Digital evidence becoming central in criminal cases | MSNBC

New layers of complexity

The increasing use of digital evidence has spawned a new legal specialty – e-discovery – and has added layers of complexity that didn’t exist when cases were won or lost on paper documents. In some cases – particularly those involving corporations – the amount of digital data that must be retrieved and sorted through prior to trial is immense.

“State crime labs are adding high-tech pieces, but if you think it’s hard to examine urine and blood samples, try working through a zip drive, a hard drive or an iPhone,” said Findling, the defense attorney.

Evidentiary laws also have failed to keep pace with rapidly changing technology, said Rasch.

“We changed the discovery laws eight or 10 years ago, but we need to change a bunch of different laws, including electronic privacy laws,” he said. “And we need to continue to tweak the laws on chain of custody, validation and verification, authentication, corroboration and the scope and extent of discovery.”

While lawmakers struggle to catch up, judges and courts are taking wildly varying positions on the reliability and admissibility of digital evidence.

“Right now it depends on the state, depends on the judge,” said McCullough, president of the Southwestern Association of Technical Accident Investigators. “A lot of information has to be established to show that it’s reliable.”

advertisement

Gonsowski said much of the variation is attributable to the differing technology comfort levels among judges, prosecutors and defense counsels.

“You see some inconsistent decisions because a case may require that the litigants and the judge all understand how Facebook works, for example,” he said. “…  So there’s a lot of sort of groping around – not quite the blind leading the blind, but folks wrestling with these new technologies as they apply to traditional legal concepts.”

Stricter rules for digital evidence

Experts have different views of those to-and-fro battles.

Rasch, the former Justice Department official, said that courts often impose higher requirements on digital evidence than they do with physical documents, such as letters.

“We demand a (greater) degree of certitude for certain kinds of electronic evidence than is demanded in the physical world. … A lot of it has to do with the general unease we have with electronic evidence. We’re not sure it’s reliable, that it hasn’t been tampered with.”

But others worry that current laws – and the judges who enforce them – have failed to adequately consider that electronic evidence is “inherently malleable or ephemeral.”

Among them is Steven Teppler, a partner in the Chicago law firm Edelson McGuire and co-chair of the American Bar Association’s Digital Evidence Committee. He is part of what he describes as a growing movement within the legal profession to have digital evidence deemed “hearsay,” and thus generally inadmissible in legal proceedings unless its reliability can be demonstrated.

“Unless we change the rules of evidence to require a higher level of reliability, you have this built in problem where people say, ‘It comes out of the computer, therefore it must be reliable,’” he said.

But that doesn’t account for the fact that programmers create the software that instructs those machines to generate data, Teppler said.

“Computers will repetitively create bad information if they are programmed incorrectly,” he said. “Just because a computer generates it doesn’t mean it’s true.”

via Open Channel – Digital evidence becoming central in criminal cases.

Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly

The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.

The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.

The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.

The backlog of cases requiring forensic analysis is currently around 46 weeks.

The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.

<>

This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.

One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.

The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.

via Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly.

Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly

The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.

The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.

The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.

The backlog of cases requiring forensic analysis is currently around 46 weeks.

The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.

<>

This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.

One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.

The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.

via Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly.

FBI Forensic Guide to Digital Evidence

FBI Forensic Guide to Digital Evidence

Dell takes digital forensics mobile | ZDNet

Dell on Thursday launched another installment of its digital forensics bundle so law enforcement can collect data faster from crime scenes.

The company took its digital forensic bundle—Spektor Forensic Intelligence software from Evidence Talks and rugged hardware—and extended it to mobile devices. The goal: Examine data at a crime scene and collect data on the fly from various storage devices.

Crime scenes are increasingly becoming an IT problem since evidence can reside on PCs, laptops, mobile phones, USB sticks, GPS devices and other memory devices. Dell’s goal is to allow for on-site investigation of digital evidence and analyze data with one technology bundle.

via Dell takes digital forensics mobile | ZDNet.

Executing a Warrant for Digital Evidence | Forensic Magazine

Pertaining to the seizure of digital devices, there is some misunderstanding concerning what “executing the warrant within ten days” actually means. Many investigators (and some prosecutors) have interpreted this to also mean that the forensic analysis of the digital devices must be completed within ten days after they are seized. This is not a correct interpretation. There is no requirement or mention in the Federal Rules of Criminal Procedure regarding any time limits for the forensic examination of evidence. Investigators only have to execute (serve) the warrant within ten days after it is issued to avoid it becoming “stale.”

Concerning computers (and other digital devices or digital media), there are different interpretations as to whether another search warrant is necessary to conduct further analysis after seizure. Normally, when a computer is going to be seized, the investigator would clearly explain in the supporting affidavit that after its seizure and removal from the scene, it is going to be searched for evidence. Often, investigators will detail what types of computer files they are going to be looking for so as not to run afoul of the Fourth Amendment which requires that every warrant must “particularly describ[e]…the…things to be seized.” This requirement restricts and prevents law enforcement from executing a general warrant to search for evidence of a crime.

via Executing a Warrant for Digital Evidence | Forensic Magazine.

Lawyers losing cases while struggling with large quantities of Digital Evidence | Digital Forensics Magazine Blog

In today’s modern age, digitally stored evidence is of the highest importance when it comes to legal processes. A survey published by Symantec Corp has shown that many legal companies spanning the EMEA (Europe, Middle East and Asia) region are losing cases, due to the fact that they cannot manage the immense amounts of evidence that is stored on digital media.

Over half of the responses to the survey showed that the problem was identifying and recovering the evidence and that this had caused delays and sanctions as well as the previously mentioned ‘lost’ cases.

Whilst highlighting that many cases are being lost, the report does show that the ability to identify, collect and process the digital evidence from within millions of different pieces of electronic information has had an encouraging effect on many cases.

via Lawyers losing cases while struggling with large quantities of Digital Evidence | Digital Forensics Magazine Blog.

Difficulties producing ‘digital evidence’ cause lawyers to lose cases – SC Magazine UK

The challenge of processing digital information has caused lawyers to lose a case or to be fined or sanctioned in the last two years.

A survey of 5,000 lawyers across EMEA by Symantec found that they are struggling to manage the vast amounts of electronically stored information that play a vital role as evidence in legal matters across the EMEA region.

Half of those surveyed (51 per cent) admitted to problems identifying and recovering e-discovery in the last three months. However the poor availability of ‘digital evidence’, which can also hinder the legal process and the power of technology to identify and collect relevant information among millions of electronic files has had a positive impact on many cases across EMEA.

Almost all of the lawyers questioned (98 per cent) said that ‘digital evidence’ identified during e-discovery had been vital to the success of legal matters in which they had been involved in the past two years.

via Difficulties producing ‘digital evidence’ cause lawyers to lose cases – SC Magazine UK.