Court testimony is crucial to any case in respect to the evidence gathered and analyzed. As one testifies under oath while speaking to the court; miss-referencing specific details has the possibility of negatively affecting a case. If such event took place, testimonial evidence is important but the technical evidence incorporated by a Chain of Custody will out-weight a testimonial error. Evidence acquired according to a search warrant will mandate digital forensics professionals to follow the Chain of Custody from that point forward. The Chain of Custody is a crucial part of the evidence-handling procedure that can make or break any case.
According to Ryder (2017), the rules of evidence are the rules investigators must follow when handling and examining evidence and to ensure the evidence they collect will be accepted by a court of law. NIST SP 800-86 (2006, p. ES-2) states the following;
Forensic science is generally defined as the application of science to the law. Digital forensics, also known as computer and network forensics, has many definitions. Generally, it is considered the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. Data refers to distinct pieces of digital information that have been formatted in a specific way. Organizations have an ever-increasing amount of data from many sources.
Freeman (2008) states;
The outcome of any litigation is based primarily on questions of fact. Evidence is the material from which inferences are drawn to prove the truth or falsity of a disputed fact. As defined in the California Evidence Code § 140, evidence “testimony, writings, material objects, or other things presented to the senses that are offered to prove the existence or nonexistence of a fact.”
Speaking to people in nontechnical terms is important when such explanation requires a comprehensive response. A courtroom filled with a diverse audience and with people of all backgrounds must understand the material presented by any means necessary. It’s hard to know how people learn or understand certain things. According to Ferriman (2013), there are 7 learning abilities; visual, physical, aural, verbal, logical, social and solitary. For the sake of court testimony, the court must understand either in verbal or visual formats.
If a forensics examiner were to mistakenly misrepresent technical information while under oath, the opposing attorney can follow up and question the forensics integrity, leading up to asking for evidence to become admissible. If such testimony occurred, the written report can be looked at and tested on its procedural processes with handling eDiscovery. The Chain of Custody will prove documentation, procedures and authenticity of digital media. Replicating a digital forensics analysis with a step by step process will prove that technical integrity was maintained while also proving that the only incident was human verbal error. Furthermore, documentation will prove the ability to replicate steps discussed in court and proving why such evidence should remain admissible.
References
Ferriman, J. (2013, May 17). 7 Major Learning Styles – Which One are You? Retrieved March 02, 2017, from https://www.learndash.com/7-major-learning-styles-which-one-is-you/
Freeman, E. (2010). Computer Printouts as Legal Evidence. Journal Of Digital Forensic Practice, 3(2-4), 98-105. doi:10.1080/15567281.2010.536730
Guide to Integrating Forensic Techniques into Incident Response . (2006). Retrieved March 2, 2017, from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf
Ryder, K. (2002). Computer Forensics – We’ve Had an Incident, Who Do We Get to Investigate? Retrieved March 2, 2017, from https://www.sans.org/reading-room/whitepapers/incident/computer-forensics-weve-incident-investigate-652
