Today there is no criminal investigation that does not contain a digital dimension. A large number of criminal offenses, whether official investigations conducted by judicial bodies or corporate investigations, contain digital evidence, which in most investigations is key to the identification of perpetrators. Since the cyber space is undefined – it has no owner, place, time dimension, it does not belong to anyone – very often such evidence must be exchanged between the various subjects involved in the investigation. However, in addition to the exchange of digital evidence, it is also necessary to exchange the so-called “5ws&1h data” or metadata that are key to chain of custody identification. This is necessary because of the large number of factors that can influence the evidence and undermine the integrity of digital evidence, after which the evidence will not be accepted by the court. The need for the standardization of metadata exchange procedures and processes that ensure the chain of custody has been imposed as a necessity and through the realization of DEMF, as a possible solution.