chapter 1 computer forensics and investigations as a profession
chapter 1 computer forensics and investigations as a profession
chapter 1 computer forensics and investigations as a profession
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
“Evidence”<br />
An item does not become officially a piece of<br />
evidence until a court admits it <strong>as</strong> such<br />
Opposing counsel can (<strong>and</strong> will) challenge this<br />
admission<br />
Incidentally, attorneys do argue with me about which<br />
comes first – the evidence or its admission<br />
Typically where we use the word “evidence,”<br />
we’re using it <strong>as</strong> a shortcut for “item of potential<br />
evidentiary value”<br />
Much of <strong>forensics</strong> practice concerns how to<br />
collect, preserve <strong>and</strong> analyze these items<br />
without compromising their potential to be<br />
admitted <strong>as</strong> evidence in a court of law<br />
Chapter 01 9<br />
Chapter 1<br />
So what is “digital evidence”?<br />
ISO 27037 – “information or data, stored or<br />
transmitted in binary form that may be relied<br />
on <strong>as</strong> evidence”<br />
Eoghan C<strong>as</strong>ey – “any data stored or<br />
transmitted using a <strong>computer</strong> that support or<br />
refute a theory of the offense such <strong>as</strong> intent<br />
or alibi” (Dig. Evid. & Comp. Crime, p. 7)<br />
Brian Carrier – “digital data that support or<br />
refute a hypothesis about digital events or<br />
the state of digital data” (CERIAS TR 2006-6)<br />
Chapter 1 18<br />
17