Computer Forensics Digital Evidence Research Paper

Excerpt from Research Paper :

Forensics and Digital Evidence

Forensics is a discipline which uses standardized techniques to pull apart an event, analyze what happened, and find a more accurate conclusion to the data analysis than just witness testimony. For centuries, lacking even rudimentary techniques like fingerprinting or blood type analysis, the legal system relied on confessions and witness testimony. We may turn to Ancient Greece for one of the first recorded examples of a type of forensic inquiry. In the anecdote of Archimedes, the scholar was asked by the King to determine if a crown made for him was pure gold or contained silver. It seems the King had supplied pure gold, but suspected the goldsmith of being dishonest. Archimedes had noticed that while bathing the level of the water in the tub rose. He surmised that different objects displace different levels of water. Using a mathematical calculation he determined during his famous "Eureka" moment that silver had actually been mixed in and the goldsmith punished (Archimedes' Principle, 2004).

As science improved, so did the use of forensic evidence within the Court system. Science, in fact, attempts to find answers and thus, over time, techniques evolve and are tested. These new techniques may be controversial at the time, but once they are subjected to scientific inquiry and go through the process of peer reviewed journals and testing, they become validated. Fingerprinting, for instance, was at one time considered unusable and inaccurate, and then became the standard technique for crime scene analysis. Similarly, DNA evidence required higher levels of accuracy and reliability and is now a global tool in fighting crime. Each succeeding general will use the technology that is standard and available to find the best answers within the legal system, particularly those that use a scientific approach to collection, experimentation and dissemination of evidence (Quinche and Margot, 2010).

Particularly when new techniques are involved, it is vital that the standard scientific method, an agreed upon approach of testing, data collection, replication and dissemination of results, be used. When techniques change, like introducing DNA or Digital evidence, forensic science must have a way to compare issues, findings from the scene of the crime, laboratory testing, and robust analysis of the materials to prove to the Courts that detection methods were done in such a way that there is evidence "beyond the shadow of a reasonable doubt" to present to the Court. The basic paradigms of "What happened?" "Why did it happen?" "How did it and how?" are thus appropriate for the methodology and the types of questions a forensic specialist addresses when searching for the truth. This is important to forensics as we introduce digital evidence in crime scene management, methodology, and reporting information to the Court. Overall, this consists of: 1) Formulation of a hypothesis or using a hypothesis to explain an event or phenomena; 2) Use of the hypothesis to predict the existence of other phenomena, or to predict quantitatively the results of new observations; 3) Performance of experimental tests of the predictions by several independent experimenters; 4) Test the evidence in peer review and prove its worth (technique or result) to the Court (Young, 2010)

Digital Evidence

As technologies have changed, so has the type of evidence that is used within a forensics model. In general, digital or electronic evidence is any evidence that is probative stored or transmitted in electronic or digital form. This is, however, more complicated that simply replacing paper evidence with digital evidence, since the digital evidence is usually something filmed, photographed, or attained that may be challenged in a Court of Law. Therefore, before accepting digital evidence, individual Courts tend to determine if it is authentic and relevant, how the evidence was collected, if it is hearsay and whether copies of certain evidence are adequate or if the original is required (Frieden & Murray, 2011).

Because of the manner in which society has changed and become far more electgronic, the use of digital evidence has also increased drastically. Simply out of convenience in storage, professionality in tone, and accurate, Court have allowed more of the use of emails, digital photography, ATM transaction logs, word processing documents, texts or instant message histories, computer memory (backups, printouts, etc.), GPS data and logs, logs from door locks, and digital/video files (Casey, 2010).

Different legal systems have established different rules for digital evidnece. In the United States, Courts have applied the Federal Rules of Evidence to electronic evidnece similarly as they have to tradictional documentation. New technologies and more secure ways of storage mean that digital evidence tends to be more difficult to modify or destroy if kept in secure locations, yet it is more readily available, can be more expensive, and, with the right tools, more easily duplicated or modified. Because of this, Courts often take extra steps to authenticate the evidence, as well as prove best evidence and privledge. In 2006, for instance, digital evidence was attacked with the notion that it could be modified easily, however Courts are leaning towards rejecting the tampering argument due to techniques that log file changes, keep certain data secure, and even firewalls that protect documents from even being modified (Ryan & Shpantzer, 2009).

Digital evidence is not a single entity that has a singular rule. For instance, photography has gone digital, and thus crime scene photos of shoe prints, tire treads, the condition of bodies, etc. are typically accepted without the need for authentication, as long as they have a clear chain of evidence. However, in most areas, a warrant is needed to seize and analyze digital evidence from a crime scene or a suspect's home or office. Then, a second "property" warrant is often needed; and in the same manner a warrant for electronic bank records, phone records, the contents of phone or device memory, etc. Indeed, as society moved even further into the digital world, it becomes even more necessary to follow procedure within legal traditions that set rules and standards for technology as a law enforcement tool, as well as part of contemporary evidence (Ami-Narh & Williams, 2008).


Digital evidence, however, almost always requires additional steps to turn the material into evidence (printing out the material, posting on a computer, etc.). Some argue that this change of format does not qualify for evidentiary procedures, but the Federal Rules of Evidence now state that, "if data are stores in a computer . . . An printout or other output readable by sight…. Is an 'original'" (U.S. Government, 2012). Similarly, there are issues surrounding the storage and maintenance of chain of custody issues with digital materials. In this case, there are now international protocols that require a certain series of procedures and techniques to ensure the integrity of the data. Storage must be in a locked area, sometimes with more than one lock, must have levels of security available, must have a means of recording access, and must have a way to legally preserve and protect the evidence for trial. This may include, in some cases, transferring the data from one device to another (e.g. downloading emails or text lists from one device to a USB device for analysis and printing into hardcopy, etc.) (ACPO, 2012).

Finally, as technology influences society, it also affects the criminal element within society. Therefore, it is vital that law enforcement also change techniques in the ability to fight crime. Thus, law enforcement agencies must use electronic forensics within their infrastructure, to train officers to collect and maintain digital evidence, and to ensure that the appropriate tools are available to investigate, analyze, store, and report digitally-based evidence (National Institute of Justice, 2010).


ACPO. (2012, March). Good Practice Guide for Digital Evidence. Retrieved from

Ami-Narh, J., & Williams, P. (2008, May). Digital forensics and the legal system: A dilemma of our times.…

Cite This Research Paper:

"Computer Forensics Digital Evidence" (2014, February 14) Retrieved February 18, 2018, from

"Computer Forensics Digital Evidence" 14 February 2014. Web.18 February. 2018. <>

"Computer Forensics Digital Evidence", 14 February 2014, Accessed.18 February. 2018,