Altechbloggers

Digital Footprints: Assessing Computer Evidence

Did you know that everything you do online leaves a mark? It’s true. It’s called digital footprint, and although it’s not visible to you right now, other people can see it, including your friends, family, your future college or employer, and even companies that want to sell you something. Think about what you have done till date. If you checked Facebook, tweeted, made a comment on a message board or blog, or even visited a website (including this website), you’ve created a portion of your digital footprint. Watching the video below, created by Common Sense Media, think about how you and your friends are creating your digital footprints every day. Then, go to “Follow Your Footprint” to learn more about your online behaviors.

What Makes Your Digital Footprint?

Your personal information: name, address, phone number, birthday; Your actions and uploads: text, photos, sites you visit, what you say and what others say about you online; Your digital trace, which may not be visible to you: data collected about you using your TV, telephone, mobile phone, Internet, and other devices used in everyday life. Often companies use this data for marketing.

How You Create Your Digital Footprint

How much do you think about and value your privacy? If your parents or siblings come into your room without permission or check your Facebook profile, you may feel bad. But, in a world where everyone is connected and anything created online can be copied, pasted and sent to thousands of people in a moment, privacy means something far different than just the protection of private or private information (Common Sense Media, 2009). So, although you may be thinking a lot about privacy as it relates to those you know, you should also keep in mind that whenever you update your status on Facebook, tweet, comment on something, Post a video, or text a friend So you are deciding about your privacy because it is related to many people you have never even met. You are creating your digital footprint every day. You make decisions online every day that may take a short period of time, but they can have long-term consequences, even if you don’t forget what happened today. Have you ever posted something online that a friend gave you or reposted something you didn’t think you already had? Have you ever reposted a friend without asking them?

Or have you posted any real life things like fights or breakups online? Who is reading the message on your Facebook wall? You may think that only your friends will read or care about it, but someone older (such as a college admission counselor or hiring manager) may look at it and think about you again. Everything leaves a digital footprint. Whatever is created never disappears. If they don’t want to see it tomorrow, they better not post it today.

What Is Digital Citizenship?

Who is a digital citizen? You! A digital citizen is a person who uses digital devices such as computers, mobile phones, or the Internet. You can use these devices in your work, at school or for entertainment. Just as there are rules and standards of conduct for the citizens of a city, so too must we who live in the digital world abide by rules and policies (Computer Applications, 2010). Digital citizenship is everyone’s responsibility. It is your responsibility to respect your digital identity and that of your friends. Your friends also have a responsibility to respect your digital identity and not do anything that will harm you sooner or later.

Creating A Positive Digital Identity

Your digital identity is an online form of yours! Maybe that’s the only detail someone has about you, especially potential employers. Here are some tips to ensure this approach is positive. Google yourself or set Google alerts. This will let you know when someone has posted something in your name. If you’re graduating this year, create a LinkedIn account. Make sure you apply Facebook privacy settings to limit access to your profile. Remember that we live in a digital world and digital content can be easily changed and accessed. Expand your online network. Connect with parents’ friends, friends’ parents, relatives and neighbors. Connect with adults who can recommend you for a job.

Our Digital Footprint Can Impact On

  • Our online reputation and image.
  • Our real life reputation and image.
  • Our employment prospects.
  • Our admission to school, university or groups.
  • Our relationships with friends, family, teachers and others in our network.
  • Reputation of friends, family, teachers and others in our network.

Importance Of Digital Footprints

This activity discusses the topic of digital footprint. The digital footprint is defined as an “online portfolio of who we are, what we do, and by affiliation, what we know” (Richardson, 2008). It is also known as our digital shadow, which is the footprint we leave after using Internet-based devices. Being aware of your digital footprint is important not only for us as professionals, but also for students to consider as it is very possible that documenting their entire life from photos of their first baby to current activities, which they participate in today, has been done online. Statistics from the Pew Internet and American Life Project show that 43% of online adults are carefree and passive when describing their level of concern about personal information. These people do not worry about personal information online nor do they take steps to limit the amount of information. As teachers, it is our responsibility to encourage students to consider their digital footprint and its lasting impacts. This activity is designed to explain the concept of digital footprint and give students the opportunity to learn and tell others how to protect themselves online.

