Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

An Overview of the Use of Digital Evidence in International Criminal Courts

Abstract: This article was developed from a paper originally prepared for the 2013 Salzburg Workshop on Cyber Investigations under the supervision of Professors Laurel E. Fletcher, Chris Hoofnagle, Eric Stover, and Jennifer Urban. Aida Ashouri, Caleb Bowers and Cherrie Warden offer a review of some of the leading international criminal cases involving digital evidence, with a particular focus on the International Criminal Court. Index words: International Criminal Court; digital evidence; authentication; provenance; hearsay; criminal law; evidence; international law; international criminal law

Privileged Data Within Digital Evidence

Abstract: In recent years the use of digital communication has increased. This also increased the chance to find privileged data in the digital evidence. Privileged data is protected by law from viewing by anyone other than the client. It is up to the digital investigator to handle this privileged data properly without being able to view the contents. Procedures on handling this information are available, but do not provide any practical information nor is it known how effective filtering is. The objective of this paper is to describe the handling of privileged data in the current digital forensic tools and the creation of a script within the digital forensic tool Nuix. The script automates the handling of privileged data to minimize the exposure of the contents to the digital investigator. The script also utilizes technology within Nuix that extends the automated search of identical privileged document to relate files based on their contents. A comparison of the 'traditional' ways of filtering within the digital forensic tools and the script written in Nuix showed that digital forensic tools are still limited when used on privileged data. The script manages to increase the effectiveness as direct result of the use of relations based on file content.

Reviewing the Law Reviews

Abstract: Law Review Highlights: As technology has become increasingly interwoven into the fabric of daily life, digital information has made its way inexorably into the legal system. Courts are continuing to wrestle with some of the unique challenges digital evidence presents as rules of evidence are applied to electronic information. Currently, many courts apply the Federal Rules of Evidence to computer-generated evidence in much the same way they apply the rules to any other form of evidence, but some courts have recognized that while current rules of evidence are sufficient to use with particular types of digital information, there are instances where the nuances that distinguish different records produced by computers warrant a new look. Additionally, the ease with which digital information can be deleted or altered--or even reconstructed--presents courts with challenges in anticipating and preventing spoliation of electronic evidence. Three articles examine electronic evidence and the ways in which courts are responding to the proliferation of digital information in the process of litigation. Computer-generated, electronic, and digital evidence face three primary hurdles for admissibility under the Federal Rules of Evidence. Leah Voigt Romano, in her Note, Electronic Evidence and the Federal Rules, (1) identifies those barriers as the authentication requirement, the hearsay rule, and finally, the best evidence rule. For each impediment, the article examines the current language of the rules and how the courts have applied those rules to electronic evidence in examining admissibility. Most courts have quite successfully applied the rules of evidence in determining admissibility of electronic evidence by approaching digital information in much the same manner as paper evidence. The author concludes, however, that there will soon come a time when the rules of evidence will need to be amended to deal with the unique challenges raised in the admissibility of electronic evidence. While the similarities between paper and electronic information can be helpful as courts apply the rules of evidence, the parallels between the two types of evidence are not exact. In his Note, "Electronic Fingerprints": Doing away with the Conception of Computer-Generated Records As Hearsay, (2) Adam Wolfson argues that all records found on a computer cannot accurately be described as business records under the hearsay exceptions. He makes a distinction between computer-stored and computer-generated records. A computer-stored document--like a spreadsheet or an office memo--corresponds fairly clearly to its paper counterpart. However, a computer-generated record--such as an IP log that tracks computer addresses that have logged onto a system--does not. Such a document does not fit into the definition of hearsay, and it does not hold any of the dangers normally associated with hearsay. The article proposes a test that judges could use to distinguish between the two types of computer records. The mutability of digital information is one of the characteristics that make it unique when dealing with it as evidence. Rena Durrant discusses the illegitimate destruction of electronic evidence in her Note, Spoliation of Discoverable Electronic Evidence. (3) The use of electronic evidence has been beneficial to litigators on some level due to the fact that it can be stored almost indefinitely in a small amount of space. At the same time, however, producing that same electronic information can place a significant burden on parties in a law suit because of the many different ways and places it can be stored. Electronic information is also problematic because it can be tampered with so easily; even information that has been legitimately "destroyed" can often be recovered from computer hard drives. The author concludes that, although courts have been dealing with many of the issues that arise with the destruction of digital information on an ad hoc basis, some proposed changes to the Federal Rules of Civil Procedure will give courts and attorneys a framework that would provide a more unified approach to the collection and preservation of electronic evidence. …

The Mitnick Case: How Bayes Could Have Helped

Abstract: Digital forensics seeks to explain how an attack occurred and who perpetrated the attack. The process relies primarily on the investigator’s knowledge, skill and experience, and is not easily automated. This paper uses Bayesian networks to model the investigative process, with the goal of automating forensic investigations. The methodology engages digital evidence acquired from compromised systems, knowledge about their configurations and vulnerabilities, and the results of previous investigations. All this information is stored in a database that provides a context for an investigation. The utility of the methodology is illustrated by applying it to the well-known Kevin Mitnick case.