To go to court reprehensible acts, crimes and abuses committed by using digital environment is necessary to administer the court undeniable evidence of these facts.
An important role in preventing and combating digital crime is gathering electronic evidence. Digital evidence has been defined as any data that can establish that a crime has been committed or can provide a link between a crime and its victim (Casey, 2000). Digital evidences, like normal (traditional) evidences, must pass the test of admissibility and weight. Admissibility Is a set of legal rules applied by Judges In order to allow the use of evidence In a court f law.Weight Is the validity and importance of the evidence. Therefore evidence must be: admissible, authentic, complete, reliable and believable (Casey, 2011). Following these rules Is essential to guaranteeing successful evidence collection.
Digital forensic investigators are commonly employed to deal with such cases and they make use of principles and procedures currently employed for gathering evidence from computer, network, internet and mobile devices that are found in CAPO Good Practice Guide for digital evidence updated in March 2012. Therefore there are four principles that the first responder to the crime must follow.Principle 1: “No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court”. Principle 2: “In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the Implications of their actions”. Principle 3: “An audit trail or other record of all processes applied to dealt evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result”.Principle 4: “The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to” (CAPO, 2012).
Digital evidence is often highly volatile and easily compromised by poor handling. The investigators must be able to identify all digital devices that are capable of storing potential evidence. After identifying the media the investigator must create a “forensically (bit for bit) copy of that media, without changing the content. It Is crucial for the examiner to not violate the applicable laws during the process of recovering data.They must be up to date and demonstrate knowledge of warrants, consent, relationship to decisions of what to acquire. Any law violated by an examiner could lead to the exclusion of the evidence by a Judge, which can result a dead end for that Investigation Noon . J, 2008).
According to Casey (2011) there are a few questions that an investigator should ask when searching and seizing situation? Or have those requirements been met? How long investigators remain at the scene? And what the investigator need to reenter? In this days in almost every crime, digital evidence is now present or potentially present.Every case is different, but there are a general set of rules that should be followed when collecting digital evidence in a criminal case. Photograph the monitor screen, important to capture the data displayed at the time of seizure, and also photographs with the system (back and front) and every cable attached, before it is being moved. Take steps to preserve volatile data, producing images of the disks to work with, preserving the original. After a copy is made, is checking the integrity of the image to confirm that is an exact duplicate. The system should be shut down properly and safely.