A new proposal for a digital evidence container for security convergence

The law enforcement agencies in Korea are confiscating or retaining computer systems involved in a case, if there are any, at the preliminary investigation stage, even though the case does not involve a cyber-crime. They are collecting evidences of crimes from the suspects´ systems and using them in the essential investigation process. It requires much time, though, to collect the disc image from general crime cases other than cybercrimes and to investigate them, especially in cases in which quick action must be taken. Therefore, it is efficient to selectively collect only traces of the behavior of the user activities on operating systems or particular content files. In this article, we describe a new digital evidence container, we called Xebeg, which is able to preserve collected digital evidences selectively and acceptable to generality, integrity, unification, scalability, security etc. It is adequate for convergence system for the future security environments.