Computer Evidence

It is a word that shows how technology is prevalent in everyone’s life nowadays. Your digital footprint reflects the mark you leave on cyberspace and any type of digital communication. It is now widely accepted that in this age of email, texting, blogging and social networking, it is practically pointless to try to hide your digital footprint. In fact, it’s been reported that FBI can hear your conversation through your cell phone even when it’s off (the only way to stop it is to remove the battery). Computer evidence earlier had two meanings. Its most distinctive form was a regular print-out taken from a corporate computer. The alternative form was a reading obtained from any single-purpose measuring or counting device that could be considered a silent witness free of human interference, such as an intoximeter, telephone call meter or weighing machine.

Most journal articles and legal textbooks focus on issues of acceptability. In the case of regular computer print-outs, the problems have been those of “the proper functioning of the document and statement and the scope and circumstances of the certification of the concepts” – which may be called “Section 69 issues” for short. In the case of simple measuring instruments, the problem has been the limitations of this area of interpretation of “actual evidence”.

But the enormous changes that have occurred over the last decade in the physical forms of computers, the range of applications, the forms of ownership, the ways and businesses of their use and the extent of their interconnectedness around the world have generated many new forms of computer-derived evidence Many of the assumptions in the earlier articles and the examples to which they refer are no longer true.

For example, a computer is not necessarily “exactly” like a filing cabinet and, as a result, computers may not be “exactly” like the “document” paper equivalent. Again, it is not necessary that computer errors are almost always obvious, with the result either of no read-out or print-out of any kind or of gross nonsense. Depending on the circumstances, a computer print-out may possibly seem correct, but may still be misleading or misinterpreted. In addition, configuration, logging and other system files are also being presented before the courts, which the common computer user usually cannot see—; in fact, such users do not even know their existence—, but which the investigators and prosecutors are not aware of the activities or intentions of the accused. Presenting as evidence.

Consultation Papers And Reports

In both the consultation paper and the report, the Commissioners expressed concern at some of the practical problems encountered in assessing the reliability of computers and computer output, although their attention was focused on section 69 of the Police and Criminal Evidence Act (PACE). He gave the following main reasons for considering that section unsatisfactory: it has failed to address the principal causes of inaccuracy in computer evidence; Section 69 is becoming progressively more difficult to comply with because of advances in computer technology; checking (and therefore certifying) all the complexities of computer operation is “becoming impractical”, The person receiving computer evidence may not be in a position to satisfy the Court of the operation of the computer, it being illogical that section 69 applies where the document is presented as evidence, but not where it is used by an expert to arrive at his conclusions, Nor where a witness uses it to refresh his memory. In the consultation paper, the Commissioners quoted Kelman and Sizer with acknowledgement: “With a vast and complex computer system, the It is doubtful whether a manager can have sufficient knowledge [to issue a Section 69 certificate] that it may be virtually impossible for anyone except experts in that field to detect a computer malfunction or unauthorized tampering”

A little later, the commissioners commented; the judges’ comments were to the effect that determined defence counsel could and did conduct a detailed investigation of the prosecution’s computer expert. The complexity of modern systems makes it relatively easy to create reasonable doubt in the mind of the jury as to whether the computer was functioning properly. We are concerned about the smokescreen arising from cross-examination. The Commissioners’ conclusion was that it is not possible to lay down protective legislation in relation to computer evidence and that where there are specific reasons to doubt the reliability of a particular document generated by a computer, these doubts should focus on importance rather than admissibility. In fact, the Commissioner is putting all the rigour of assessment on the conclusive of the facts, which would be a normal jury for more serious crimes. If we agree that “making protective laws” is an oversight given all the potential problems of rigour in interpretation, are there any comprehensive tests for “reliability” that we can present? Should we consider codes of conduct that can guide law enforcement officials and courts? Will these be enough? Many of the concerns expressed about the use of ordinary juries in complex fraud trials are very easily transferred to situations where complex computer systems occur. Again, many of the problems of evaluating novel scientific evidence, which have recently been considered in relation to DNA evidence, are re-emerging with renewed vigour.

Development Of Computer Forensics

Cyber crime is an illegal activity committed primarily through misuse of computer systems, the Internet, or data. Computer forensics is a relatively new and growing field in which experts collect, analyze, and present evidence obtained from computer systems for use in court cases involving one element or another associated with cybercrime. Evidence may include information gathered from wireless devices, data storage systems, and computer networks. Those wishing to pursue a career in this field can specialize in information technology, computer science or forensics. Some schools are even starting graduate degree programs in IT focused specifically on computer forensics.

Some brief paragraphs of historical context-setting may be helpful in understanding how and why these techniques came into existence. Three or four major trends in the history of computing over the last fifteen years, and especially over the last ten years, have distinguished themselves; these main trends have given rise to many minor trends and have all interacted with and reinforced each other. They are: an increase in the use and power of personal computers; a shift in the design of corporate computer systems away from centralized monolithic mainframes to a multiplicity of small but powerful machines that work and interconnect among themselves in what is commonly called distributed processing; and the development of networks, both private and public in the form of the Internet, globally. All of these changes have had an impact not only on what computers can provide to their owners, but also on the type of evidence that comes with them.

Personal Computer

Personal computers are now a very common commodity in many households, yet in 1955, only 250 computers were in use worldwide. In 1980, over a million personal computers had been sold and by the mid-1980’s, that figure had risen to 30 million. How did this happen? For nearly 20 years PCs have been used for non-entertainment purposes, and today PCs with less than 1000 capacity are more powerful than many commercial mainframes from 20 years ago. Unlike physically large computers, they can be carried completely easily during the execution of a search warrant, as they are private to an individual other than formal business documents; they are more likely to contain informal material that may indicate, for example, intentions or hidden activity. As a result of the increasing complexity of PC operating systems and applications, PCs create many ambiguous files that improve system performance and allow recovery in the event of a disaster; these can be interpreted upon examination to show how computers have been used recently. PCs are also the Internet’s primary medium for sending global e-mails and viewing information on the World Wide Web. Programs that provide these features also create substantial logging and other files on the PC’s hard-disk that can be checked later.

Distributed Processing

Distributed processing speeds up processing by distributing the work to multiple computers that have been selected to provide more processing power. You can submit batches of processing tasks to the Apple Qmaster distributed processing system, which allocates those tasks to other computers in the most efficient way (this is described in more detail in “How Apple Qmaster distributes system batches”).

Distributed processing is a way of designing systems that, unlike the use of a very powerful central computer that stores and processes all organizational information, are easier, faster, cheaper and more flexible to design. Many small computers are connected together so that they can provide information and resources to each other; Some small computers can be quite specialized in nature— in fact they can include automated teller machines, warehouse and manufacturing robots, and bar-code readers.

Distributed processing has been common for at least 15 years in large organizations. From the point of view of evidence, one consequence of this is that many computer documents are “combined” only on demand and from many different sources. PCs are often used in distributed processing systems by executives as the primary way to view business performance. Such PCs contain programs that receive information from the main system, but display the results on the individual executive’s PC in a manner that the executive has prepared itself. What appears on screen or print-out under these circumstances depends on the functions of the individual executive as well as the quality of the central repository of corporate information. The problem is what should a person wishing to trust such a document do to seize and present it— and then be in a position to prove it reliable for the purposes of “weight”. Can one rely on a single print-out produced on a single PC or should the entire corporate database be confiscated? Computer systems using distributed processing generate many intermediate and logging files, additionally, if care has been taken to implement security measures, there may be other audit and logging files. Again, a skilled computer analyst may be able to interpret these to assure the Court of coherence or alternatively to demonstrate a serious inconsistency.

