Scientific Working Group on Digital Evidence (SWGDE) β Digital Forensics Document Archive
Comprehensive library of peer-reviewed best-practice guidance documents and SOPs used internationally by forensic practitioners, law enforcement agencies, and regulatory investigators.
π SWGDE & SWGIT Document Archive
π Key Uses for Council Investigators:
Handling and examination of:
Computers, mobile devices, and digital storage media
Network logs and cloud-based data
Standard Operating Procedures (SOPs) and process templates
Guidance on:
Chain of custody
Validation of forensic tools
Reporting and courtroom presentation of digital evidence
Notable documents include:
Best Practices for Computer Forensics
Best Practices for Mobile Device Examinations
Validation and Verification of Forensic Tools
Model SOPs for Digital Evidence Handling
β Why Itβs Useful for Council Investigators:
Offers practical, professional-grade resources to inform the handling of digital evidence in compliance cases
Documents are publicly accessible, jurisdiction-neutral, and easily adaptable
Helps build a robust and defensible digital evidence process suitable for investigations involving:
Unlawful surveillance
Social media complaints
Data collected from public spaces or private premises (with consent or warrant)
Magnet Forensics Blog
Commercial but well-regarded source of tutorials, digital forensic workflows, and real-world case studies
π Focus Areas:
Real-world examples involving:
USB and portable media forensics
Windows system artifacts and logs
Mobile phone extraction and analysis
Chain of custody and evidence handling in a digital context
Clear documentation and tool-supported approaches
β Why It's Useful for Council Investigators:
While not a government site, it offers practical case-driven insights into digital evidence workflows that apply directly to investigations involving:
Unlawful surveillance
Social media misconduct
Access to shared systems or files
Digital Evidence Manual β OER Collective (Australia)
A practical and comprehensive manual for understanding, collecting, and analysing digital evidence across modern investigative environments.
π Digital Evidence Manual β Full Guide
π Chapter 14 β The Investigation
π Focus::
Understanding digital ecosystems (phones, cloud services, IoT, metadata)
Identifying and preserving digital evidence
Collection and seizure techniques
Chain of custody and authenticity concerns
Legal, ethical, and procedural considerations in digital forensics
Guidance tailored to Australian legal frameworks
NIJ β Electronic Crime Scene Investigation Guide
Internationally recognised best-practice guide for handling digital evidence in field investigations
π Key Topics Covered:
What to do first on scene involving digital evidence
What not to touch before imaging or isolating devices
How to properly handle and package:
Laptops
Mobile phones
USBs and hard drives
Routers and networked devices
Preventing remote tampering or evidence loss
β This guide is an ideal reference for council officers involved in:
Unlawful dumping with surveillance footage
Planning breaches with GPS data
Social media-related misconduct or harassment
Australian Cyber Security Centre (ACSC)
National technical authority providing guidance on forensic readiness, incident response, and secure handling of digital evidence
π ACSC β Forensics & Investigations
π Focus Areas:
Network traffic and log collection for investigative purposes
System-level forensics: hard disk imaging, log retention, event auditing
Protocols for:
Data breaches
Insider threats
Misuse of council systems or credentials
Designed for technical responders, but principles apply to investigators preparing evidence for legal or disciplinary action
β Why Itβs Relevant for Council Investigators:
Helps structure internal digital investigations (e.g. staff misuse of systems)
Supports forensic preservation when working with IT teams or third-party vendors
Promotes defensible logging practices if evidence is later relied on in disciplinary hearings, QCAT, or court
