The current situation in digital evidence
Computer and information technology law
IT law is a collection of latest legal ratifications presently available in many nations which regulates the processing and disseminating of information in the digital environment. These legal enactments are crucial in this era where the use of information technology is on the increase (Carrier 2005). Data and information transfer has become a daily process as the current period is an information era. It is hard to govern processing, transfer and use of information without some form of regulation. In fact, the advent of advanced digital technologies has brought up an evolution of very sophisticated criminal activities that were never heard of in the past. The legal enactments have been necessitated by the need to control the different aspects relating to computer programs, security of the software, availability and management of information, internet use, e-business and privacy among other aspects (Casey 2009). The legislations have acquired the term paper laws for paperless environment. Criminal cases cannot be handled without proper evidence. In the past, there were many ways of gathering evidence in a crime investigation. The conventional methods for gathering information are not applicable in a digital environment. As changes in the information technology continue to explode, a new method of evidence collection and presentation known as the digital evidence has come up. The laws that have been mentioned can only operate where there is evidence. The problem is that there are various issues surrounding this area in the contemporary world. This area has been facing a lot of challenges and problems in providing digital information as evidence (Bainbridge 2007).
Like in most countries, English law has also evolved to cover technological changes. The Regulation of Inventory Powers Act of 2000 is such regulation that was passed in the UK to handle technological developments. It relates mostly to crimes related to the internet and encryption. This law manages the way in which public organisations can carry out surveillance and have admission to private digital communications. The law allows mass surveillance of communications and provides protection of information. In dealing with digital evidence, the law hinders the subsistence of interception warrants and any information gathered with them from being presented in a court of law (Bainbridge 2007).
Digital evidence has been applied in many countries in court cases. In most of the countries where this kind of evidence has been in use, it has been used under the existing state procedures of evidence. This has created a discrepancy in application the fact is that the conventional evidence is far too different from the digital evidence. Courts have realized that digital evidence is by far different from conventional evidence. The digital evidence differs from conventional evidence in a variety of ways. The first difference is the volume. Digital evidence has proven to be more voluminous than conventional evidence due to the fact that a lot of information can be stored and transmitted in a very small space. Computer memory is able to carry a lot of data than it is possible to be presented physically (Casey 2004). Another difference is that digital evidence is easy to modify. Adding or removing information from a computer memory is so easy and difficult to realize without appropriate measures. The other difference is that duplication of information in a computer memory is very easy. This can be carried out without noticing unlike in conventional evidence. It is more difficult to destroy digital evidence. This is because with appropriate software, data or parts of data deleted or destroyed can be recovered. The last difference is that digital evidence is more expressive and easy to retrieve. This therefore necessitates the need for different rules and procedures for handling digital evidence. These kinds of procedures and regulations have not been present in most countries, and in the countries that have them, they are not carefully followed. Some courts have devised their own procedures for treating digital evidence differently from conventional evidence. They do this for the sake of authenticity, hearsay, privilege and the best evidence rule. For example, in the United States, stringent fresh regulations were passed with the Federal Rules of Civil Procedure, which necessitated the conservation and revelation of digitally kept evidence (Kenneally Brown 2005).
The nature of digital devices makes them more vulnerable to destruction and corruption. In order to deal with the increase in technologically-related crimes, there has been an increase in digital evidence. This has consequently necessitated the use of devices that are physically smaller and have greater storage capacity. This has made the components for such devices to be smaller but more delicate (Byers Shahmehri 2009). The delicate nature has also been contributed by the need to manufacture these components very fast to handle the demand. Storage of data in these devices in an unsuitable environment has been found to cause corruption and even loss of data. This has brought the problem of loss of evidence, presentation of incomplete evidence and delay in cases as more evidence is gathered. In situations where there is no backup or trailing information, court cases have been dismissed due to lack of evidence. Using a digital device to get information keeps the memory active and constantly changing. This can cause inconsistencies in the hash values of subsequent acquisitions by the same memory. The problem is further complicated by the use of unique cables and drivers to establish connections. More than one acquisition has also been seen to produce different hash values. This can be attributed to an internal clock that constantly change timestamps or other unique information that is in flux (Casey 2004).
The other issue surrounding the use of digital evidence is the increasing rate of digital crimes. Technology is developing from all directions. As the investigators and courts are coming up with new methods and procedures for handling digital crime, perpetrators are coming up with new ways of carrying out their criminal activities (Weber 2010). Criminals are utilizing information technology to ease the progress of their crimes and avoid being caught. Many of the criminals who use technology are very knowledgeable in digital applications and can do so much to avoid being apprehended. This has caused problems to courts, judges, investigators, forensic experts and security experts. Organized crimes around the world are being committed through the use of technology (Byers Shahmehri 2009). The criminals use technology to keep records and tracks of communication and to commit offences. Criminals have even accessed court systems to alter their records and watch internal interactions. There are other technology-related criminal activities targeting hospital systems, office systems, and domestic appliances. This is made easier by the fact that most of these systems are networked. There are network based crimes that target infrastructure. The most targeted infrastructure is power, communication networks, financial and emergency services. These issues are becoming a great concern as terrorist activities become more technologically skilled. The involvement of technology in crime has resulted in a lot of digital evidence that is causing a problem to handle for the legal experts. They are doing so much to handle the evidence but it is so vast that it becomes a problem (Casey 2004).
