Digital Evidence Use As Forensic Evidence
Digital Evidence |
Digital Evidence is any data stored or transmitted using a computer that support or refute a theory of how an offence occurred or address critical elements of the offence.
In computer forensics, Much of the evidence is Digital Evidence.
Digital Evidence is not tangible evidence but rather is made up of electronic or magnetic pulses that are stored in the form of electromagnetic charges on the media of a disk or tape. Not only is this evidence largely intangible, but it is also fragile, much like evidence consisting of a footprint in the snow.
5 Rules of Collecting Digital Evidence
- Admissible
Admissible is the most basic rule. The evidence must be able to be used in court .Failure to comply with this rule is equivalent to not collecting the evidence in the first place, except the cost is higher. - Authentic
If you can’t tie the evidence positively to the incident, you can’t use it to prove anything.You must be able to show that the evidence relates to the incident in a relevant way. - Complete
It’s not enough to collect evidence that just shows one perspective of the incident.You collect not only evidence that can prove the attacker’s actions, but also evidence that could prove their innocence. For instance, if you can show the attacker was logged in at the time of the incident, you also need to show who else was logged in and why you think they didn’t do it. - Reliable
The evidence you collect must be reliable. Your evidence collection and analysis procedures must not cast doubt on the evidence’s authenticity and accuracy. - Believable
The evidence you present should be clearly understandable and believable to a jury.There’s no point presenting a binary dump of process memory if the jury has no idea what it all means. Similarly, if you present them with a formatted, human understandable version, you must be able to show the relationship to the original binary, otherwise there’s no way for the jury to know whether you’ve faked it.
Digital Evidence Use As Forensic Evidence
Reviewed by Unknown
on
9:24 AM
Rating:
No comments: