Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


This paper introduces the Digital Records Forensics project, a research endeavour located at the University of British Columbia in Canada and aimed at the development of a new science resulting from the integration of digital forensics with diplomatics, archival science, information science and the law of evidence, and of an interdisciplinary graduate degree program, called Digital Records Forensics Studies, directed to professionals working for law enforcement agencies, legal firms, courts, and all kind of institutions and business that require their services. The program anticipates the need for organizations to become “forensically ready,” defined by John Tan as “maximizing the ability of an environment to collect credible digital evidence while minimizing the cost of an incident response (Tan, 2001).” The paper argues the need for such a program, describes its nature and content, and proposes ways of delivering it.


Ansani, M. (1999), “Diplomatica (e diplomatisti) nell’arena digitale.” Scrineum (1): 1-11.

Arkfeld, M. R. (2002-2006), Electronic Discovery and Evidence. Law Partner Publishing, LLC. Phoenix, Arizona.

Barbiche, B. (1996), “Diplomatics of Modern Official Documents (SixteenthEighteenth Centuries): Evaluation and Perspectives.” American Archivist (59): 422-436.

Bearman, D. (1992), “Diplomatics, Weberian Bureaucracy and the Management of Electronic Records in Europe and America.” American Archivist (55): 168-81.

_______. (2006), “Moments of Risk: Identifying Threats to Electronic Records.” Archivaria (62): 15-46.

Blouin, F. (1996), “A Framework for Consideration of Diplomatics in the Electronic Environment.” American Archivist (59): 466-479.

Boucher, K., and Endicott-Popovsky, B. (2008), “Digital Forensics and Records Management: What We can Learn from the Discipline of Archiving.” In Proceedings of Information Systems Compliance and Risk Management Institute. Seattle, WA: University of Washington.

British Columbia Electronic Evidence Project. (2006). Available at http://www.courtsgov.bc.ca/sc/ElectronicEvidenceProject/ElectronicEvidenceP roject.asp.

Canada Evidence Act, R.S.C. 1985, c. C-5 as am.

Canadian General Standards Board, (2005). Electronic Records as Documentary Evidence (CAN/CGSB-72.34).

Carrier, B. (2005), File System Forensic Analysis. New York: AddisonWesley.

Casey, E. (2004), Digital Evidence and Computer Crime. Maryland Heights, MO: Academic Press.

Casey, E. (2007), “Digital evidence maps-a sign of the times.” Digital Investigations 4 (1-2): 1-2.

Consultative Committee for Space Data Systems (2002), Reference Model for an Open Archival Information System (OAIS). Blue Book, Issue 1 (Washington, D.C.: CCSDS Secretariat). Available at http://public.ccsds.org/publications/archive/650x0b1.pdf

Cox, R. (2006), Ethics, Accountability, and Recordkeeping in a Dangerous World. London, UK: Facet Publishing.

Delmas, B. (1996), “Manifesto for a Contemporary Diplomatics: From Institutional Documents to Organic Information.” American Archivist (59): 438-452.

Delmas, B. and Blouin F. (1996), “De la diplomatique medievale a la diplomatique Contemporaine. Actes du colloque organise par l’Ecole nationale des chartes et la Bentley historical Library de l’universite de Ann-Arbor (Michigan, Etat-Unis). Paris, 6-10 Juillet 1992 et Ann-Arbor, 5-9 juillet 1993.” La gazette des archives (172): 7-106. [Also in American Archivist 59]

Department of Defense (2002), DoD 5015.2 STD, Design Criteria Standard for Electronic Records Management Software Applications. Available at http://jitc.fhu.disa.mil/recmgt/standards.html (DoD 5015.2-STD, dated April 2007).

Digital Forensics Research Workshop (2001). Available at http://www.dfrws.org/2001/dfrws-rm-inal.pdf, p. 16.

Digital Records Forensics Project (2008-2011). Available at http://www.digitalrecordsforensics.org/index.cfm

Duff, W. M., Marshall, A., Limkilde, C. and van Ballegooie, M. (2006), “Digital Preservation Education: Educating or Networking?” The American Archivist (69): 188-212.

Duranti, L. (1996), “Archival Science,” in Encyclopedia of Library and Information Science. Allen Kent ed., vol. 59. New York, Basel, Hong Kong: Marcel Dekker, INC., 1-19.

