Digital Evidence Part 1
Digital evidence is any information or data which is stored or transmitted electronically and can be used as evidence in legal proceedings. It includes various types of electronic records, documents, or artifacts that can be collected, preserved, and presented in court to support or refute a claim or allegation. Digital evidence can come from a wide range of sources, such as computers, smartphones, tablets, network servers, social media platforms, cloud storage services, surveillance cameras, GPS devices, and other digital devices or systems. It can include emails, text messages, digital photos and videos, computer files, internet browsing history, social media posts, and more.
By its nature it is very volatile, meaning that it can be easily destroyed, damaged, or modified if handled improperly. Sometimes, usually, it is time sensitive. Meaning that what is there today may not be there tomorrow. This is especially true with deleted files. The difference between digital and analog information is how the information is recorded. For example, VHS tapes, audio cassettes, and camera film are all media that store information in an analog format. You can convert analog to digital of course. If you scan a picture (paper photo) to a digital image then it becomes a digital file. Keep in mind that the creation date of this image will be the date that you scanned it, not the original date the photo was taken. Therefore, when examining any digital file, we must keep this in mind. Is this file an “original” or a conversion.
How is digital information recorded? It is recorded electromagnetically using bits. A bit can be a 1 or a 0 and it is the smallest storage unit possible on a computer. What is a bit you say? In the graph below you see that one byte is composed of 8 bits.
You don’t need to know or remember this but it helps to understand something we see almost every day. When you buy a 32 GB thumb drive and plug it into your computer, it will say that there are 29 GB available. Why the difference? It’s because computers calculate using the “base 8” system and not the “base 10” system that humans use. So a kilobyte is actually 1,024 bytes and NOT 1,000 bytes. People are comfortable with counting in base 10 and even numbers so when manufacturers sell their devices, they round it off. In other words, you are buying a 29 GB thumb drive that the marketing people decided would sell better if it said 32 GB!
The importance of digital evidence has increased significantly with the rise of digital technology and the widespread use of electronic devices in various aspects of life. It can provide crucial information in cases involving cybercrime, intellectual property theft, fraud, hacking, online harassment, and other digital-related offences. Collecting digital evidence requires specialized techniques and tools to ensure its integrity and authenticity. Forensic experts use methods such as data imaging, data recovery, metadata analysis, and encryption decoding to extract and analyze digital evidence without altering or damaging it. This evidence is then carefully documented, preserved, and presented in a court of law, following legal procedures and chain of custody protocols to ensure its admissibility and reliability.
In the diagram below we see that a mobile device now has the capabilities of many separate devices from 30 years ago. That yellow one is a Sony Walkman which was water-proof. I had one of those and they were pretty cool at the time, LOL! Mobile devices in Canada are defined as computers under the law. They contain an incredible amount of digital information which could be evidence for your case. Computers, of course, also contain a vast amount of possible digital evidence.
Next we will discuss the size of computer data and how it can affect your case in court.
If you have any questions or want to book a free consultation, contact me on LinkedIn. It is the best place to reach me.