Digital Evidence and Forensics

Computers are used for committing crime, and, thanks to the burgeoning science of digital evidence forensics, law enforcement now uses computers to fight crime.

Digital evidence is information stored or transmitted in binary form that may be relied on in court. It can be found on a computer hard drive, a mobile phone, a personal digital assistant (PDA), a CD, and a flash card in a digital camera, among other places.[1] Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud. However, digital evidence is now used to prosecute all types of crimes, not just e-crime. For example, suspects' e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects. In 2005, for example, a floppy disk led investigators to the BTK serial killer who had eluded police capture since 1974 and claimed the lives of at least 10 victims.

In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also known as computer forensics, into their infrastructure. Law enforcement agencies are challenged by the need to train officers to collect digital evidence and keep up with rapidly evolving technologies such as computer operating systems.

NIJ's Electronic Crime Program, which includes the Electronic Crime Center of Excellence, supports the development of tools to assist state and local law enforcement in combating e-crime and collect digital evidence. The program has five main focus areas:

See also these resources from the National Institute of Standards and Technology:

  • The National Software Reference Library — provides law enforcement with an automated method of sorting through digital files.
  • Computer Forensic Tool Testing — establishes a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools capabilities.


[1] For a more complete discussion on the types of devices, see chapter one "Electronic Devices: Types, Description and Potential Evidence Electronic" in Crime Scene Investigation: A Guide for First Responders, Second Edition.

Date Created: November 5, 2010