Networking

Given the basics of networking, understanding the way networks operate is the first step to understanding routing and switching. Network two devices; Operates by connecting computers and peripherals using switches and routers. Switches and routers, essential basics of networking, enable devices connected to your network to communicate with each other as well as other networks.

In such networks, where several computers are connected together, there are similar problems in finding where a document is placed and how much data must be seized to provide sufficient “weight”.

There are many ways to design a network; the simplest way provides individual PCs with the ability to communicate with each other and, depending on how security is set, access to parts of each other’s hard-disk. A more complex design would involve one or more servers, large computers that hold programs and data. Programs may include internal emails and data may include back-ups of key business records. Servers are an important source of computer evidence. Distributed processing systems rely heavily on complex networks. Even in the largest organization, a portion of the network may be outside local jurisdiction. Private networks also exist at industry level and first generation EDIs (electronic data interchange) depend on them.

Common Computer Forensic Techniques

1. Confiscation of computer hardware: The aim of this white paper is to teach you how to confiscate a computer from a crime scene. The techniques you learn can also be used in non-criminal cases. For example, your job may be to confiscate a computer from an employee who has been involved in activities against your company’s policies. In any case, it is important that you proceed with caution to prevent any evidence on the computer from being corrupted.

This is probably the best established technique, and the closest to traditional crime scene activity. The protocols issued to the police described a variety of investigative procedures, including conducting intelligence reviews prior to raids to assess what types of hardware could be expected, what types of software, what types of back-ups could be identified and how these might relate to potential evidence; Determining the scope of the warrant – this is not really a forensic procedure, but it is necessary in order to conform to the admissibility rules; Taking in situ photographs of computers, in particular cabling of peripherals and accessories; Careful identification and labelling of all items, including external data storage such as cables, peripherals, discs and tapes Careful fragmentation, Including preventive measures and bagging to avoid unintentional damage or contamination; proper record keeping; precautions to prevent data from being destroyed by hostile persons just prior to the raid; handling of computers operating at the time of the raid; safe shut-down procedures; noting the time on the computer’s internal clock – which is used, among other things Used to provide date and time-stamps on computer files; And making accurate sector-by-sector copies of each hard-disk.

This last point needs some clarification. A particular problem of evidence obtained from a hard disk connected to a computer is that the very process of turning on the computer and/or copying its contents can alter its contents to such an extent that it becomes corrupted. To avoid this, most British law enforcement agencies use a process sometimes called “legal imaging”, which aims to remove contamination hazards by combining specialized hardware and software and appropriate procedures. This procedure should be started as soon as possible after the computer has been seized; copies of the hard-disk are then checked. In this method the computer is not started (or “booted”) from a normal hard-disk, but from a floppy or drive. The computer is booted from a minimal operating system rather than a complex one such as Windows 95. Operating systems have additional features or “drivers” that enable a computer to recognize an external data storage device, such as a removable hard-disk. Still operating from a floppy drive, software is run that creates an “image” of hard-disk (or hard-disk if there is more than one) on an external device. The image is an exact copy of the original disk (sometimes called a “bit copy” or “sector-by-sector copy”). This includes not only the files that appear on the original disk, but also other files that do not normally appear, the parts of the disk that contain the information from which the directory details are derived (file name, size, Date and time stamps) and some other forensic excerpts from previously deleted files may also sometimes be retrieved.

The “image” file cannot be easily viewed, but by reversing the imaging process to another computer with the same specification as the original disk, an exact clone of the original disk, containing all “hidden” information, is created. This process is sometimes called “extraction”. The procedures used have some built-in controls; the original computer remains available for inspection; often two image copies are made, one acting as a control in the same way as used to record police station interviews. In addition, images and “extraction” files are recorded in a CD-ROM, which is a write-once, read-several-times medium that cannot be changed. In these circumstances, information is usually passed on to the defence. Another feature of the procedures followed by some law enforcement agencies is that, as far as possible, there is a separation between technicians working on raw computer evidence and the investigating officers analysing the results. Essentially, these protocols address the issue of stabilizing the scene. Witness statements and interview records are necessary to ensure continuity of evidence and support.

