Digital evidence


Digital evidence

Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial.[1] Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required.[1]

The use of digital evidence has increased in the past few decades as courts have allowed the use of e-mails, digital photographs, ATM transaction logs, word processing documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories, databases, the contents of computer memory, computer backups, computer printouts, Global Positioning System tracks, logs from a hotel’s electronic door locks, and digital video or audio files.[2]

Many courts in the United States have applied the Federal Rules of Evidence to digital evidence in a similar way to traditional documents, although some have noted important[according to whom?] differences. For example, that digital evidence tends to be more voluminous, more difficult to destroy, easily modified, easily duplicated, potentially more expressive, and more readily available. As such, some courts have sometimes treated digital evidence differently for purposes of authentication, hearsay, the best evidence rule, and privilege. In December 2006, strict new rules were enacted within the Federal Rules of Civil Procedure requiring the preservation and disclosure of electronically stored evidence. Digital evidence is often attacked for its authenticity due to the ease with which it can be modified, although courts are beginning to reject this argument without proof of tampering.[3]

Contents

Admissibility

Digital evidence is often ruled inadmissible by courts because it was obtained without authorization.[1] In most jurisdictions a warrant is required to seize and investigate digital devices. In a digital investigation this can present problems where, for example, evidence of other crimes are identified while investigating another. During a 1999 investigation into online harassment by Keith Schroeder investigators found pornographic images of children on his computer. A second warrant had to be obtained before the evidence could be used to charge Schroeder.[1][4]

Authentication

As with any evidence, the proponent of digital evidence must lay the proper foundation. Courts largely concerned themselves with the reliability of such digital evidence.[3] As such, early court decisions required that authentication called "for a more comprehensive foundation." US v. Scholle, 553 F.2d 1109 (8th Cir. 1976). As courts became more familiar with digital documents, they backed away from the higher standard and have since held that "computer data compilations… should be treated as any other record." US v. Vela, 673 F.2d 86, 90 (5th Cir. 1982).

A common attack on digital evidence is that digital media can be easily altered. However, in 2002 a US court ruled that "the fact that it is possible to alter data contained in a computer is plainly insufficient to establish untrustworthiness" (US v. Bonallo, 858 F. 2d 1427 - 1988 - Court of Appeals, 9th).[1][5]

Nevertheless, the "more comprehensive" foundation required by Scholle remains good practice. The American Law Reports lists a number ways to establish the comprehensive foundation. It suggests that the proponent demonstrate "the reliability of the computer equipment", "the manner in which the basic data was initially entered", "the measures taken to insure the accuracy of the data as entered", "the method of storing the data and the precautions taken to prevent its loss", "the reliability of the computer programs used to process the data", and "the measures taken to verify the accuracy of the program". 7 American Law Reports 4th, 8, 2b.

UK ACPO guidelines

In the United Kingdom examiners usually follow guidelines issued by the Association of Chief Police Officers (ACPO) for the authentication and integrity of evidence.[6][7] The guidelines consist of four principles:

  1. No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
  2. In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
  3. An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
  4. The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.

These guidelines are widely accepted in courts of England and Scotland, but they do not constitute a legal requirement and their use is voluntary.

Best evidence rule

Digital evidence is almost never in a format readable by humans, requiring additional steps to include digital documents as evidence (i.e. printing out the material). It has been argued that this change of format may mean digital evidence does not qualify under the "best evidence rule".[3] However, the "Federal Rules of Evidence" rule 1001(3) states "if data are stored in a computer…, any printout or other output readable by sight, shown to reflect the data accurately, is an ‘original.’"[8]

Commonly courts do not bar printouts under the best evidence rule. In Aguimatang v. California State Lottery, the court gave near per se treatment to the admissibility of digital evidence stating "the computer printout does not violate the best evidence rule, because a computer printout is considered an ‘original.’" 234 Cal. App. 3d 769, 798.

Hearsay

Very often an opponent to digital evidence will object to its admission as hearsay. Like documentary evidence, not all digital evidence is hearsay.

First, there is some digital evidence which is not hearsay at all. Hearsay is a "statement, other than one made by the declarant while testifying at the trial… offered in evidence to prove the truth of the matter asserted." A declarant is a person. Therefore, courts have held that digital evidence is not hearsay when it is "the by-product of a machine operation which uses for its input ‘statements’ entered into the machine" and was "was generated solely by the electrical and mechanical operations of the computer and telephone equipment." State v. Armstead, 432 So.2d 837, 839 (La. 1983).

Moreover, where the evidence is not offered to prove the truth of the statements, digital evidence is not hearsay. This is the case, for example, with logs of chatroom conversations. While a chatroom log may contain many out of court statements, which would otherwise be hearsay, they may be used for other purposes, including as a party admission. US v. Simpson, 152 F.3s 1241 (10th Cir. 1998).

Second, hearsay recognizes a number of exceptions. Most frequently, proponents of digital evidence seek admission under the business records exception. This perhaps is because the definition of business records includes a "data compilation." FRE 803(6). However, obviously not every piece of digital evidence is a business record. Such reliance on the business records exception has had bad results for its proponents. In Monotype Corp. PLC v. International Typeface Corp, the plaintiffs relied on the business records exception to attempt to admit two e-mails as evidence that the defendants had infringed their copyright only to have it excluded by the court. 43 F.3d 443 (9th Cir. 1994). The court noted that the e-mail was not created "in the regular course of [the third party’s] business."