_______. (1998), Diplomatics: New Uses for an Old Science. Lanham, Maryland, and London: Scarecrow Press, with Society of American Archivists and Association of Canadian Archivists.

_______. ed. (2005), The Long-term Preservation of Authentic Electronic Records: Findings of the InterPARES Project. San Miniato, IT: Archilab.

_______. (2009a), “Diplomatics,” in Encyclopedia of Library and Information Science. Marcia Bates, Mary Niles Maack, Miriam Drake eds. New York, Basel, Hong Kong: Marcel Dekker, INC.

_______. (2009b), “From Digital Diplomatics to Digital Records Forensics,” Archivaria (68): 39-66.

Duranti, L. and MacNeil, H. (1997), “The Preservation of the Integrity of Electronic Records: an Overview of the UBC-MAS Research Project.” Archivaria (42): 46-67.

Duranti, L., Eastwood, T. and MacNeil, H. (2002), The Preservation of the Integrity of Electronic Records. Dordrecht: Kluwer Academic Publishing-.

Duranti, L. and Thibodeau, K. (2006), “The Concept of Record in Interactive, Experiential and Dynamic Environments: the View of InterPARES.” Archival Science (6): 13-68.

Electronic Transactions Act, S.B.C. 2001, c. 10.

Endicott-Popovsky, B., Frincke, D., and Taylor, C. (2007), “A Theoretical Framework for Organizational Network Forensic Readiness.” The Journal of Computers, 2 (3), 1-11.

Endicott-Popovsky, B. and Frincke, D. (2007a), “Embedding Hercule Poirot in Networks: Addressing Inefficiencies in Digital Forensic Investigations.” In Proceedings of the Human Computer Interface (HCI) Conference. Beijing, China, pp. 364-372.

____ (2006), “Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations.” In Proceedings from the 7th IEEE Systems, Man and Cybernetics Information Assurance Workshop. West Point, NY: United States Military Academy, pp.133-139.

Endicott-Popovsky, B, Ryan, D., Frincke, D. (2005), “The New Zealand Hacker Case: A Post Mortem.” In Proceedings of the Safety and Security in a Networked World: Balancing Cyber-Rights & Responsibilities Conference. Oxford, England: Oxford Internet Institute. Available at http://www.oii.ox.ac.uk/research/cybersafety/?view=papers

Endicott-Popovsky, B.E. and Frincke, D. (2005a), “Redefining Computer Security to Include Forensics.” Presented at 8th Annual Recent Advances in Intrusion Detection (RAID) Conference, Seattle, WA.

______ (2004), “Adding the Fourth "R." ” In Proceedings of the 5th IEEE Systems, Man and Cybernetics Information Assurance Workshop. West Point, NY: United States Military Academy, pp.442-443.

European Commission (2008), Model Requirements for the Management of Electronic Records (MoReq2). Available at http://www.projectconsult.net/Files/MoReq2_body_v1_0.pdf

Farmer, D. and Venema, W. (2004), Forensic Discovery. New York: AddisonWesley.

Gahtan, A. M. (1999), Electronic Evidence. Ontario, CA: Carswell Thomson Professional Publishing.

Guidelines for the Discovery of Electronic Documents (Ontario) (2005), Available at http://www.commonwealthlegal.com/pdf/EDiscoveryGuidelinesOct2005.pdf.

Guyotjeannin, O. (1996), “The Expansion of Diplomatics as a Discipline.” American Archivist (59): 414-21.

Guyotjeannin, O. ed. (2002), “Exportations de la diplomatique, I, Mondes anciens.” Bibliothèque de l’École des chartes (160): 475-564.

Guyotjeannin, O. ed. (2003), “Exportations de la diplomatique, II, Documents contemporains.” Bibliothèque de l’École des chartes (161): 493-623.

Iacovino, L. (2005), Recordkeeping, Ethics and Law. Regulatory Models, Participant Relationshipsand Rights and Responsibilities in the Online World. Dordrecht: Springer.