If followed correctly, hard-disk imaging is undeniable. From the point of view of admissibility/the computer and its hard-disk are “genuine evidence”; all subsequent images, copies, printouts, etc. are “documents” and for the time being appear to require Section 69 certification. Problems arise from the type of material produced from hard-disk and the conclusions that can be drawn, for example:

  • Ordinary data files—word-processed documents, databases and account records, images, copies of corrections—produced from regular applications, present very little difficulty. The date and time seal that can be displayed in a computer’s directory is that of the last modification rather than the original creation. Some applications create records of the first construction and also list modifications, but most do not. PCs do not usually create formal audits or logging records. ⁇ Email messages and faxes sent and received may have been kept by the computer owner, but the owner may also have selectively deleted some of them.
  • Sophisticated and extended use of directory information can help create a chronology of events within a computer, but the available data may be incomplete or incomplete and may require considerable interpretation. The basic tool is to get a list of all files sorted in date/time order in all directories on all disks. The chronology may, among other things, indicate: when the operating system was installed, reinstalled or upgraded, when an application was installed, reinstalled or upgraded; when new hardware was installed or reinstalled; sessions during which files were being created or modified, sessions in which files were viewed without being modified; Dates of sending and receiving faxes; online sessions for the Internet and other external services; times when diagnostic packages were run due to a suspected system fault;
  • Deleted files, especially if recently deleted, can be recovered by providing flexibility against crash using features built into the modem operating system. This is possible because initially unwanted files are marked only for deletion so that they do not appear in the disk directory, although their contents persist until the specific disk space is used by new files. This type of un-delete process is not controversial, but technicians can sometimes also recover fragments directly from disk sectors; More elements of interpretation may be required here. Careful checking of certain application files, for example, documents created in Microsoft Word, may include fragments that the manufacturer believes have been deleted. The danger here is that a computer technician, when reconstructing a document, becomes influenced by other aspects of the check.
  • Swap files are temporary files that are created by the operating system on a hard-disk when random access memory (RAM) is insufficient for a specific activity, for example, when multiple programs run simultaneously, or a large document or picture is being edited. Here too a technician can search for evidence of recent activities, including changes and deletions to files, or transmission of passwords. Here too the interpretation of one technician can be challenged by another.

If a personal computer had been properly handled at the time of and after confiscation and was entirely under the control of the suspect, a plethora of important evidence about the suspect’s activities could potentially be available. However, some of the conclusions reached by prosecutorial experts may depend on interpretation rather than unquestionable fact-finding, and the extent of this may not be clear.

2. Large corporate systems: The larger the computer system, the more difficulty it will have in moving anywhere, especially if the system is widely networked and contains many different computers, connected to each other by networks for some purposes and not others. The larger the computer system, the greater the overall likelihood that its confiscation will cause additional damage to completely innocent individuals and organizations; once the computer is confiscated, the business it owns is likely to come to a sudden standstill, affecting employees, customers and creditors. There are no clear guidelines in such circumstances. Checkers then have to decide to leave the hardware in place; It is hoped that an employee of the raiding firm who is technically competent but not under suspicion, or other person, and that person will be monitored while making copies of the operating system, logs, software and data. Section 19 (4) of the PACE allows a constable to “require any information, which is contained in a computer and accessible from the premises [mentioned in the warrant], to be presented in a form in which it may be carried and in which it is visible and legible” The reference to “accessible” seems to suggest that provided that the warrant refers to a single relevant site, the whole of a corporate network, wherever its components are located, would be included.

In practice, a selection may have to be made on the basis of cost and magnitude. Investigators are also required to obtain a detailed hardware and software inventory of computer systems, as well as any reports prepared by EDP auditors, etc. If the computer system belongs to an international company, different jurisdictions and time-zones may have different components. Once the raw evidence has been obtained, the problem is to show that it can be relied upon. Again, some of the tests developed in Section 69 cases may be extended to other aspects of the validation value. Thus, R. In the appeal vs. Cochrane which dealt with print-outs from an automated teller machine (ATM) connected to a complex banking/building society system, Waterhouse, J. commented: “It’s some surprise that we record that none of the witnesses who testified in the lower court even knew the name of the city where the mainframe computer was located” He concluded.

