The evidence is the foundation of every criminal case, including those involving cybercrimes. The collection and preservation of digital evidence differs in many ways from the methods law enforcement officers are used to using for traditional types of evidence. Digital evidence is intangible, a magnetic or electronic representation of information. Its physical form does not readily reveal its nature. In addition, digital evidence is fragile. It is very easy for a criminal to deliberately delete crucial evidence in an instant or for an officer or technician to unintentionally damage or destroy it.
To ensure that digital evidence is admissible in court, it is best to adhere to accepted current standards and practices and use software that has been tried and tested. These standards should be made on site when the computer is seized, before the computer is shut down. At the same time, steps should be taken to record or preserve volatile data that will be lost when the computer’s power is turned off.
Collection of evidence involves not just technical know-how; it also requires knowledge of the laws pertaining to evidence. Violation of those laws can result in the evidence being thrown out of the court, regardless of its technical quality and regardless of how definitively it proves the guilt of the defendant.
Accordingly, the present paper seeks to address and analyse the following issues:
Firstly, the concept of the digital evidence, item that can be searched and procedures that shall be respected. Secondly, an analysis of the United States patriot act and how it affects the seizing of the digital evidence.
15 pages - 134Ko