South Korea early this month announced its first digital evidence process guideline, which aims to identify standard procedures that can better help fight cyber crimes.
Called Standard Digital Evidence Process Guideline, the study is the first in the country and was jointly released by the South Korean police and digital forensics society.
Beyond worms and hacking attacks, cyber or computer-related crimes are extending into more serious crimes such as murder, rape and identity fraud. This has heightened the urgency to come up with standard digital evidence guidelines to help such investigations. Other leading nations including the United States and United Kingdom, have already established similar guidelines.
Cyber crimes are not subject to international boundaries, and combating cyber crime and high-tech crime needs to be brought to an international level. For that reason, exchanging information of other nation's digital evidence could reduce legal red tape and public notifications domestically.
Professor Sangjin Lee of the Korea Digital Forensics Society, explained: "To establish solid standards for digital crime investigation, the guideline was created. The digital forensics guideline can serve as a clear cut tools for combating cyber crime investigations. This means both law officials and enforcements can both benefit."
Law professor Kun-won Yang of the Cyber Terror Response Center, stressed: "Leading nations like the U.S. and U.K. have established standard procedures long ago. Korea's standard, I believe, is the first case in Asia. With the standard guideline, producing and managing more accurate and clear digital crime evidence is possible now."
Regular updates needed
The latest announcement of Korean forensics guidelines are formed in two sections: a standard for digital evidence processing and digital evidence analyzing procedures.
Police officials released the digital evidence processing guideline, but did not reveal the nature of evidence-analyzing procedures in order to prevent any loopholes from being uncovered by cyber criminals looking to find ways to avoid prosecution.
Industry analysts pointed out that the established guidelines should have clear-cut procedures to indicate limits of evidence tampering, how evidence is kept and how the evidence-analyzing environment is managed. Also, they noted that hiring process for evidence-lab technicians still need to be looked into and amendments to these various guidelines should be regularly updated.
There are also questions on whether technicians will use domestic or foreign produced laboratory equipments to analyze evidence. There is now an ongoing discussion on how the Korean standard procedures hold up against international standard.
Jungsoo Byun of the country's Cyber Terror Response Center, said: "The standard procedure for digital evidence analyzing should be updated on regular basis, and not just [be done as a] one-time [implementation.
"The updates should come from laboratory and institutes and not from investigating agency. Police and prosecutors should continue to fashion a new weapon in their arsenal against criminals."
Youngjung Yoo is a writer with ZDNet Korea.