The fragile nature of digital evidence, coupled with the complexity and
skill required to conduct an assessment that will bear the scrutiny of a court
of law, makes it important to independently validate and verify the findings of
the forensic assessor.
One of the fundamental tenants ‘Best Practice’ for the evaluation of
electronic evidence – including telecommunication data – is that assessments
are made on forensically sound and digitally perfect copies of the original
media.
This ensures that the target media cannot be tainted or corrupted, and
that the original material is retained as Best Evidence for record, independent
verification, and presentation in Court.
The first European-based body dedicated to electronic evidence was the
‘FORENSIC COMPUTING GROUP’, formed in 1997 in the United Kingdom. This
comprised of various investigative agencies and forensic science units involved
in digital evidence. It also had representation from the ‘ASSOCIATION OF CHIEF
POLICE OFFICERS’ (ACPO) ‘COMPUTER CRIME WORKING GROUP’.
In 1999 the ACPO Computer Crime Working Group became the first
international body to draft Good Practice “guidelines” for the search, seizure
and examination of electronic evidence. In particular, these guidelines define
the minimum levels of standard for the preservation and analysis of electronic
evidence exhibits.
The guideline documents (ACPO Guide Electronic Evidence) have been
refined and expanded upon since their original conception, to the current
version released in 2010, however, the same core set of principles have
remained consistent throughout.
The UK authorities, in consultation with industry experts, have created
a ‘GUIDE FOR COMPUTER BASED EVIDENCE’ which defines minimum levels of standard
for the preservation and analysis of electronic evidence exhibits. The ACPO
Guide Electronic Evidence is built upon four (4) main principles:
o
PRINCIPLE 1: No action taken by Police or their agents should change
data held on a computer or other media which may subsequently be relied upon in
Court;
o
PRINCIPLE 2: In exceptional circumstances where a person finds it
necessary to access original data held on a target computer that person must be
competent to do so and to give evidence explaining the relevance and the implications
of their actions;
o
PRINCIPLE 3: An audit trail or other record of all processes applied to
computer based evidence should be created and preserved. An independent third
party should be able to examine those processes, assess an exhibit, and achieve
the same result;
o
PRINCIPLE 4: The Officer in charge of the case is responsible for
ensuring that the law and these principles are adhered to. This applies to the
possession of and access to, information contained in a computer.
Whilst the ACPO Guide Electronic Evidence was originally drafted for
assisting in the investigation of computer based crime, it is widely
acknowledged in the forensic community that the principles are to be adhered to
for all assessments involving digital material, including all forms of
electronic evidence, including telecommunication records/evidence.
0 comments:
Post a Comment