Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Characteristic Evidence, Counter Evidence and Reconstruction Problems in Forensic Computing

Abstract: Historically, forensic computing (as digital forensics) developed pragmatically, driven by specific technical needs. Indeed, in comparison with other forensic sciences the field still is rather immature and has many deficits, such as the unclear terminology used in court. In this paper, we introduce notions of (digital) evidence, characteristic evidence, and (characteristic) counter evidence, as well as the definitions of two fundamental forensic reconstruction problems. We show the relation of the observability of the different types of evidence to the solvability of those problems. By doing this, we wish to exemplify the usefulness of formalization in the establishment of a precise terminology. While this will not replace all terminological shortcomings, it (1) may provide the basis for a better understanding between experts, and (2) helps to understand the significance of different types of digital evidence to answer questions in an investigation.

Formal Acceptability of Digital Evidence

Abstract: In this chapter author will try to explain the concept of acceptability of digital evidence, and presents the research results on the subject of acceptability of digital evidence in courts in Bosnia and Herzegovina. The purpose is to gain insight into the manner in which judges resonate during making decision on the (not)acceptability of digital evidence, and explore current situation when acceptability and maintaining the chain of custody comes in question. Within the chapter results of preliminary research conducted at the courts in Bosnia and Herzegovina will be presented, on the subject of a digital evidence acceptability in criminal procedure. At the end of chapter will be proposed a model which can help and support forensic investigator, court experts and finally the judges to decide of admissibility of digital evidence more clearly and systematically, using scientific methods and tools.

The Study on Data of Smart Home System as Digital Evidence

Abstract: The Internet of Things (IoT) presents many possibilities, including security and privacy issues. The Digital Forensics has long been studied in academia and industry, but forensics for smart home device has never been attempted. Smart home forensics deals with tools and techniques for recovering data and evidence from mobile devices. This paper describes a data acquisition, classification and analysis process of smart home devices using the IoT. It also includes analysis based on attack scenarios of collected data and smart home device forensic models suitable for such scenarios.

Executing Warrants for Digital Evidence: The Case for Use Restrictions on Nonresponsive Data

Abstract: This article considers how the Fourth Amendment should limit the process of executing search warrants for digital evidence Warrants for digital evidence are normally executed in two stages First, agents enter the physical place to be searched and seize all computers Second, agents conduct an electronic search for the responsive data described in the warrant The two-stage process raises the prospect that warrants for digital evidence will be executed in ways that resemble general warrants If agents can seize everything at the first stage, and see all the data at the second stage, what stops agents from accessing and using a target’s entire digital world every time a computer warrant is executed? This article argues that the Fourth Amendment should be interpreted to impose a use restriction on nonresponsive data seized during the execution of computer warrants After reviewing the various ways courts could limit the execution of computer warrants, it concludes that use restrictions are the best way to restore the traditional limits on searches for the new technological environment of computers The article then revisits the author’s earlier conclusion that courts can achieve that result by eliminating the plain view exception for computer searches While still a possible approach, eliminating the plain view exception raises underappreciated doctrinal puzzles The better path is for courts to rule that the Fourth Amendment imposes use restrictions on nonresponsive data because use transforms the underlying seizure from a justified and modest step needed to execute the warrant to an unjustified and invasive seizure unrelated to the warrant itself Agents can overseize at the first stage because they must, and they can search through all the data for the responsive files because there is no other way to ensure that they find all the evidence described in the warrant But when agents use nonresponsive data, the seizure of that data is no longer justified by the warrant and ordinarily is no longer reasonable This approach also allows courts to impose an exigent circumstances exception to the use restriction: When a review of nonresponsive files reveals exigent circumstances, agents can use the nonresponsive files to address the exigency

Evaluation of the semi-automated crime-specific digital triage process model

Abstract: The digital forensic process as traditionally laid out is very time intensive – it begins with the collection, duplication and authentication of every piece of digital media prior to examination. Digital triage, a process that takes place prior to this standard methodology, can be used to speed up the process and provide valuable intelligence without subjecting digital evidence to a full examination. This quick intelligence can be used in the field for search and seizure guidance, in the office to determine if media is worth sending out for an examination, or in the laboratory to prioritize cases for analysis. For digital triage to become accepted by the forensic community, it must be modeled, tested and peer reviewed, but there have been very few attempts to model digital triage. This work describes the evaluation of the Semi-Automated Crime-Specific Digital Triage Process Model, and presents the results of five experimental trials.