How Cyber Laws are Impacting Digital Forensics

A Beginner’s Guide to Digital Forensics – Infographic
March 30, 2015
The Changing Role of Digital Forensics in Investigations
May 18, 2015
Show all

How Cyber Laws are Impacting Digital Forensics

As you begin to delve further and further into digital forensics, you will necessarily want to become more familiar with the laws and best practices that govern the field. As with any other kind of investigation, it is vitally important that you follow these laws and best practices if any of the evidence that you gather is to hold any weight in a court of law. For this reason, we thought it would be useful to go over these things. By reviewing the material that follows, and investigating these things further, you should be able to ensure that all digital forensics investigations that you conduct are strictly above board.

The Guidelines Set Forth by the ACPO

The Association of Chief Police Officers (ACPO) provides an excellent resource for individuals and entities conducting digital forensics investigations called the “Good Practice Guide for Digital Evidence”. This guide was originally target to law enforcement officers conducting their investigatory work in the United Kingdom. However, the resource has proved to be so valuable that it’s been adopted across the globe.

acpo-guidelines-graphic

 

Although you can read the detailed guide for yourself, there are essentially four main components, which we will review here:

  • If your intent is to use evidence gathered through a digital forensic investigation in a court of law, then you should take no action that alters, changes, or erases the data that is held on the computer or mobile device upon which you’re conducting the forensic investigation.
  • If you’re going to be accessing original data held on a computer or mobile device, the person accessing that information must be fully competent in the evidence gathering procedures. Further, they must be able to give evidence that explains the relevance and implications of any actions that they take during the course of the investigation.
  • The investigation must produce an audit trail or another kind of record that documents all the process that were applied during the investigatory process. These records must be kept in such a state that it would be easy for a third party to examine the records, conduct the same processes and achieve the same results.
  • The person who is in charge of overseeing the investigation must take full responsibility for ensuring that all relevant laws are followed and that the above principles are adhered to.

As you can see, the guidelines set forth by the ACPO are fairly straightforward.

Digital Forensic Investigations in the United States

Of course, while it’s good to have a firm grasp on best practices, if you’re conducting digital forensic investigations in the United States, you will need to be familiar with the laws that govern such investigations. There are several that you should keep in mind as you conduct any kind of digital forensics investigation. These include:

  • The Constitution: The 4th and 5th amendments provide protection against “unreasonable search and seizure” and “self incrimination” respectively.
  • Statutory Law: Here, you will want to be fully conversant with the statutes laid out in The Wiretap Act, The Pen Registers and Trap and Trace Devices Statute, and The Stored Wired and Electronic Communications Act.
  • Federal Rules of Evidence: If you’re going to be presenting digital evidence as part of a court proceeding, you will want to be knowledgeable about the authentication and reliability of evidence, as well as hearsay and what constitutes “best evidence”.

Keeping Your Digital Forensics Investigations Above Board

Provided that you follow the best practices laid out by the ACPO and that you adhere to the laws of the United States, you should be able to conduct ironclad digital forensics investigations. Of course, whenever you’re in doubt about the legality of any action you might be taking, it’s always a good idea to consult with an attorney who’s knowledgeable about this area of the law.