Why Electronic Evidence is Important and how to prove its Authenticity.
The internet of things, mobile phones, smartwatches, smart houses, our lives have become digital and intrinsically linked to the internet. With this revolution has come an explosion of data that can potentially be used for or against us, introducing electronic evidence.
Electronic evidence is so commonplace and so widespread that it has become a staple part of any investigation. If sourced and interrogated forensically, it can prove decisive at court. Because electronic evidence is now so heavily relied upon, the integrity, exactness, and reliability of the data must be maintained, and this is what has become the biggest challenge in court… Is this electronic evidence uncorrupted and admissible?
Electronic evidence is any probative data held or transmitted by an electronic device or system produced as evidence in court. For example, text messages can be reproduced as evidence of abuse in criminal cases of domestic violence or emails in cases of fraud, etc.
Any electronic data can be used as evidence so long as it proves something. The list is endless and can include the following;
GPS, CCTV, Email, Social Media Posts/Messages, Video, Photo, Audio, Text Messages, Computer Records, Internet Browser History, Computer Hard Drives, Electronic Door Access Logs, ATM records, Automatic Number Plate Recognition, Phone Records.
Collecting electronic evidence is a complex process and is usually left to forensic experts to complete to ensure that data isn’t lost or corrupted. There are however four main components to gathering digital evidence that we can explore below;
Before collecting evidence, information needs to be gathered along the lines of a traditional investigation to ascertain the best approach to gathering the evidence. Investigators will identify the victims, suspects, and witnesses in a case and ask questions to identify potential sources of evidence. The results of the primary investigation may lead to more complex investigative techniques being deployed, such as covert surveillance.
Once the physical location of a device containing digital evidence has been identified, it needs to be secured. Like a crime scene, measures need to be taken to protect the evidence. All other electronic devices in the vicinity need to be isolated. Users need to have their access to tamper with the evidence removed; this also means that the investigator must not request users' assistance to operate the electronic device to gain access. When seizing the device, many factors must be considered depending on the device itself, is it a standalone device, is it connected to a network and does it need to remain connected to a power source or protected from wireless signals?
Full documentation of the seizure process is required, including detailed information of the device such as make, model, serial number, connectivity, operational state, and location.
When transporting the seized device, careful consideration should be given to recording the movement and handling process to maintain the evidence’s integrity and continuity. Each item should be labeled and packaged before being recorded and stored in a secure, clean, and temperature-controlled environment.
The acquisition is extracting the electronic evidence from the device and will vary depending on the device being interrogated, i.e. removing data from a computer hard drive will require a different process to that of a mobile phone.
The key consideration to any acquisition is to ensure the data remains unaltered during the process and if this is not possible to reduce corruption to a minimum. The acquisition is best conducted in a forensics laboratory away from potential contaminants; however, in extreme situations, this may not be possible.
Similar to the standard forensic examination of evidence, it is best practice to obtain samples for testing rather than testing the item itself. Whereas a swab, photograph, or sample may be taken in traditional methods with electronic evidence a duplicate of the data may be created for examination, this duplicate copy needs to be certified as a mirror image of the primary source.
Once the above is complete the actual examination can take place and the data can be searched for evidence.
Throughout the identification, collection, and acquisition of electronic evidence, the integrity of the evidence must be preserved at all stages. A precise log of the transportation, handling, and examination of the evidence must be maintained including who, when, where, and why possession of the evidence was taken. Each person in this chain must provide evidence as to their involvement in the process, including first responders, investigators, crime scene technicians, and digital forensics experts. This method of preserving the evidence is called continuity of evidence. Any gaps in the continuity can lead to claims of corruption of evidence.
As I am sure you agree, the above is a complex process that is highly susceptible to error, which can lead to undesirable results in court.
Much of what a lawyer presents in court is just data; fingerprints, blood samples, DNA samples, witness statements, and electronic data adds to this. However, unlike these other examples of data, electronic information is stored automatically in vast quantities. Nobody is going around dusting for fingerprints, taking DNA samples, or writing down comprehensive journals just in case a crime happens. However, our electronic devices record everything we do, where we go, what we spend, what we say, and what we look like, and it’s because of this level of surveillance, our data has become so valuable. That this data is collected is, of course, no surprise. The knowledge that this wealth of personal information is collected and stored is commonplace. As a result, so are methods of corruption and circumnavigation. Ask yourself, if you need your electronic evidence to back you up can you be sure that it isn’t going to be manipulated, corrupted, or deleted before you use it as evidence?
We use electronic evidence every day, call records, bank statements, emails, spreadsheets, and internet search history; however, these simple records may become critical in certain instances.
If you fall victim to theft, fraud, counterfeiting, copyright infringement, or any other crimes, you may need your digital evidence to support your claims. Put simply, whenever you need irrefutable proof that you did something or something was done, digital evidence can be there to back you up.
Imagine a way to store your data, where it couldn’t be corrupted, where data limits didn’t exist and where the continuity was guaranteed and all that with portability and accessibility added on, enter blockchain, the technology behind cryptocurrencies.
Blockchain stores data in blocks identified by hash values or digital signatures, each block not only stores its own hash value but also that of the block before, thus ensuring that each block is linked in an unrelenting chain.
The proof is where blockchain wins. It is quite simply the best way to store and prove the authenticity of electronic evidence.
Blockchain data is unchangeable due to the network's decentralised, encrypted nature, making it perfect for proving ownership because nobody can alter it either intentionally or accidentally.
You own all the information you enter onto the blockchain, and this gives you total control of how and when it is used rather than nervously trusting a third party with your precious data.
Blockchains are transparent, and the public can ultimately view all transactions if they know where to look. This openness promotes honesty and integrity, which build trust in the user and ultimately all parties involved.
With LifeHash as your blockchain solution, you can create a personal, immutable digital record to control your data based on existing, tested infrastructure such as Bitcoin, IPFS and DigiByte.
The Evidential Chain is our solution for governments and law enforcement agencies. The platform utilises blockchain technology to provide a secure and transparent ecosystem, to accurately record, retain and manage every aspect of an investigation. We have designed it this way because we understand that integrity and continuity of tangible and intangible evidence is vital to the success of any civil or criminal investigation.
LifeHash enables you to capture relevant digital evidence and related data like time, date, location and use cryptography to secure it on resilient public blockchain networks. This ensures that evidence is entirely traceable, auditable and, of course, impossible to tamper with. LifeHash records data at the scene, as actions occur, in a completely secure and auditable way, providing an immutable record of all the information related to the evidence in question and eradicating genuine mistakes, recording errors and tampering.
Electronic evidence is admissible in court so long as it can establish a fact in question, it has not been corrupted, manipulated, or altered in any way, and that the forensic examination is reliable and valid.
All types of electronic data can be considered evidence if it can establish a fact in question.
Until now there has not been an affordable method to proving authenticity of electronic evidence. LifeHash solves this problem by binding your electronic data to your profile which is then immutably (forever) anchored into the blockchain. The LifeHash mobile application is free to download and use. Freemium users get a limited version of the application that provides the average user with enough functionality to secure your most important data!
Direct evidence is often considered the strongest type of evidence. An eyewitness statement of a robbery taking place would be considered direct evidence as it is considered proof that the crime took place.
