The leading light in terms of what we're shooting for is the Berkeley Protocol on Digital Open Source Investigations. The Protocol defines an adequate preservation as respecting certain criteria. Here's how the Digital Evidence Toolkit follows these guidelines:

  1. Authenticity, the ability to demonstrate that a digital item remains unchanged from when it was collected.
  2. Availability, the continual existence and retrievability.
  3. Identity, the identifiability and distinguishability from other digital items.
  4. Persistence, the integrity and viability of a digital item in technical terms. The digital item’s bit sequences must be intact, "processible" and retrievable.
  5. Renderability, the ability of humans or machines to use or interact with a digital item using appropriate hardware and software.
  6. Understandability, the ability of the intended users to interpret and understand a digital item.

A number of investigation-specific issues are also noted by the Protocol and are at the heart of the Toolkit, driving its features:

  1. Chain of custody: the chronological documentation of the sequence of custodians of a piece of information or evidence.
  2. Evidentiary and Working copies: An evidentiary copy is the digital item collected by an investigator in its original form that should not be altered or changed. A working copy should be created for the purposes of analysis and stored separately so that investigators can work with the copy, rather than the original. Any and all changes to the item, including the making of copies, should be documented.
  3. Storage: helps ensure the persistence of digital items and the ability to find and retrieve them.