Digital Evidence In Criminal Investigations

Digital evidence is a term you will see more and more as cases progress through the criminal justice system. The digital realm has intersected with a physical realm, so much so it is almost impossible to interact with one realm without leaving evidence in the other realm. So what does that mean for an investigator? Is physical evidence that much different from digital evidence?

Yes, very much so. Physical evidence is very tangible. What I mean by that you can hold it, turn it, look at it, and it to another person, and when you receive it back, it is still in the same condition as when it left your control. Some examples of physical evidence include fingerprints, tool marks, shell casings, bloodstains, almost anything that exists in the physical realm that allows an investigator to determine what occurred. Digital evidence is much more fragile. Static electricity can kill a thumb drive full of digital evidence in a split second. Take precautions as you handle and collect digital evidence to ensure you do not make any unauthorized changes. Some examples of digital evidence can be log files, digital images, Internet history, emails, or any digital device that was used during the incident in question.

How do you authenticate the digital evidence? How do you prove that the “copy” the investigator has is a true and accurate representation of what they found within the digital container?

The investigator should use a cryptographic hash function. Two of the more common cryptographic hashing algorithms used are MD 5 and SHA 1. MD 5 provides 128-bit hash value, and an SHA 1 will give a 160-bit hash value, either of these values can be considered a digital fingerprint for a specific file. If anyone changes a single bit on the source file, it will cause a different hash value to be created. This function makes it very easy to determine if something had changed in the file since the investigator recovered it.

As you can see, it is essential to authenticate all digital evidence before its use in an administrative or judicial proceeding.

If you want to learn more about computer forensics and the usefulness of hash values, please check out my book Learn Digital Forensics available on Amazon

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Blog

Fort Hood Cases Put Spotlight on Army CID Shortfalls

Soldiers and their families stationed at Fort Hood, TX should be concerned over recent finding of an investigation into the Criminal Investigation Command (CID) detachment …

Read More →
Blog

Is Court-martialing Military Retirees Unconstitutional? Two Cases May Change UCMJ Jurisdiction.

It is a little known fact: only some military retirees remain subject to the UCMJ after leaving service. Enlisted Sailors and Marines who complete 20-29 …

Read More →
Blog

Army Holds Fort Hood Leadership Accountable After an Investigation Report Finds “toxic” Culture That “fueled” Sexual Harassment

In the months since the discovery of the dismembered and burned remains of U.S. Army Specialist Vanessa Guillen, a Fort Hood soldier who disappeared on …

Read More →
Scroll to Top

Request A FREE Case Evaluation

You deserve a fighting chance on your day in court. When it comes time to decide who your attorney will be to defend your UCMJ charges, make that decision count.***

*** All information submitted will be kept confidential and private. An attorney client relationship is not established by submitting this initial contact information to our office.