3. Evidence from the Internet: Data obtained from mobile chat apps is important for many forensic investigations. However, with the use of thousands of mobile chat apps today and the continued advent of new apps, the identification, retrieval, and analysis of mobile chat data is a major challenge and has become a time-consuming task for forensic professionals. Two main situations should be considered: where the crime focuses on a person’s Internet use and where evidence of the crime exists on a remote site. Specific examples of the former include download and unauthorized access to child sexual abuse material; There may be a lot of evidence present on the accuser’s own computer. Examples of the latter include: evidence of fraudulent promises to deliver goods, evidence of fraudulent offers to provide services, evidence of fraudulent or non-compliant investment offers, infringement of copyrighted material submitted in the course of business, possession or submission of pornographic files and images, and incitement to racial hatred, terrorism and other crimes, and conspiracies. To understand where evidence of Internet-related crimes may be located, we need to remember how Internet connections are made and what types they may be.

Typically a person uses their computer to connect to the Internet through an Internet Service Provider (ISP); home users dial through the telephone network. Thus, different types of evidence can exist on four points: on a person’s own computer, in his telephone bill, on ISPs, and on remote sites. There is also the possibility for law enforcement to covertly track Internet traffic using a technique known as “sniffing”. First, in addition to the material already mentioned, considering the material on the suspect’s own computer, the PC is likely to contain the following Internet-specific logging files:

  • Emails sent and received are usually saved to hard-disk during regular use; However, most users regularly delete unwanted content to free up disk space;
  • Newsgroups that are subscribed to are also usually saved to hard-disk during regular use; however, most users regularly remove unwanted content to free up disk space;
  • Internet Relay Chat (IRC) sessions are real-time discussions like CB radio; logging files that record what all participants say are optional – commercial and advanced versions of IRCs such as Microsoft Net Meetings and other products are also available that provide Internet telephony and viewphones; re-logging may exist;
  • Browser cache files are a specific type of temporary file used to store data that a computer has recently used and may need again in the near future.

Although caching is used throughout computing, its most important use is in Internet browsers, the software used to view sites on the World Wide Web. Here the cache stores copies of each web page as soon as it is viewed. Users often need to revisit previously viewed pages, especially if they contain indexes of other pages. Browser software can recover such a page from its cache faster rather than going back to the original source site (which will cause more delays to the user and also increase total traffic to the main connections of the Internet). Cache files in most browsers are kept after separate sessions, often weeks and months later; some browsers and some specialized software can be used to view cache files and associated “history” files, which store some date and time information. It is thus possible to determine what users of a specific computer are looking at and, to a limited extent and after careful interpretation, when. There has been at least one attempt by prosecutors to claim that material saved but not intentionally placed in web-browser caches, is considered “possession” for the purposes of section 160 of the Criminal Justice Act, 1988. Sometimes it is possible to recover deleted logging files.

However, the completeness of any of these files, whether previously deleted or otherwise, and the extent of the accuracy of date-time seals are something that the person presenting such evidence should be asked to demonstrate. With regard to telephone logs, private subscribers to Internet Service Providers (ISP) usually dial-in via telephone – therefore, logs provided by telephone companies that show the numbers, times and periods called often forcefully corroborate other types of evidence. Until relatively recently, phone companies collected this type of information from specialized external devices connected to the customer’s line: from the point of view of acceptability it can be argued that the output of such call loggers or monitors is anecdotal evidence. Recently, evidence has been presented directly from the telephone company’s regular billing computer. While no case has so far been registered on this issue, it can be argued that a proper section 69, PACE certificate, is required in these circumstances as well as endorsement to show that the performance is a “commercial etc. document” for the purposes of section 24 of the Criminal Justice Act, 1988 If law enforcement wishes to capture data traffic on a telephone line between an ISP and its subscriber, the Interception of Communications Act, 1985 (ICOA) applies.

