Digital Evidence In Criminal Investigations

Digital evidence is a term you will see more and more as cases progress through the criminal justice system. The digital realm has intersected with a physical realm, so much so it is almost impossible to interact with one realm without leaving evidence in the other realm. So what does that mean for an investigator? Is physical evidence that much different from digital evidence?

Yes, very much so. Physical evidence is very tangible. What I mean by that you can hold it, turn it, look at it, and it to another person, and when you receive it back, it is still in the same condition as when it left your control. Some examples of physical evidence include fingerprints, tool marks, shell casings, bloodstains, almost anything that exists in the physical realm that allows an investigator to determine what occurred. Digital evidence is much more fragile. Static electricity can kill a thumb drive full of digital evidence in a split second. Take precautions as you handle and collect digital evidence to ensure you do not make any unauthorized changes. Some examples of digital evidence can be log files, digital images, Internet history, emails, or any digital device that was used during the incident in question.

How do you authenticate the digital evidence? How do you prove that the “copy” the investigator has is a true and accurate representation of what they found within the digital container?

The investigator should use a cryptographic hash function. Two of the more common cryptographic hashing algorithms used are MD 5 and SHA 1. MD 5 provides 128-bit hash value, and an SHA 1 will give a 160-bit hash value, either of these values can be considered a digital fingerprint for a specific file. If anyone changes a single bit on the source file, it will cause a different hash value to be created. This function makes it very easy to determine if something had changed in the file since the investigator recovered it.

As you can see, it is essential to authenticate all digital evidence before its use in an administrative or judicial proceeding.

If you want to learn more about computer forensics and the usefulness of hash values, please check out my book Learn Digital Forensics available on Amazon

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on email

Defending Someone Who Confessed to Crimes

False confessions are not only real, but they are also common. Many defense attorneys fear the confession. Many defense attorneys see a confession and use …

Read More →

What is a Forensic Image?

If you are new to the world of digital forensics, you may come across the term “forensic image.” What exactly is a forensic image? A …

Read More →

Tim Bilecki at the Global Business Leader Summit

Good afternoon. My name is Tim Bilecki. I’m the Managing Partner of the law firm of Bilecki & Tipon. Every day I see kids, I …

Read More →
Scroll to Top

Request A FREE Case Evaluation

You deserve a fighting chance on your day in court. When it comes time to decide who your attorney will be to defend your UCMJ charges, make that decision count.***

*** All information submitted will be kept confidential and private. An attorney client relationship is not established by submitting this initial contact information to our office.