Sometimes even the best evidence can fail in court.
This story is not about digital forensics per se, it is more about the overall process when it comes to working with evidence—including the legal routine that is typically involved. It does not matter whether you performed all the best practices of hard drive or mobile device analysis, if you (or someone who seized the device) failed to perform this step in accordance with local regulations, you run into the potential of the evidence being inadmissible in court.
As an example, there was once a story where police searched the car of a person who they suspected was illegally growing marijuana and they were able to tap the last known GPS location of the suspect. They then drove to that location and found a plantation. However, the court rejected this evidence even though the illegal drugs were found—just because the police did not obtain a proper warrant to use that GPS coordinate. This may sound off, because there was proof of wrongdoing by the suspect, but given that it was found in a non-lawful manner, the entire case was spoiled.
Another story like the one we just discussed that was in the press. In this story, a GPS tracking device was put into the suspect's car by police so that they would be able to track the suspect. Again, since there was no warrant for that, the evidence was invalidated. (The story had a continuation, though)
Photo by Wired
As it is applied to digital forensics, an investigator or an examiner must not only care about the methods he or she uses for device analysis, but also to ensure lawful seizure of evidence and its proper handling in the lab, including the maintaining of the chain of custody.
Do you have a story about a great piece of digital evidence, which still failed in the court? Share it with us! Your experience might help other DFIR experts avoid bloopers.
The Belkasoft team appreciates detailed feedback from DFIR and eDiscovery experts. Want to share your testimonials and case studies? Contact us at support@belkasoft.com.
About Belkasoft X
Belkasoft X is a world-renowned tool used by thousands of customers for conducting computer, mobile and cloud forensic investigations. In the previous years, Belkasoft X was pronounced top-3 DFIR commercial tool per Forensic 4:cast Awards, being nominated to the finals of this prestigious competition 3 times out of 4 latest years (2018, 2020, 2021).
Belkasoft X can automatically acquire, extract, and analyze evidence from a wide range of sources, including mobile phones, tablets, computers, cloud, memory files and dumps.
To try Belkasoft X, download the trial version of the product: