Article Preview
TopIntroduction
In the digital society era as it is today, one of the challenges is the increased cases of cybercrime. This challenge is one of the consequences of the advancement of information technology and the improvement of telecommunication infrastructure that allows each device to connect in an infinite virtual environment. In this case, according to UNODC (2013), the advancement and improvement of information technology have resulted in the emergence of various forms of new crimes committed by individuals or groups known as cybercrime. Surveys and reports made by (Clearsky Cyber Security, 2018; Morgan, 2017; Ponemon Institute and Accenture, 2017) stated that cybercrime is a serious threat to individuals, institutions, and countries with huge losses tend to increase every year.
The mechanism of cybercrime investigation depends on how digital evidence handled by a digital investigator. Currently, in Indonesia, the number of digital investigators and digital forensics laboratories both within law enforcement agencies, government institutions, private companies, and the academic institution is increasing rapidly. This achievement must be supported by improving the quality of resources, especially regarding the proper understanding of regulations relating to digital evidence handling. Every digital investigator must thoroughly understand regulations, laws, and legal process relating to digital evidence (Boddington, Hobbs, & Mann, 2008). For the jurisdiction of Indonesia, digital evidence has been regulated in Law No. 11/2008 and its amendment No. 19/2016 on Information and Electronic Transactions (UU ITE). In the Police of the Republic of Indonesia itself, there is guidance in the form of Head of Police Regulation (Perkap) on Procedures for the Management of Evidence (Kepolisian Negara RI, 2010). While on the broader scope, there are some references commonly used by investigators concerning digital evidence handling, including the UK Police's ACPO (ACPO, 2012), Digital Evidence Handling from NIJ USA (Ashcroft, Daniels, & Hart, 2004), and ISO 27037 (BSN, 2014) as the standard for the acquisition of digital evidence.
However, none of these references describe how the overall mechanisms for digital evidence handling. The references mostly discuss the guidelines to interact with digital evidence, especially concerning an interaction with digital evidence sources or electronic evidence. For example, as a standard, ISO 27037 focuses more on the guideline for First Responder in carrying out its activities for the identification, collection, acquisition, and preservation of digital evidence. This reference does not describe the basic principles for storing digital evidence. Even in some sections, the meaning of digital evidence is still perceived as part of electronic evidence so that the handling of digital evidence is identical to the handling of physical evidence. A relevant guideline is needed in dealing with digital evidence handling because digital evidence has specific properties, so it must be treated differently from physical evidence.
The author has a research focus on how to develop methods of digital evidence handling to be the same as physical evidence and comply with the existing regulations. For that reason, by taking case studies in CDFS (Center for Digital Forensics Studies), preliminary research has been done through the development of relevant business models to support the concept of digital evidence handling (Prayudi, Ashari, & Priyambodo, 2015, 2018). After the existence of the business model, the next step is how to build the basic concept of a framework for digital evidence handling that comply with the regulation. This paper is a follow-up study to detail the technical mechanism of digital evidence handling. The results are expected to be a technical study for improving regulatory aspects to support digital evidence handling.