EVOLUTION OF DIGITAL EVIDENCE
Digital devices are used to commit cyber crime but with the mushroom growth of science of digital evidence forensics the posse can now use these devices in order to combat cyber crime.
Digital evidence or electronic evidence is “any probative information stored or transmitted in digital form that a party to a court case may use at trial” . Section 79A of IT (Amendment) Act, 2008 defines electronic form evidence as
“Any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital audio, digital video, cell phones, digital fax machines”.
In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence into their infrastructure.
HOW DID DIGITAL EVIDENCES EVOLVE?
Initially, computer-generated records such as log files were considered hearsay, therefore, inadmissible in court. Case law and updates to the Federal Rules of Evidence have changed that. Rule 803 provides for the admissibility of a record or report that was “made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the regular practice of that business activity to make the memorandum, report, record or data compilation.” This changed the game regarding the critical role that digital evidence can play in investigations and convictions. It essentially means that activity logs recorded as a part of standard business operations are now admissible. This bolstered the need for employers to have forensic investigation software to monitor user activity, collect activity logs, and securely manage them in case there is ever a need to leverage the data in a legal capacity.
Consequently, the role of digital forensics in fighting crime is becoming ever more important and it is critical for law firms and courts to develop a well-thought-out strategy for such investigations. In Penderhill, the Supreme Court clarified that the courts must be appropriately responsive to the technical changes that are taking place.
Digital forensics follows a similar process to crime scene forensics when collecting evidence for a potential trial. The digital forensics process involves collecting, analysing and reporting on digital data in a way that is legally admissible. Digital evidence can also be used to prove whether a person has been involved in crimes that are unrelated to technology, such as murder or larceny.
The main repositories of digital evidence are computers, storage devices, telephones, networks, cloud servers and emails. However, as the Internet of Things develops, many other devices will provide digital evidence.
Here, are important landmarks from the history of Digital Forensics:
Hans Gross (1847 -1915): First use of scientific study to head criminal investigations
FBI (1932): Set up a lab to offer forensics services to all field agents and other law authorities across the USA.
In 1978 the first computer crime was recognized in the Florida Computer Crime Act.
Francis Galton (1982 – 1911): Conducted first recorded study of fingerprints
In 1992, the term Computer Forensics was used in academic literature.
1995 International Organization on Computer Evidence (IOCE) was formed.
In 2000, the First FBI Regional Computer Forensic Laboratory established.
In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first book about digital forensic called “Best practices for Computer Forensics”.
In 2010, Simson Garfinkel identified issues facing digital investigations.
Process of Digital forensics
Digital forensics entails the following steps:
It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format).Electronic storage media can be personal computers, Mobile phones, PDAs, etc.
In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.
In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory.
In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping.
- In this last step, the process of summarization and explanation of conclusions is done.
Digital forensics methods and investigation software are critical elements of cybersecurity programs. Most incidents, whether they are designated as breaches or not, require some level of investigation. In many cases, these investigations may warrant the need to present valid evidence in court. Doing so requires that entities can securely collect, preserve, analyze, and report on findings. Through outsourced or in-house cybersecurity expertise and critical technical capabilities such as insider threat detection technology, businesses can proactively prepare to take on seemingly unavoidable investigations.
 The Evolution of Digital Forensics
By Dr. Christine Izuakor – March 03, 2020
 Penderhill Holding Limited ao v Ioannis Kloukinas, Civil Appeals 319/11 and 320/11, 13 January 2014.