International Council on Archives, ICA (2008), Principles and Functional Requirements for Records in Electronic Office Environments. Module 1. Overview and Statement of Principles. Paris: ICA, Module 1. Available at http://www.ica.org/en/node/38972

International Council on Archives, ICA (2008), Principles and Functional Requirements for Records in Electronic Office Environments. Module 2. Guidelines and Functional Requirements for Electronic Records Management Systems. Paris: ICA, Module 2. Available at http://www.ica.org/en/node/38970

International Council on Archives, ICA (2008), Principles and Functional Requirements for Records in Electronic Office Environments. Module 3. Guidelines and Functional Requirements for in Business Systems. Paris: ICA, Module 3. Available at http://www.ica.org/en/node/38968

InterPARES Project (1999-2012). Available at www.interpares.org.

Irons, A. (2006), “Computer Forensics and Records Management-compatible disciplines.” Records Management Journal vol. 16, no. 2: 102-112.

Irons, A.D., P. Stephens, R.I. Ferguson. (2009), "Digital Investigation as a distinct discipline: A pedagogic perspective." Digital Investigation 6: 82-90.

Kent, K., Chevalier, S., Grance, T. and Dang, H., National Institute of Standards and Technology Special Publication 800-86, Technology Administration, U.S. Department of Commerce. (2006), Guide to Integrating Forensic Techniques into Incident Response: Recommendations of the National Institute of Standards and Technology. Available at http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf.

MacNeil, H. (2000), “Providing Grounds for Trust: Developing Conceptual Requirements for the Long-Term Preservation of Authentic Electronic Records.” Archivaria (50): 52-78.

MacNeil, H. (2001), “Trusting Records in a Postmodern World.” Archivaria (51): 36-47.

MacNeil, H. (2002), “Providing Grounds for Trust II: The Findings of the Authenticity Task Force of InterPARES.” Archivaria (54): 24-58.

MacNeil, H. (2004), “Contemporary Archival Diplomatics as a Method of Inquiry: Lessons Learned from Two Research Projects.” Archival Science 4: 199-232.

Nance, K., Armstrong, H., and Armstrong, C. (2010), "Digital Forensics: Defining an Education Agenda." In Proceedings of the 43rd Hawaii International Conference on System Sciences. Hawaii.

Nevins, T., Narvaez, J., Marriott, W. and Endicott-Popovsky, B. (2008), “Data Classification and Binding: Models for Compliance.” In Proceedings of Information Systems Compliance and Risk Management Institute. Seattle,WA: University of Washington.

Palmer, V. (2010), “BC Rail controversy turns record keeping into a hot topic.” The Vancouver Sun January 29: A3.

Pollitt, M. and Shenoi, S., eds. (2005), Advances in Digital Forensics: IFIP International Conference on Digital Forensics WG 11.9, National Center for Forensic Science, Orlando, Florida New York: Springer.

Rice, P. R. (2005). Electronic Law of Evidence and Practice. Chicago: American Bar Association Publishing.

Supreme Court of British Columbia. (2006), Practice Direction Re: Electronic Evidence. Available at http://www.courts.gov.bc.ca/sc/ElectronicEvidenceProject/ElectronicEvidence Project.asp

Tan, J. (2001), Forensic Readiness, Cambridge, MA: @Stake.

Taylor, C., Endicott-Popovsky, B., and Frincke, D. (2007), “Specifying Digital Forensics: A Forensics Policy Approach.” In Proceedings of the 7th Digital Forensic Research Workshop, Pittsburgh, PA, pp.101-104.

The Sedona Conference Working Group Series. (2007), The Sedona Principles: Second Edition. Best Practices Recommendations & Principles for Addressing Electronic Document Production, a project of The Sedona Conference Working Group on Electronic Document Retention and Production (WG1). Jonathan M. Redgrave, ed. Available at http://www.thesedonaconference.org/content/miscFiles/TSC_PRINCP_2nd_ed _607.pdf.

Tibbetts, J. (2010), “Internet Case may have ‘chilling’ effect: expert,” The Vancouver Sun, April 2: B2.

UKOLN (2003), “Open Source Software for Digital Repositories: DSpace and Fedora.” Available at http://www.ukoln.ac.uk/metadata/resources/digitalrepositories/

Zatyko, K. (2007), “Commentary: Defining Digital Forensics.” Forensic Magazine (Feb/March): 1-5.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.