Types of Digital Evidences
October 28, 2016
Categorised in: Computer Forensic & Cyber Applications
1. Hardware as Contraband or Fruits of Crime.
Contraband is a property that the private citizen is not permitted to possess.
For example, under certain circumstances, it is illegal for an individual in the United States to possess hardware that is used to intercept electronic communications(18 USCS 2512).
The concern is that such devices enable individuals to obtain confidential information, violate other people’s privacy, and commit a wide range of other crimes using intercepted data.
Cloned cellular phones and the equipment that is used to clone them are other examples of hardware as contraband.
The fruits of crime include property that was obtained by criminal activity, such as computer equipment that was stolen or purchased using stolen credit card numbers.
Also, microprocessors are regularly stolen because they are very valuable, they are in high demand, and they are easy to transport.
The main reason for seizing contraband or fruits of crime is to prevent and deter future crimes.
When law enforcement officers decide to seize evidence in this category, a court will examine whether the circumstances would have led a reasonably cautious agent to believe that the object was contraband or a fruit of crime.
2. Hardware as an Instrumentality.
When computer hardware has played a significant role in a crime, it is considered an instrumentality.
This distinction is useful because, if a computer is used like a weapon in a criminal act, much like a gun or a knife, this could lead to additional charges or a heightened degree of punishment.
The clearest example of hardware as the instrumentality of crime is a computer that is specially manufactured, equipped, and/or configured to commit a specific crime.
For instance, sniffers are pieces of hardware that are specifically designed to eavesdrop on a network.
Computer intruders often use sniffers to collect passwords that can then be used to gain unauthorized access to computers.
It is ultimately up to the courts to decide whether or not an item played a significant role in a given crime. So far, the courts have been quite liberal on this issue.
For example, in a New York child pornography case the court ruled that a computer was the instrumentality of the offense because the computer hardware might have facilitated the sending and receiving of the images (United States v. Lamb, 1996).
Even more liberal was the Eastern District Court of Virginia decision that a computer with related accessories was an instrumentality because it contained a file that detailed the growing characteristics of marijuana plants (United States v. Real Property, 1991).
3. Hardware as Evidence.
Before 1972, “mere evidence” of a crime could not be seized. However, this restriction was removed and it is now acceptable to “search for and seize any property that constitutes evidence of the commission of a criminal offense” (Federal Rules of Criminal Procedure 41 [b]).
This separate category of hardware as evidence is necessary to cover computer hardware that is neither contraband nor the instrumentality of a crime.
For instance, if a scanner that is used to digitize child pornography has unique scanning characteristics that link the hardware to the digitized images, it could be seized as evidence.
4. Information as Contraband or Fruits of Crime.
As previously mentioned, contraband information is information that the private citizen is not permitted to possess.
A common form of information as contraband is encryption software.
In some countries, it is illegal for an individual to possess a computer program that can encode data using strong encryption algorithms because it gives criminals too much privacy.
If a criminal is caught but all of the incriminating digital evidence is encrypted, it might not be possible to decode the evidence and prosecute the criminal.
Information as fruits of crime include illegal copies of computer programs, stolen trade secrets and passwords, and any other information that was obtained by criminal activity.
5. Information as an Instrumentality.
Information can be the instrumentality of a crime if it was designed or intended for use or has been used as a means of committing a criminal offense.
Programs that computer intruders use to break into computer systems are the instrumentality of a crime. These programs, commonly known as exploits, enable computer intruders to gain unauthorized access to computers with a specific vulnerability.
Also, computer programs that record people’s passwords when they log into a computer can be an instrumentality, and computer programs that crack passwords often play a significant role in a crime.
As with hardware, the significance of the information’s role is paramount to determining if it is the instrumentality of a crime.
Unless a plausible argument can be made that the information played a significant role in the crime, it probably should not be seized as an instrumentality of the crime.
6. Information as Evidence.
This is the richest category of all. Many of our daily actions leave a trail of digits.
All service providers (e.g., telephone companies, ISPs, banks, credit institutions) keep some information about their customers.
These records can reveal the location and time of an individual’s activities, such as items purchased in a supermarket, car rentals and gasoline purchases, automated toll payment, mobile telephone calls, Internet access, online banking and shopping, and withdrawals from automated teller systems (with accompanying digital photographs).
Although telephone companies and ISPs try to limit the amount of information that they keep on customer activities, to limit their storage and retrieval costs and their liability, law makers in some countries are starting to compel some communications service providers to keep more complete logs.
For instance, the U.S. Computer Assistance Law Enforcement Act (CALEA) that took effect in 2000 compels telephone companies to keep detailed records of their customers’ calls for an indefinite period of time.
The European Union has created log retention guidelines for its member states. In Japan, there is an ongoing debate about whether ISPs should be compelled to keep more complete logs.