The Digital Evidence in the Information Era
Date: March 10, 2004Source: Computer Crime Research Center
By:
27. Information could be found printed out on copies, this is very valuable as they display an earlier version of data that has since been altered or deleted, and this negates the suspects’ defense. Also they may lead the investigators to a particular printer which in turn may be seizable.In some conditions, investigators, and law enforcement officers may find notes in manuals, on the equipment, near by the computer. These also are considered evidence accepted by the courts. They may lead to beak a password finding a directory, operate software...etc
28. But since a broad search of computers used by confidential fiduciaries (e.g., attorneys or physicians) is likely to uncover personal information about individuals who are unconnected with the investigation, it is important to instruct any assisting forensic computer experts not to examine files about uninvolved third parties any more than absolutely necessary to locate and seize the information described in the warrant. Federal law recognizes some, but not all, of the common law testimonial privileges. Fed. R. Evid. 501. Indeed, Congress has recognized a "special concern for privacy interests in cases in which a search or seizure for documents would intrude upon a known confidential relationship such as that which may exist between clergyman and parishioner; lawyer and client; or doctor and patient." 42 U.S.C. § 2000aa-11(1) (3). At Congress's direction, see 42 U.S.C. § 2000aa-11(a), the Attorney General has issued guidelines for federal officers who want to obtain documentary materials from disinterested third parties. 42 U.S.C. § 2000aa-11. Under these rules, they should not use a search warrant to obtain documentary materials believed to be in the private possession of a disinterested third party physician, lawyer, or clergyman where the material sought or likely to be reviewed during the execution of the warrant contains confidential information on patients, clients, or parishioners. 28 C.F.R. § 59.4(b).
29. Also, the Congress has expressed a special concern for publishers and journalists in the Privacy Protection Act, 42 U.S.C. 2000aa. Generally speaking, agents may not search for or seize any "work product materials" (defined by statute) from someone "reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication." 42 U.S.C. § 2000aa (a). In addition, as an even broader proposition, government officers cannot search for or seize "documentary materials" (also defined) from someone who possesses them in connection with a purpose to similarly publish. 42 U.S.C. § 2000aa (b). These protections do not apply to contraband, fruits of a crime, or things otherwise criminally possessed. 42 U.S.C. § 2000aa-7.
United States Patriot Act and the Digital Evidence
30. On October 26, 2001, President Bush signed the USA Patriot Act (USAPA) into law. With this law we have given sweeping new powers to both domestic law enforcement and international intelligence agencies and have eliminated the checks and balances that previously gave courts the opportunity to ensure that these powers were not abused. Most of these checks and balances were put into place after previous misuse of surveillance powers by these agencies, including the revelation in 1974 that the FBI and foreign intelligence agencies had spied on over 10,000 U.S. citizens, including Martin Luther King.
31. The passage of this act resulted in many changes concerning information systems and digital evidence:
- The explanation of search warrant concerning e-mail communications, the warrant can apply even to records that are not in the district of the issuing court.
- The authority of federal courts is expanded, to allow issuance of pen register ‘trap and trace devices’ anywhere in the United States.
- Nowadays, records could be subpoenaed and obtained by search warrant from Internet services provided by cable companies, without even notifying the customer that the government wants to examine his records.
- Investigators can obtain a voicemail evidence, to seize and listen to unopened voicemail messages stored with a third party provider, under a search warrant, rather than following previously difficult steps and process under a wiretap order.
- Penalties and sentences have been increased for offences involving damages and hacking computers. The scope of the law is now applied to computers that are even located in other countries, if US interstate or foreign commerce is affected.
- Investigators nowadays could subpoena certain records such as credit card numbers, and other payment information, addresses, and their session times and connection duration of customers from ISPs.
- Investigators are allowed to intercept voice wire communications as evidence in cases.
References
[1] D.TITTEL: Scene of the Cybercrime, Syngress (2002)
[2] The Role of Evidence in a Trial: http://www.slider.com/
[3] Computer Forensics Defined : http://www.forensics-intl.com/
[4] DOJ Computer Crime and Intellectual Property Section : http://www.cybercrime.gov
[5] International Journal of Digital Evidence : http://www.ijde.org/
[6] Federal Rules of Evidence : http://www.law.cornell.edu/
[7] The International Association of Computer Investigation : http://www.cops.org/
[8] High Technology Crime Investigation Association : http://htcia.org
[9] University of Dayton : cybercrimes http://www.cybercrimes.net/
[10] Computer Forensics : http://www.computerforensics.com
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2005-11-30 23:14:28 - i think you should have cases in which... anonamous |
| Total 1 comments |