Other proponents have had success with the public records exception, excited utterance, Present sense impression, and the FRE 807—the catch-all. Where digital evidence does not meet one of the other exceptions but has "equivalent circumstantial guarantees of trustworthiness" that hearsay seeks to protect against, a court may apply the catch-all.

References

  1. ^ a b c d e Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4. http://books.google.co.uk/books?id=Xo8GMt_AbQsC&hl=en&dq=Digital%20Evidence%20and%20Computer%20Crime,%20Second%20Edition&ei=it1XTMncCMm44gbC_qyFBw&sa=X&oi=book_result&ct=result&resnum=1&ved=0CDQQ6AEwAA. 
  2. ^ Various (2009). Eoghan Casey. ed. Handbook of Digital Forensics and Investigation. Academic Press. pp. 567. ISBN 0123742676. http://books.google.co.uk/books?id=xNjsDprqtUYC. Retrieved 2 September 2010. 
  3. ^ "State v. Schroeder, 613 NW 2d 911 - Wis: Court of Appeals 2000". 2000. http://scholar.google.co.uk/scholar_case?case=6657201255979914796&q=Wisconsin+v+Schroeder&hl=en&as_sdt=2002&as_ylo=1998&as_yhi=2000. 
  4. ^ "US v. Bonallo". Court of Appeals, 9th Circuit. 1988. http://scholar.google.co.uk/scholar_case?case=17436631095971908840&q=US+v.+Bonallo&hl=en&as_sdt=2002&as_vis=1. Retrieved 1 September 2010. 
  5. ^ Pollitt, MM. "Report on digital evidence". http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.80.1663&rep=rep1&type=pdf. Retrieved 24 July 2010. 
  6. ^ "ACPO Good Practice Guide for Computer-Based Evidence". ACPO. http://www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evidence_v4_web.pdf. Retrieved 24 July 2010. 
  7. ^ "Federal Rules of Evidence #702". http://federalevidence.com/rules-of-evidence#Rule702. Retrieved 23 August 2010. 

Further reading

General:

United States of America:

  • Michael R Arkfeld, Electronic Discovery and Evidence (Law Partner Publishing, 2003)
  • Adam Cohen and David Lender, Electronic Discovery: Law and Practice (Aspen Publishers, 2003)
  • Brent E. Kidwell, Matthew M. Neumeier and Brian D. Hansen, Electronic Discovery (Law Journal Press) Looseleaf
  • Joan E. Feldman, Essentials of Electronic Discovery: Finding and Using Cyber Evidence (Glasser Legalworks, 2003)
  • Gregory P. Joseph, Modern Visual Evidence (Law Journal Press) Looseleaf
  • Jay Grenig and William Gleisner, eDiscovery & Digital Evidence (Thomson-West Publishing, 2005)
  • Michele C.S. Lange and Kristen M. Nimsger, Electronic Evidence and Discovery: What Every Lawyer Should Know (American Bar Association, 2004)
  • Paul R. Rice, Electronic Evidence - Law and Practice (American Bar Association, 2005)
  • Sharon Nelson, Bruce A. Olson and John W. Simek, The Electronic Evidence and Discovery Handbook (American Bar Association, 2006)
  • Ralph C. Losey, e-Discovery: Current Trends and Cases (American Bar Association, 2008)
  • Jonathan D. Frieden and Leigh M. Murray, The Admissibility of Electronic Evidence Under the Federal Rules of Evidence, XVII Rich. J.L. & Tech. 5 (2011).

See also

External links


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Evidence management — is the administration and control of evidence related to an event so that it can be used to prove the circumstances of the event, and so that this proof can be tested by independent parties with confidence that the evidence provided is the… …   Wikipedia

  • Digital forensics — Forensic science Physiological sciences …   Wikipedia

  • Digital forensic process — A Tableau forensic write blocker The Digital forensic process is a recognised scientific and forensic process used in digital forensics investigations.[1][2] Forensics researcher Eoghan Casey …   Wikipedia

  • Digital signature — This article is about secure cryptographic signatures. For simple signatures in digital form, see Electronic signature. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital… …   Wikipedia

  • Digital signatures and law — Worldwide, legislation concerning the effect and validity of digital signatures includes: Contents 1 Argentina 2 Bermuda 3 Brazil 4 Canada 5 …   Wikipedia

  • Digital artifactual value — is a preservation term that refers to the intrinsic value of a digital object, rather than the informational content of the object. There are currently no established standards for what constitutes digital artifactual value. Nonetheless, born… …   Wikipedia

  • Digital Economy Act 2010 — Parliament of the United Kingdom Long title Click show     & …   Wikipedia

  • Digital rights management — (DRM) is a term for access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals to limit the use of digital content and devices. The term is used to describe any technology that inhibits uses …   Wikipedia

  • Digital classics — is the application of the tools of digital humanities to the field of classics, or more broadly to the study of the ancient world. Contents 1 History 2 Digital classics projects 3 References 4 …   Wikipedia

  • Digital preservation — is the set of processes, activities and management of digital information over time to ensure its long term accessibility. The goal of digital preservation is to preserve materials resulting from digital reformatting, and particularly information …   Wikipedia