Asgard Forensics
Digital Intelligence
Initializing security check…
ACCESS GRANTED
VPN / Proxy detected — disable VPN and reload to continue
Secure · Verified · Protected
📄 Best experienced on desktop — for full case management, evidence uploads, and portal access we recommend a web browser on PC or tablet.

Evidence Handling Policy

Last updated: June 2026

1. Purpose and Scope

This Evidence Handling Policy governs how ASG Forensics receives, processes, stores, accesses, references, and disposes of digital evidence submitted in connection with any forensic investigation or cryptocurrency tracing engagement. It applies to all case types, including but not limited to cybercrime investigations, blockchain transaction analysis, digital fraud cases, and incident response engagements. All personnel assigned to an engagement are required to adhere to this policy in full.

2. Accepted Evidence Formats

ASG Forensics accepts digital evidence in the following formats, depending on the nature of the engagement:

  • Transaction records and wallet address lists (CSV, XLSX, plain text, PDF exports)
  • Disk and volume images (E01, Ex01, AFF4, DD/RAW formats)
  • Mobile device extractions (logical, filesystem, or physical extractions in UFDR, ZIP, or vendor-native formats)
  • Email exports and communication logs (EML, MBOX, PST, OST)
  • Screenshot evidence and screen recordings (PNG, JPG, MP4, MOV)
  • Browser or application logs exported by the client
  • Blockchain explorer exports and exchange-issued transaction histories
  • Bank statements, payment processor records, and financial institution outputs in PDF or CSV form
  • Signed statutory declarations or affidavits where relevant to the case context

Evidence submitted in formats not listed above will be assessed on a case-by-case basis. ASG Forensics reserves the right to request re-submission in a supported format or to decline evidence that cannot be processed reliably.

3. Evidence Submission Channels

All evidence must be submitted through authorised channels only. Accepted submission methods include the secure client portal (accessible at /client-login.php), encrypted email attachment using the PGP key published on our contact page, or a secured file transfer link issued specifically for the engagement. Evidence sent via unencrypted public email, social media, or third-party cloud links not authorised by ASG Forensics will not be accepted as part of the formal evidentiary record and may be returned or destroyed without analysis.

4. Integrity Requirements Prior to Submission

Clients bear sole responsibility for the integrity of evidence prior to submission. ASG Forensics is unable to verify what occurred to evidence before it was received. Accordingly, clients must observe the following requirements:

  • Evidence must not be altered, edited, compressed, cropped, converted, or otherwise modified after it is identified as potentially relevant to an investigation.
  • Screenshots must be complete and unedited. Partial screenshots or images with removed content are inadmissible and will be noted as such in any resulting report.
  • Wallet address lists and transaction records must not have entries added, removed, or re-ordered after generation.
  • Disk or device images must be created using forensically sound imaging tools and must not be mounted in read-write mode after creation.
  • Original source files must be preserved. ASG Forensics recommends that clients retain a copy of all evidence submitted, stored separately from the working copy.

ASG Forensics will record whether submitted evidence appears to have been modified. Any indications of tampering will be documented in the forensic report and may materially affect the conclusions that can be drawn from the analysis.

5. What Clients Must Not Do

The following actions are strictly prohibited and will be treated as a material breach of the engagement agreement:

  • Attempting to alter, fabricate, or destroy evidence before or after submission
  • Submitting evidence that has been edited in image editing software, spreadsheet software, or any other application to change its content
  • Presenting third-party evidence as self-generated, or misrepresenting the source or provenance of submitted materials
  • Submitting evidence obtained through unlawful interception, unauthorised access to computer systems, or in breach of any applicable privacy law
  • Requesting that ASG Forensics alter, misrepresent, or omit findings in a forensic report

ASG Forensics will not produce a report that misrepresents findings, regardless of client instruction. Engagements in which evidence fabrication or tampering is discovered will be terminated without refund, and ASG Forensics reserves the right to report the matter to relevant authorities where a legal obligation or public interest duty applies.

6. Evidence Integrity Verification on Receipt

Upon receipt of submitted evidence, ASG Forensics performs the following integrity verification steps as standard practice:

  • Cryptographic hashing of all received files using SHA-256 and, where applicable, MD5 for legacy compatibility. Hash values are recorded in the case evidence log at the time of receipt.
  • Verification that received files are not corrupted and can be opened or mounted by appropriate forensic tools.
  • Metadata inspection where relevant, including file creation and modification timestamps, GPS data embedded in images, and document property fields.
  • Assessment of whether submitted items appear consistent with their purported source (e.g., whether an exchange-issued transaction history matches the formatting and data patterns expected from that exchange).

7. Secure Evidence Storage

All evidence received by ASG Forensics is stored in encrypted, access-controlled environments. Storage infrastructure is physically and logically segregated from general business systems. Evidence files are encrypted at rest using AES-256 or equivalent standards. Storage locations are not accessible from the public internet and are subject to audit logging. Backups of evidence are maintained in a secondary encrypted location for the duration of the engagement and the applicable retention period.

8. Access Controls

Access to evidence is restricted on a strict need-to-know basis. Only the analyst or analysts directly assigned to the engagement may access case evidence files. Supervisory review is permissible for quality assurance purposes and is logged. No personnel outside the assigned team may access evidence without explicit written authorisation from the case lead and the client (or their authorised representative). Evidence is never shared between clients, and each case is maintained as a logically separate data environment.

9. How Evidence Is Referenced in Reports

Forensic reports produced by ASG Forensics will reference each item of evidence using an internal exhibit identifier (e.g., EX-001, EX-002). The exhibit log, which maps each identifier to a file hash, submission timestamp, and description, will be appended to or included within the final report. Direct citations to specific exhibits will appear inline in the narrative findings section. Evidence that was received but could not be processed (due to format issues, corruption, or integrity concerns) will be noted in the report with an explanation.

10. Evidence Retention and Disposal

Evidence submitted to ASG Forensics is retained for a period of twelve (12) months following the delivery of the final report, unless a longer retention period is required by applicable law, a legal hold has been placed on the matter, or the client has expressly requested extended retention in writing. Following the retention period, evidence files are securely deleted using methods consistent with NIST SP 800-88 guidelines (Clear or Purge, depending on storage medium). Clients will be notified prior to scheduled disposal and may request the return or extended retention of evidence before the disposal date.

11. Limitations of Digital Evidence

Digital evidence is subject to inherent limitations that clients should understand before commissioning a forensic investigation. Blockchain records, while immutable on-chain, may be interpreted differently depending on the analytical methodology applied. Metadata in files may be altered by routine system processes, file transfers, or operating system operations. Email headers may be spoofed. Screenshots are inherently unverifiable without corroborating technical artefacts. ASG Forensics will clearly state the basis and confidence level for each finding in its reports. The fact that evidence has been analysed by ASG Forensics does not in itself confer admissibility in any jurisdiction, and clients should seek independent legal advice regarding the use of forensic reports in legal or regulatory proceedings.

Open Case