|
What kind of results can be expected from analysis of digital evidence?
|
| bet | 8/17 | | Sana | 21.05.2024 | | Hajmi | 430,06 Kb. | | #248066 | | Turi | Guide |
Bog'liq DigitalEvidence FAQs
What kind of results can be expected from analysis of digital evidence?
If evidence collection and analysis is conducted properly, examiners can secure information that can support criminal activity claims through dialog or message exchange, images and documents. The examiner will generally provide all the supporting documentation, highlighting relevant information, but also a report detailing what was done to extract the data. As with evidence of other types, chain of custody and proper collection and extraction techniques are critical to the credibility of evidence and must be thoroughly documented.
What are the limitations regarding the evidence that can be gained from digital devices?
Investigative limitations are primarily due to encryption and proprietary systems that require decoding before data can even be accessed. Unlike what is portrayed on popular television crime shows, decoding an encrypted password can take a very long time, even with sophisticated software.
There are both legal and technical limitations in this area of investigation.
Laws governing processing and prosecution are different from state to state. Digital crime can easily cross jurisdictions, making standardization an increasingly critical law enforcement issue.
Data ownership can be an issue as well. In a recent ruling in Colorado, the holder of a password was compelled to divulge the password, but in doing so did not have to admit knowledge or ownership of the data protected by the password[1]. This is akin to a landlord being able to unlock a rental apartment with no responsibility for what might be inside the unit. In this case, it would still be up to the investigator to tie the two together.
[1] United States vs. Fricosu, 247 10 (Colorado 2012)
Wiretapping laws can also come into play particularly with regard to mobile
phone seizure. Intercepting a call without a court order violates an expectation of privacy. Even after a phone has been seized, any calls or messages received by that phone cannot be used as the holders of the phone (law enforcement) are not the intended recipient.
Privacy laws and issues are the most limiting areas of search. Without proper authority to search or seize electronics, the information contained on the device may not be used. Internet and personal device privacy laws can be confusing. In addition, people’s understanding of privacy tends to be generational – younger people tend to believe they should have access to information freely but that their movements and communications are inherently private; older users tend to understand that their movements and communications can be tracked and have a lesser expectation of privacy.
Today there has been no major case law to clearly define new limits in the United States.
In the United Kingdom examiners usually follow guidelines issued by the Association of Chief Police Officers (http://www.acpo.police.uk/) (ACPO) for the authentication and integrity of evidence. The guidelines consist of four principles:
No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
These guidelines are widely accepted in courts of England and Scotland, but they do not constitute a legal requirement and their use is voluntary.
|
| |
