Digital Evidence

Tags

security

Digital [see page 4, facts or signs] that are of value to an investigation. The [see page 10, value] of digital evidence comes from the ubiquity of digital devices in modern day use, ranging from communication, obfuscation and preparation/planning for crimes.

Any data stored or transmitted using a computer that can support or refute a theory of how an offence occurred or address critical elements of the offence such as intent or alibi. - Casey, 2011

See [see page 7, where] digital evidence can be found and [see page 8, what] constitutes digital evidence.

Note: Digital evidence doesn't [see page 9, have] to be criminal, it can be used to resolve civil disputes such as a mistreatment case.

[see page 5, Principles] of Digital Evidence

Used to guarantee that information that's relied upon on court hasn't been tampered with.

1. No action taken by agents (related to) law enforcement agencies should change the data.
2. If an agent needs to access original data they must be competent enough to do so and give evidence explaining the relevance and implications of their actions.
3. An audit trail (or other record) must track all processes and interactions with the evidence. A \nth{3} party should be able to repeat these and achieve the same result.
4. The person in charge of the investigation has the responsibility for ensuring the law and these principles are adhered to.

We normally create and interact with copies (disk dumps, etc.) of evidence rather than tamper with the master copies to help maintain these principles.