Legal issue


Lala93

New Member
Dec 11, 2018
1
1
#1
Hi im Lala here. Currently im doing a research regarding computer forensics. I hope you guys can help me to get some opinion and knowledge from this group.
The question is, in your place if any investigator doing a computer forensics using free software tools, is it acceptable to use the evidence found in court room? Thank you
 

RobertM

New Member
TRUSTED Contributor
Sep 30, 2018
23
Ratings
14
3
#2
Free software should never be an issue, as far as I know, if you can show that it works properly as a result of testing.

As with any software, you can't just push a button (Push-button Forensics) and accept the output as the answer and then present that in court. You must test and validate the results.

Even expensive digital forensics software has bugs, especially when you consider how advanced the code is to retrieve all the data. Not to mention that apps and o/s are constantly being updated which can often change the way the software interacts with the forensic software.

Free and open-source software is no different.

Always, test, validate and document your investigations.
 

athulin

Member
Experienced Member
Oct 18, 2007
734
Ratings
11
18
#3
in your place if any investigator doing a computer forensics using free software tools, is it acceptable to use the evidence found in court room?
My place is Sweden. There are no apriori rules: the judge(s) of the particular case decides on admissibility of evidence. In general, it's the competence of the witness that matters, not what tools he or she used.

Your kind of question (or what I take your question to be) is perhaps best answered by the book

Stephen Mason (ed.): International Electronic Evidence.
British Institute of International and Comparative Law, 2008

(no later edition, it seems, but check International Electronic Evidence - Stephen Mason for overview of content.
No, I'm not associated with the author or the publisher.)
 
Last edited:

twicesafe

Administrator
Staff member
Sep 4, 2018
92
Ratings
22
8
Vancouver, Canada
www.computerforensicsworld.com
Twitter
Forensic_Notes
#4
check International Electronic Evidence - Stephen Mason for overview of content.
No, I'm not associated with the author or the publisher.)
Great suggestion @athulin .

This is a massive 1000+ page book on the subject for anyone interested in the different laws around the world for Electronic Evidence.

From the site:

This text provides guidance on digital evidence across the 35 jurisdictions listed below, covering (i) the substantive law of evidence, covering the types of evidence, admissibility of evidence, weight, proof, electronic signatures, presumptions and inferences; (ii) civil proceedings, pre-trial, urgent search and seizure orders, preservation of evidence, rules on disclosure, confidentiality and privilege; (iii) criminal proceedings, pre-trial, powers of search and seizure, the obligations of both prosecution and defence respecting the disclosure of evidence before trial, including the consequences of non-disclosure, human rights issues in relation to the gathering of evidence, the trial and how a defendant may challenge the authenticity of digital evidence.​



@athulin : Have you had a chance to read/browse this book?
If yes, could you quickly provide your thoughts on what the book properly covers and the type of information you found useful in it?
 

athulin

Member
Experienced Member
Oct 18, 2007
734
Ratings
11
18
#5
Have you had a chance to read/browse this book?
I'm afraid not -- it's from a list of books that I wanted to know to exist, but so far have had little or no reason to actually use. If I remember, someone on an ISFCE mailing list mentioned it as a resource in a response to a 'I need to collect a disc in <foreign country X>. Is there something in their legal system I need to be aware of?' or something on those lines. At the time, however, I had easy access to people who knew the legal problems with the neighbouring countries I occasionally worked in. Also the price was a bit more than I could afford.

After some digging around, I can point to a related resource by the same author: Mason & Seng: Electronic Evidence (4th ed., 2017), but it is probably more of interest to someone who is primarily interested in English and Welsh law, although there are several reference to other Anglosaxic countries and cases. It's computers and computer forensics along with applicable law seen through legal eyes, explained for readers of the same bent, ... and following legal presentation form, with *massive* paragraphs.

Electronic Evidence | IALS

That page links to a free PDF copy of the text:

Electronic Evidence: Fourth Edition | Humanities Digital Library

@Lala93: Admissibility is (partially?) treated in 3.68 - 3.70 on pages 57-58, and suggests that admissibility may be less of an issue than weight -- at least in the relevant jurisdictions.
 

bshavers

New Member
TRUSTED Contributor
Dec 2, 2008
29
Ratings
20
3
Seattle, WA
www.dfir.training
Facebook
https://www.facebook.com/dfirtools/
Twitter
https://twitter.com/DFIRTraining
#6
Hi im Lala here. Currently im doing a research regarding computer forensics. I hope you guys can help me to get some opinion and knowledge from this group.
The question is, in your place if any investigator doing a computer forensics using free software tools, is it acceptable to use the evidence found in court room? Thank you
The issue/risk isn't whether the software is free, open source, demo, or commercial. It is in the details of the EULA (end user licensing agreement). Some EULAs prohibit commercial use, only allow personal use, or may have other restrictions that limit the use in legal case matters. If software is challenged on the basis of the EULA, it will then be if the user followed the EULA or violated it.

I've seen a case where a EULA was violated, but results allowed since other tools would have found the same data. I've seen another case where a EULA was violated and the results not admitted in court.

Best bet, know and abide by the EULA, regardless if commercial, demo/freeware, or open source.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu