A computer forensic investigator must not only be well-equipped with technical knowledge of computing and information technology, but also have good understanding of computer forensic law. This is primarily important to ensure that the evidence collected following an incident will be admissible in court and have enough weightage to support the prosecution of the criminals.
There are several legal principles related to computer-based evidence or digital evidence:
- Chain of custody
- Admissibility of evidence
- Evidential value of evidence
- Manner of extracting evidence
- Privacy issues.
Chain of custody
Chain of custody is about maintaining a complete account of the sequence of events that took place following the reporting of the computer incident. This includes how evidence was collected, analyzed and preserved for presentment in court. This chain of custody must be unbroken for the evidence to be trustworthy.
Admissibility and Evidential Value of Evidence
To support their case, lawyers need to not only bring evidence to court, but also ensure its value. High value or weightage of the evidence will strengthen a case, whereas low weightage weakens.
Manner of Extracting Evidence and Privacy
The way the evidence is collected must comply with local laws. Evidence collected under duress, or by breaching other laws such as privacy laws can be challenged on legal ground.
Reference : E-Security Law & Strategy
