As previously mentioned in another blogpost, we live in a world where everything is becoming virtual and where digital evidence is happening to be more and more present and intricate. The rapid growth of digitalization has led to more crime and disputes involving computer environments and to a need for specialists trained in the field of cyber forensics.
Forged files and emails, SMS, social media, geolocation, transactions history and metadata are some examples of what is now involved in many judicial proceedings. In addition, new technologies such as drones and the Internet of things are expected to be omnipresent in the near future and in this context, we can already foresee the forensic challenges arising from the use of those technologies.
But how exactly do we get the information we need and, more importantly, how do we handle the crucial electronic evidence and e-discovery process? On one hand, professionals will have to be very vigilant to make sure that their pieces of evidence aren’t compromised by a mishandling. Laws are quite clear to this matter: an electronic document needs to maintain its integrity in order to keep the same probative value as a written document. To ensure this, specific techniques are used by certified forensic examiners and a clearly defined methodology is followed. For instance, here are some requirements of most of digital investigations:
- Physical and Logical security controls implementation
- Pre-observation meeting
- Duplication and data collection
- Evidence Acquisition
- Evidence Examination
- Documenting and Reporting
- Testimony, when required
Besides scientific methods, every case should have a strategic approach that takes into account governance, legal and proper considerations of the entity. Each investigation is unique and should be evaluated in a global manner – it all depends on the circumstances.
To conclude this brief overview, it is important not to forget that organisations should develop effective incident management policies and e-discovery procedures to ensure the preservation of digital evidence, compliance with the applicable laws and internal consistency. Because of the lack of control in the management of the new technologies, preventive measures will be the key to keep secure every relevant artefact likely to have an impact on our sensitive information, civil rights, security and privacy.