Volatility of Digital Evidence

-

Digital evidence is more volatile than tangible information because digital data can be altered or destroyed more easily than tangible information. And because digital evidence can be easily altered or destroyed, the integrity of digital evidence must be preserved.

Data that has been altered or destroyed are considered violations of data integrity. What is more, the alteration or destruction of digital evidence is typically irreversible. So, once the integrity of digital evidence has been violated, it usually cannot be restored. Additionally, the failure to preserve the integrity of digital evidence could result in evidence being deemed inadmissible in a legal proceeding, or, even if admitted, it might not be given much weight because evidence of questionable authenticity does not provide reliable proof.

Digital evidence that is destroyed when litigation is expected, or in progress, might give rise to claims of spoliation of evidence, which, if proven, could lead to monetary fines and sanctions, adverse inference jury instruction sanctions, or dismissal of claims or defenses. SpoIiation is broadly defined as the act of intentionally or negligently destroying documents relevant to litigation. Although digital evidence is different from—and more volatile than--tangible evidence, the rules regarding the admissibility of digital evidence in court are really no different from the rules regarding the admissibility of any other type of evidence.

The rules of admissibility, however, differ in civil law and common law systems. Because civil law systems do not rely on juries like common law systems, there is a relative lack of restrictions on the admissibility of evidence in civil law systems. Thus, there are far fewer limitations on the admissibility of evidence in civil law trials than in common law ones.

Generally, in civil law systems, evidence is admitted if the presiding judge determines it is relevant, even if the authenticity of an item of evidence is in question. But even though any relevant evidence is admissible, the court will evaluate how much weight is to be given to an item of evidence, and courts consider authenticity when determining what weight is appropriate for evidence.
In contrast, the common law contains several rules that restrict admission of evidence. But generally, to be admitted into evidence in common law systems, evidence must, in addition to being established as authentic, be:
  1. Relevan to an issue is in dispute in the case: Relevant evidence is evidence that tends to make some fact in issue more or less likely than it would be without the evidence.
  2. Material: Material evidence is evidence that has important value to a case or that can be used to prove a point. Repetitive or additive evidence is non-material evidence.
Therefore, if a fraud examiner collects digital evidence, he should be able to state unequivocally that the evidence was not changed in any way by his actions. This requires that strict forensic methodologies be followed to satisfy the stringent evidentiary standards necessary to ensure the integrity of the evidence beyond a reasonable doubt for presentation in court. That is, digital evidence must be properly preserved in a forensically sound manner so that it will be admissible.

Source: CFE Module: Digital Forensic

Comments

Post a Comment

Popular posts from this blog

Mobile Forensic Data Acquisition Methods

-
Image
Mobile Forensic Data Acquisition Methods When conducting data acquisition method on mobile phone, consider 5 data acquisition method that might be helpful for the result of investigation: Cellular data acquisition SIM file system acquisition Logical acquisition Physical acquisition File system acquisition Otherwise, Mobile storage and evidence locations can be located on several location including: Internal memory (RAM, ROM or flash memory (NAND/NOR) is used to store mobile phone’s OS, applications and data) SIM Card (Stores personal information, address books, messages, and service-related information) External memory (Stores personal information such as audio, video, images, etc) Extraction methods on mobile phone consist of several methods depend on the type and brand of the phone: Apple & Blackberry :- Vendor of OS and hardware. Symbian & Android & Windows :- Different vendors for OS and hardware ( Proprietary OS).  Consider these steps whe...
Read more

Big Data Analysis in Public Sector: Opportunities, Tools, and Ethics

-
Image
Big Data Analysis in Public Sector: Opportunities, Tools, and Ethics Hendratna Mutaqin Abstract Big Data has a significant role in helping the individual, corporate, and government to get a better decision-making which supported by credible evidence. The problem emerges when traditional approaches cannot handle the big data so that sophisticated tools like Hadoop, Visualization Product, NoSQL are required to deal with it. Although having many advantages, the users have to follow the big data ethical rules. Big data ethics must be concerned to evitable any indictments from the other party. Introduction Big data analytic helps users to make predictions and solve problems. It can reduce the mistake when making a prediction, reducing cost of living and increasing the income. The vast, unstructured, and unsolved by traditional methods will be challenged to analyze the big data. This paper discusses the opportunity of big data for the public sector, technologies to handle and th...
Read more

How to get a bitlocker password?

-
Image
The easiest way to find your bitlocker password is by using Command Prompt. 1. Type cmd on your windows and run as Administrator 2. C:\Windows\system32>manage-bde -protectors -get c: BitLocker Drive Encryption: Configuration Tool version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Volume C: [System] All Key Protectors  Numerical Password:       ID: {06AE1787-XXXXXXXXXXXXXXX}       Password:         715869-275543-0555554-2DDD4-AAAAA-BBBBB-YYYYY-XXXX Now you can find the bitlocker password. The command below is to find bitlocker password for Drive D C:\Windows\system32>manage-bde -protectors -get d:
Read more