Ways of improving the law governing this area
The law is in place in but it is not as effective as it ought to be. There a set of guidelines and regulations put in place for those handling digital evidence. The laws that are in place may not be adequate to handle this contemporary phenomenon (Jones 2009). This is why it is necessary for legal bodies to come up with fresh regulations to handle this area. Technology is not constant and therefore the legislations established should also be constantly revised to accommodate changes in technology. Legal experts handling digital evidence should not only be trained but also be taught the need to observe and adhere to digital evidence guidelines. This is to make sure that they do not present flawed or incomplete evidence. Other guidelines, principles and procedures that govern data collection, processing, retrieval and access should all be incorporated into the legislation (Jerrard and Small 2002).
As people acknowledge the fact that proper amendments are necessary to the computer law, it is important to note that proper information is necessary for the amendments to be applicable. Digital evidence is a relatively new area in law and should therefore be well researched (Weber 2010). With empirical data, it will be possible for lawmakers to properly amend the available legislations so as to accommodate the changes in technology. Law amendments without proper understanding of the subject will not provide effective ways of handling crimes related to technology. Before making amendments to the law, it is important to go through the existing laws related to the subject so as to find out where it is failing and therefore improve. To be more effective all the aspects of the law from gathering of digital evidence to decisions in courts of law, should be evaluated afresh and necessary improvements carried out (Jerrard and Small 2002).
Procedures and principles to assist in digital evidence
Digital evidence requires more care and sophisticated procedures in handling so that it can be used as proper evidence in a court of law. Any person handling the evidence must make sure that it has not been tampered with. There must be auditable track in relation to storage and investigation of the device in use (Jones 2009). The key points for ensuring this is done are the person collecting the data should ensure that the evidence gathered does not affect the integrity of the evidence there should be proper training for any person gathering or handling digital evidence and there should be proper documentation, preservation and retrieval of digital information. As it is discussed earlier, perpetrators of technology-related crimes are greatly skilled individuals. To be able to counter their operations, the involved legal experts should be equally or even more skilled than the criminals. Hiring more experts and developing more sophisticated systems will also help in handling technologically-associated crimes (Kenneally Brown 2005).
To ensure data integrity, it is important to have chain of custody associated with the information. This is a trail documented in paper giving details on the whereabouts of all sources of evidence. Another kind of information that can be useful is records of people who have access to the information and the actions carried out with the information (Pan Batten 2009). This helps in the integrity of information as a proof to the evidence and also to get back to the source in case something happens to the evidence already gathered. The chain of custody together with the review of the media allows the evidence to be used in proving the case. It is also used to prove that the evidence has not been tampered with. While examining the evidence, it is important to connect the evidence to an appropriate system by use of write protection device. This ensures that the original device cannot be accessed or altered (Kenneally Brown 2005).
Organizations should be in a position to assist legal enforcement experts in handling technology-related criminal activities. They should install devices that can collect digital evidence in their organizations. They should also acquire measures that can as much as possible help in reducing opportunities for perpetrators. There are crimes that individuals and organizations can help in avoiding (Pan Batten 2009). Data security should for example be addressed at the organizational level. Surveillance cameras and other evidence collection procedures can be so helpful in investigations. Digital evidence like any other information in a computer-based media is volatile. It is therefore important to take a forensic image of the storage media. This image should have the complete byte-by-byte copy of the data and the storage space. It will also have the current and deleted data which is available on the device (Kenneally Brown 2005).
Cryptographic hash functions give forensic investigators the capacity to validate the authenticity of the data retrieved from digital devices. The use of the cryptography hash function results in a hash value, that is, affixed-size bit string, often used to recognized files illustrating if the data has been modified or not. The two most common cryptographic hash functions are MD5, SHA and HAVAL. The alterations in data that can be hard to prove are for example changing a read message to mark unread. Most forensic experts employ MD5 hash in proving that one piece of information is matching another. It is also used to prove that data has not been tampered with since it was originally obtained. This area has not received adequate research and thus it should be carried out to find the real adaptability of the procedure to digital (Byers Shahmehri 2009).
A lot of expertise is needed in digital evidence. This is not only due to the vastness and complexity of the data involved, but also the complexity in technology required to retrieve and process the data. For this reason, forensic experts should be prepared to handle the information and prove its authenticity. They also need to be equipped with knowledge, not only in the handling existing tools but also any incoming technology. They need to acknowledge that technology is changing and prepare themselves for any new situation that they may encounter (Kenneally Brown 2005).
The legal experts handling digital evidence need to have data recovery software in order to retrieve any information that might have been deleted or tampered with. Data that has been deleted can be recovered by investigation experts using readily available tools. They are able to do so by acquiring and analyzing the full contents of the memory. Deleted data can have very important information in an investigation. Some devices are capable of storing location-based information. Investigators can retrieve this information to determine the geographical location of the device at a particular time. There are cases where the clock on a device is incorrect this is solved by timestamps on the device that might be correct as they are generated by system on the core network (Casey 2009).
Conclusion
Due to the increase in technology, the use of digital evidence has also increased. There are also very many issues and challenges surrounding this area. A lot or research should be carried out to find out new opportunities that can be applied in this legal field to improve efficiency and effectiveness. With changes in technology, governments around the world should ensure that they have improved their legal systems to take into account these changes. There are some countries also where the legal system has not been changed to adapt to the technological developments. Such countries still use the guidelines that are used with the conventional evidence. There should also be invention of technology-based systems that will make it possible for digital evidence to be used in the courts.
Digital forensics involves acquiring, preserving, examining, analyzing, and presentation of computer-based evidence. The role of computers in investigations has been expended beyond conventional computer-based investigations. This has been made possible by interconnected computing, wireless communications and portable devices. Currently almost every crime is concerned with some sort of digital evidence. The book describes original studies and applications in digital forensics.
Categories:
0 comments:
Post a Comment