Computer Forensics and Admissible Evidence
Evidence in court can come in many forms, from expert testimony to biological evidence to computer forensic evidence. Most evidence, such as a finger print or DNA sample, is almost impossible to dispute under normal circumstances. Evidence gained from the search of a computer or other computer-based peripheral can be a little more difficult to prove its worth in a court of law, especially when the value of evidence is based on its ability to be solid, not circumstantial.
Computer evidence, whether a file from a home PC or a list of websites viewed by a person on trial, can easily be tampered with during the process of investigation. Computers today are more complex than ever, and even the act of turning on a computer can change the data within, limiting the validity of any evidence extracted by a computer forensics specialist. It is this ability to easily “corrupt” or manipulate the evidence on a computer that can be concerning to law enforcement and police agencies that rely on the computer activity of a suspected criminal. Not only can this data-driven information be easily altered, even by the investigator with the best intentions, but because of the various steps taken in courts to dismiss evidence as inadmissible, there are also processes used to obtain the information needed to secure computer evidence.
One of the most important aspects of introducing computer forensic evidence in a court or trial is the chain of custody. By assuring the court that the computer or peripheral such as an external hard drive, flash drive or other electronic media device has not been tampered with, the computer forensic professional must keep a detailed log of how the device or devices were obtained and who may have had access to the files in question during the trial.
Another important factor in admissible computer forensic evidence is the ability to prove that a file or files exist on the original computer without changing any of the data on the computer. With the complexities of the computer environment, file data can easily change even during the process of a forensic investigation, and therefore be inadmissible in court. A knowledgeable computer forensics professional not only understands the delicate nature of retrieving this information, but also places a great deal of care in the extraction of computer data that is needed to help a prosecutor build an airtight case against a criminal.
As technology and computers advance ahead at an astounding rate, the ability of a computer forensics professional to keep up with those changes can be the hallmark of an efficient and effective law enforcement agency. By adhering to the rules of the chain of custody and the strict guidelines that apply to computer data extraction, a computer forensics professional can be an invaluable asset to any criminal investigation team.