Cyber Security: Digital Evidence and Culpability

By  |  0 Comments

What exactly is digital evidence? Generally speaking, any digital data that helps the investigation of a case is digital evidence. Digital evidence, according to US Federal Bureau of Investigation, is the data or information of probative value stored transmitted in digital form. Technically experts define digital evidence as a ‘bitstring’ (a string of binary data which is stored in the digital equipment) that can serve as evidence in a certain context.


The digital evidence (of use and abuse of any digital equipment), lies in the memory of the digital equipment or of the connected computer server. As the use (and misuse) of digital equipment is rampant, any digital equipment (including the connected computer server) generally can be treasuries or coffers of digital evidence. Right from an internet computer server down to a rape suspect’s mobile phone, any digital equipment can be rich in digital in many forms for a wide range of crimes.

Digital evidence (that lies in the memory of digital equipment) can either be in the form of digital recordings; or digital evidence strings. While databases, digital images, video clippings and audio files (each of which is a projection of physical reality) are examples of digital recordings, a digital signature is an example of a digital evidence string. While digital recordings are normally evaluated and interpreted by human beings after converting them back to some kind of physical form (for example, a digital image in JPEG format into an image on a computer screen), digital evidence strings are verified by evaluating a well-defined and unambiguous mathematical function (for example, the automatic signature verification procedure relative to some public key). Digital evidence strings may perhaps appear to be more useful than digital recordings because they can be checked automatically and are, therefore, unambiguous. However, digital recordings, although are easy or only moderately difficult to forge, is human-interpretable as a physical reality and can, hence, be subjected to a subjective forensic analysis by a cyber-forensic expert in order to unearth digital evidence from them. For example, an allegedly forged digital image (say, in JPEG format) can be forensically analyzed to not only identify the camera used to take it but also to find out which part of it has been forged, when, and by using which software.

In whatever form it lies, any digital evidence is useful in litigation only if it is properly preserved till the completion of the court case. Preservation of digital evidence is not easy as digital evidence is highly volatile. Any sort of digital memory device, if exposed to excess sunlight, water, or heat, can be easily damaged leading to destruction of the digital evidence stored in it. Moreover, digital evidence can be easily compromised by poor handling during transmitting, archiving, searching, and accessing of digital data. Poor handling of memory devices can cause not only superficial physical damage but also damage to the inner storage units causing the data contained therein become inaccessible to the investigation agencies. So, investigators take utmost care in preserving digital evidence to counteract the inherently fragile nature of digital devices causing a shadow of doubt on the integrity and fidelity of digital evidence stored in such digital devices.

Scientific collection of digital evidence is a technical task and investigators and the judiciary often seek the help of cyber forensic investigators to perform this task. From these forensic investigators, the legal domain as well as the judiciary solicits only digital forensic evidence that is

  1. Relevant
  2. Derived by the scientific method
  3. Supported by appropriate validation.

The court has suggested several factors to be considered to determine whether digital evidence possesses the requisite scientific validity. These are:

  1. Whether the theories and techniques employed by the scientific expert have been tested
  2. Whether they have been subjected to peer review and publication
  3. Whether the techniques employed by the expert have a known error rate
  4. Whether they are subject to standards governing their application and
  5. Whether the theories and techniques employed by the expert enjoy widespread acceptance.

The International High Tech Crime Conference in 1999 adopted a few guidelines to achieve and preserve judicial admissibility of digital evidence and they are:

  • Upon seizing digital evidence, no action should change that evidence
  • When it is necessary for a person to access original digital evidence, that person must be forensically competent
  • All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review
  • An individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in possession
  • Any agency that is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles.


Cyber forensic investigators perform the task of collecting the digital evidence by taking utmost care in order to avoid the risk of having the digital evidence they obtain being ruled inadmissible.

To sum up, digital evidence is something that is automatically created during use or abuse of digital equipment and thus, has a vital role in crime investigation. Digital evidence often helps investigation agency to unequivocally establish but also various other traditional crimes in which digital equipment are involved. The digital evidence maybe unreliable unless it is connected scientifically and based on observed provable/disprovable empirical data. Cyber forensic investigators unearth and preserve digital data using scientific methods and thus help legal professionals in establishing crimes. Finally, the digital evidence has already been legally recognized and is being extensively used by the investigation agencies and judiciary to book and punish criminals.