Digital Forensics
Baddam
Chapter051.pptx
Chapter 5
The Admissibility of Evidence
1
The Four Keys to Admissibility
Is the evidence relevant?
Is the evidence authentic and credible?
Is the evidence competent?
Was the evidence legally obtained?
Is it Relevant?
The information provided must be material
It relates directly to the case
It must be probative
It will provide some sort of thread that leads to the truth of the matter
Is it Credible?
Cannot be an “opinion”
Except when delivered by an expert witness
And meets all admissibility standards
Credibility
Was evidence tampered with?
Were proper procedures followed?
Is it Competent?
Information that is unfairly prejudicial cannot be used even if relevant
Can not be admitted if prohibited by statutory restraint (privileged information)
Can not be hearsay
Was Evidence Obtained Legally?
The aforementioned privileged information will be disallowed
If obtained in violation of a person’s Constitutional rights
The Exclusionary Rule comes into play if obtained illegally
The Plain View Doctrine
It’s not a “search” if it can be seen by anyone
An object in plain sight enjoys no expectation of privacy
Three approaches to defining “plain view”
The inadvertence approach
The prophylactic test approach
The computers as containers approach
The Inadvertence Approach
Did the searcher come across the evidence by accident or because of a systematic search?
The use of specific tools against a file system infer a systematic search
The Prophylactic Test
A set of rules that define plain sight
Courts are undecided as to what rules apply
Ninth Circuit denied plain sight in US v. Comprehensive Drug Testing, stating that a separate warrant must be obtained for each set of files
Fourth Circuit stated that a computer search must by implication authorize the examination of every file
Computers as Containers
A closed container does not display its contents in plain view
Computers are viewed as a closed container unless the device is on and the information is displayed on the screen
The Consent Search Doctrine
Any time the executor of a search has been given permission to search, the evidence found is legal
Actual authority
Implied authority
Consent may be revoked at any time
The Scope of the Search
Warrant must define the scope of the search
Warrant must be specific to what is being sought (particularity)
Warrant must define where the search can take place (breadth)
Where can be the physical location
Or it can be a specific set of parameters for a disk search
Does the Constitution Always Apply?
The Constitution only defines limitations of the government
Civil litigation is not generally covered
Actions of private individuals is not controlled
Vigilantism
While the actions of a vigilante may be illegal or unethical…they are not unconstitutional
Unless they were directly recruited by a government agency
Or if they received a “wink-nod” from a government agency
