NCJ Number
204996
Journal
FBI Law Enforcement Bulletin Volume: 73 Issue: 3 Dated: March 2004 Pages: 28-32
Date Published
March 2004
Length
5 pages
Annotation
This article discusses the characteristics, storage, and preservation of computer forensic evidence.
Abstract
These days very few crimes are committed without the use of some type of computing device. While this puts a strain on computer forensic examiners, it enables the prosecution of criminals who might have otherwise gone undetected. However, computer-related evidence will only be considered in a court of law if it can be shown that the forensic examiner had a good understanding of the proper evidentiary foundations. After a review of the uniqueness of computer digital evidence, the author focuses on discussing the proper storage and preservation of computer-related forensic evidence. Digital evidence is especially vulnerable to alteration and thus must be stored and preserved properly. Computer forensic examiners must ensure that the preservation of digital data can withstand judicial review and thus, examiners usually use copies of the original data for their investigations; preserving the authenticity of the original digital evidence. The chain of custody and the duplication process are discussed in terms of establishing the authenticity of digital evidence. The Federal Rules of Evidence (FRE) guides digital evidence duplication and its authentication. A chain of custody record for digital evidence is required for admissibility in court. Quotations from the FRE are offered for the definition of original electronic documents; preserving the integrity of the evidence proves an important component in the judicial consideration of such evidence. As the use of electronic devices becomes increasingly widespread, it is important that computer forensic examiners adhere to a set of standard operating procedures that ensures the authenticity and integrity of computer-related evidence. 22 Endnotes