Are There Any General Principles For Evaluating Computer Evidence?

Computer-derived evidence is not fundamentally different from other types of evidence presented in criminal proceedings. Rather, the problems stem from the fragility and transience of various forms of computer evidence, from the fact that the origins can be hard to understand and the speed at which computer technology, and therefore potentially available evidence, changes. There are only a few easy solutions to this. As we have seen, Justice Waterhouse had hoped for “a standard form of evidence”, but English law is counterproductive to the idea of conferring judicial quality on scientific or forensic evidence.  In the case vs. Dohenff, DNA statistical evidence was presented in one case of rape and sexual abuse.

The conviction was overturned on appeal on the grounds that the expert had encroached on his role, limiting the role of the jury. The move to the American process of expecting judges to act as gatekeepers for innovative scientific evidence, which was recently considered in the 1993 American case Daubert vs. Merrell Dow, is also not promising. Even if the English courts accepted the theory, it is doubtful whether some of the computer forensic evidence currently being presented would stand up to these tests: (1) whether the theory or technique can (and has been) tested; (2) the error rate associated with the method; Publication in (3) a peer reviewed journal; and (4) whether the technique has gained widespread acceptance. The Royal Commission on Criminal Justice, chaired by Lord Runciman, devoted Chapter 9 to the consideration of forensic science and expert evidence, proposing inter alia the establishment of a Forensic Science Council, but how well equipped would it be to assess skills in computer forensics? Similar concerns should apply to the perception of court-appointed experts – how will they be selected?

In fact, faced with new types of evidence, courts have to resort to the general principles of evidentiary evaluation. The following are Miller’s general tests for the reliability of an exhibit. It should be possible to show that the evidence:

  • Authentic – uniquely connected to the circumstances and persons alleged – and submitted by someone who can answer questions about such relations;
  • Accurate – Free from any reasonable doubt as to the quality of the procedures used for collecting material, analysing the material if appropriate and necessary and ultimately presenting it to the Court and by any person who can explain what has been done. In the case of exhibits that contain statements themselves – for example, a letter or other document – “accuracy” must also include the accuracy of the subject matter; and this normally requires the originator of the document to make a witness statement and be available for cross-examination.
  • Complete – Tells the full story of a particular set of circumstances or events in its own terms. With regard to more technical types of evidence – forensic evidence – we can expand the range of characteristics:

There must be a clear chain of custody or continuance of evidence.

  • A forensic method must be transparent, i.e. independently testable by a third party expert. If law enforcement agencies feel that disclosure could result in countermeasures that would prevent its future use, this poses difficulty; again, the creator of the forensic process may find it difficult to maintain commercial confidentiality.
  • In the case of material from sources with which most people are not familiar, a fairly detailed explanation may be required.
  • In the case of exhibits containing statements themselves – for example, a letter, database record or any other document prepared by computer – the “accuracy” must include the accuracy of the process from which the statement is prepared as well as the accuracy of the subject-matter; again, the Normally this requires the maker of the document to give a witness statement and be available for cross-examination. In cases of “hacking” and other sophisticated computer crimes, an additional concern is that criminal functioning has calculated the routine operation of computers.

The more we look at it, the clearer it becomes that we are not considering one problem, but many. While it may seem tempting initially to make a simple list of types of computer evidence and “rate” them, some problems become apparent very soon; any such list tends to include “documents” or “statements” in the sense of the various Civil and Criminal Evidence Acts (or as “common sense” suggests earlier), But the types of evidence produced by computers or obtained from computers also get included. In the first category, we identify the evidence by its content and in the second category, by the form in which it is placed in the computer or produced by the computer. In fact we need to do both. We need to know about the evidence-related weight of the subject-matter of a piece of computer-derived evidence, but we also need to know about the weight of the process by which it was produced.

The procedure may also, depending on the circumstances, include a number of meanings – the quality of the original source, the quality of the internal computer manipulation, the strength of any control or audit mechanism which may reduce error or provide confirmation, the way in which performance – which the Court actually considers – has been achieved, its integrity, the Perhaps also the integrity of the way in which performance has been handled by investigators.

