Digital Evidence

Robin C. Stuart, Digital Investigations Consultant

Definition

What Is Digital Evidence?

How Is Digital Evidence Used?

Admissibility

United States Standards

International Standards

Preservation of Evidence

Chain of Custody

Volatile versus Nonvolatile Evidence

Evidence Handling Guidelines

Presentation

Validation

Authentication

Nonrepudiation

Retention/Destruction

Retention Guidelines

Destruction of Evidence

Conclusion

Glossary

Cross References

References

DEFINITION

We know that evidence is an offer or support of proof: the latent fingerprint, the bloodstains on the carpet, the smoking gun. How does digital evidence fit into this landscape? And what constitutes “digital evidence”?

What Is Digital Evidence?

According to Merriam-Webster's Dictionary of Law, the word evidence means, “something that furnishes or tends to furnish proof.” In 1998, the Scientific Working Group on Digital Evidence defined the term digital evidence as “...any information of probative value that is either stored or transmitted in digital form.”

In plain English, and as tested and defined in various United States courts, digital evidence is an offer of proof generated, stored, or transmitted in electronic form. This proof could originate from sources such as a cell phone, a pager, a personal digital assistant (PDA), or a computer; basically, any device that can be used to transmit and store data in binary form. For example, text messages, e-mail, databases, or Web server logs.

How Is Digital ...