ||
Latest revision as of 13:17, 2 September 2023
Bag it and tag it, electronically, with a Digital Evidence Bag. It's the computerized version of an evidence bag used to store things kept to solve a case and convict a perpetrator.
A Digital Evidence Bag actually consists of several related files:
- A .bag file containing the raw data (network captures, device bit stream, etc.)
- A .tag file containing metadata (in plain text) that is specific to the case.
- A .index file containing metadata related to the data sources, file formats, and devices used.
Like with a lot of obvious, generic concepts, somebody is trying to get a patent on this whole idea of keeping evidence in a digital file with a tag file accompanying it.
