Adhering to NIST Guidelines and Expert Witness Codes
At Notion Digital Forensics, we adhere to the NIST 800-61 Rev 2 “Computer Security Incident Handling Guide”1 and our in-house Notion Digital Forensics Procedures (NDFPs) for prompt and effective live responses. In conducting investigations, we follow the NIST 800-86 “Guide to Integrating Forensic Techniques into Incident Response”2 and our NDFPs to ensure a thorough approach.
In all cases, we comply with the Expert Witness Code specific to the jurisdiction in which we operate. In Australia, this typically means adhering to the GPN-EXPT3 or equivalent codes in various courts and tribunals, while in New Zealand, we follow the “Code of Conduct for Expert Witnesses.”4
Below, we’ve outlined a few key strategies we employ for certain types of evidence collection.
Streamlined Microsoft Office 365 Evidence Collection for Digital Forensic Investigations
This document outlines our procedure for gathering Microsoft Office 365 evidence in a professional, efficient, and user-friendly manner. We adhere to relevant technical and expert
Forensic extraction process for consumer messaging accounts
This document outlines our procedure for gathering online and offline consumer information through consented access or a ‘consent order.’ Our approach is designed to be
References
- Cichonski, P. et al. (2012) Computer Security Incident Handling Guide, Computer Security Resource Centre. National Institute of Standards and Technology (NIST) (USA). Available at: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final (Accessed: April 25, 2023).[↩]
- Kent, K., Chevalier, S., Grance, T. and Dang, H. (2006). SP 800-86 -Guide to integrating forensic techniques into incident response, National Institute of Standards and Technology (NIST), United States, [online] doi:https://doi.org/10.6028/nist.sp.800-86[↩]
- Allsop, C.J. (2016). Expert Evidence Practice Note (GPN-EXPT). Federal Court of Australia, Available at: [online] https://www.fedcourt.gov.au/law-and-practice/practice-documents/practice-notes/gpn-expt.[↩]
- New Zealand Government, High Court Rules 2016 (LI 2016/225) (as at 23 June 2022) Schedule 4 Code of conduct for expert witnesses – New Zealand Legislation. [online] Available at: https://www.legislation.govt.nz/regulation/public/2016/0225/latest/DLM6953324.html [Accessed 25 Apr. 2023][↩]