Public Policy Issues

Public policies related to issues such as global hunger, conflict and peace, global health, migration and global poverty have a massive impact on the lives of people living in poverty around the world.

The proposed Code, unlike current internal documents to be prepared by law enforcement agencies, would be public and subject to parliamentary scrutiny. One of its potential benefits is that it will provide guidance for a relatively new and rapidly evolving source of evidence without the rigour of primary legislation. This will ensure fair, regular and consistent procedures and a terminology to describe them that will be recognized by the courts. It can describe precautions for the secure acquisition and preservation of computers and hard-disk, and methods for listing computer-derived material in search registers. It will provide guidance for those issuing warrants. This will enhance the existing framework for adequate security measures and maintenance of records. It will provide fair rules and procedures for the prompt confiscation and return of computer hardware and data so as not to unduly penalise the activities and privacy of companies and individuals, but also to require frequent recourse to the Police (Property) Act, 1897. It will provide guidance to judges in assessing and/or assisting the process of delivering computer-derived evidence to the Court. This will provide the defence with greater impartiality, including procedures for the delivery of evidence and access to the specialist software necessary for reviewing the validity of the prosecution’s claims.

This would reduce “form” protests by the defence in the Court or irresponsible questioning of Crown-experts, as feared by the Law Commission in its consultation paper in 1995. It will reduce the cost of trials involving computer-related evidence by avoiding the delivery of unnecessarily heavy-handed prosecution print-out bundles and by giving prosecution and defence experts access to electronic evidence that can be analysed from a computer. It will provide a framework for the specific training of law enforcement officials, thereby increasing their efficiency and chances of success; at the same time it will ensure that low-quality cases are submitted to the Courts. Ultimately, it will provide guidance to the Legal Aid Board in assessing requests for funding by the defence.

Read Also:

  1. This Technology Will Instantly Identify Heart Diseases
  2. Advanced Military Technology In Russia
  3. Artificial Intelligence (AI) And Technology In Health Care: Overview And Possible Legal Implications
  4. Green Artificial Intelligence(AI) Technology In Various Sectors
  5. Using Green Artificial Intelligence (AI) Technology In Fintech
  6. Wi Fi Offloading Technology Overview And Approaches
  7. Development Of 5G Technology
  8. Introduction To Mobile Technology
169960cookie-checkDigital Footprints: Assessing Computer Evidence

Hey!

I’m Bedrock. Discover the ultimate Minetest resource – your go-to guide for expert tutorials, stunning mods, and exclusive stories. Elevate your game with insider knowledge and tips from seasoned Minetest enthusiasts.

Join the club

Stay updated with our latest tips and other news by joining our newsletter.

Categories

Tags

000 499 999 Advantages And Disadvantages Of Mobile Phones Air Pollution And Your Health and How to start Blogging and Uses Artificial Intelligence In Agriculture Artificial Intelligence In Banking Bank Of Baroda Causes Of Environmental Pollution Difference between Blogging and Vlogging Difference Between hPanel and cPanel Effects Of Environmental Pollution Environmental Pollution features Foundation Of India: What Nehru Made For A Modern Nation Google Maps Google Translate History How To Avoid It How To Start Blogging Jhunjhunu MCA Course Negative Effects And Prevention Methods Oppo K13 5G Smartphone Partition And Change Rahul Gandhi's "Atom Bomb" Allegations: Is India's Election System In Danger The Long Journey Of India's Congress Party: The Story Of Power Types Types of Technology Udaipurwati Branch (333307) What is Artificial Intelligence(AI) What is Blogging What Is Cyber Crime What is Google What is Hostinger What is hPanel What is Microsoft What is Microsoft OneDrive What Is Money What is Technology What is Web Hosting With Definition and their Examples With Definition Meaning and Types

Recent Posts

Blogroll

Minetest Blog

Minetest

Translate »
error: Content is protected !!

Discover more from Altechbloggers

Subscribe now to keep reading and get access to the full archive.

Continue reading