Digital or Electronic Evidence is any information and data to investigate value that is stored on or transmitted by an electronic device. Equipment and software are required to make the evidence visible, testimony may be required to explain the examination process and any process limitations. Electronic Evidence is accepted as physical evidence, and by its nature is fragile. It can be altered, damaged, or destroyed by improper handling or improper examination. Thus, special precautions must be taken to document, collect, preserve, and examine this type of evidence. Methods taken to collect evidence must preserve the integrity of evidence.
The Scientific Working Group on Digital Evidence SWGDE (www.swdge.org) and The International Organisation on Computer Evidence IOCE (www.ioce.org) has set standards for recovering, preserving and examining digital evidence.
General tasks that the investigator must perform while working with digital evidence can be as follows –
- Identify digital information or artefacts that can be used as evidence.
- Collect, preserve, and document evidence.
- Analyze, identify, and organize evidence.
- Rebuild evidence or repeat a situation to verify that the results can be reported reliably.
- Properly follow procedures for packing, transportation, and storage of electronic evidence.
Computer records must also be shown to be authentic and trustworthy to be admitted into evidence. Computer-generated records are considered authentic if the program that created the output is functioning correctly. To show that computer-stored records are authentic, the person offering the records must demonstrate that a person created the data and the data is reliable and that it wasn’t altered when it was acquired or afterward.
Collecting evidence according to the proper steps of evidence control helps ensure that the computer evidence is authentic, as does using established computer forensics software tools. Courts have consistently ruled that computer forensics investigators don’t have to be subject matter experts on the tools they use. Knowledge of only facts relevant to the case is required. To testify the investigator’s role in acquiring, preserving, and analyzing evidence, the investigator doesn’t need to know the inner workings of the software used but should understand the purpose and operations.
For example –
Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1) tools use complex algorithms. During cross-examination, an opposing attorney might ask you to describe how these forensics tools work. You can safely testify that you don’t know how the MD5 hashing algorithm works, but you should know how to describe the steps for using the MD5 function in AccessData Forensic Toolkit, for instance.
- Examining Git
- Digital Smell Technology- An Underrated Technology
- Digital Data storage in DNA
- Understanding Digital Rights Management
- Cybersecurity Challenges In Digital Marketing - Take These Steps To Overcome
- Different Types of Digital Marketing
- What is Digital Finance?
- Introduction To Digital Twin
- Difference Between Social Media Marketing and Digital Marketing
- IOT as a key in Digital Health Care System
- How to install, configure and use GIT on ubuntu?
- How to use GIT in Ubuntu ? (Part -2)
- How to use OESIS (On-line Encyclopedia of Integer Sequences)
- Designing Use Cases for a Project
- Useful CMD commands for daily use in Windows OS
- How to use SQLMAP to test a website for SQL Injection vulnerability
- How To Use Bash Shell Natively On Windows 10
- Use of Shopify Apps
- What is JavaDoc tool and how to use it?
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.