Manchester: 0161 797 8123

London: 0207 438 2045

Manchester: 0161 797 8123

London: 0207 438 2045

Blog

News, events, media, seminars and more

The Importance Of Electronic Evidence

electronic evidence

Why is electronic evidence important?

With the prolific usage of electronic devices such as smartphones and computers, the amount of data generated from these devices is vast. As such, there can be an expectation within almost any investigation for the need to identify digital evidence. If identified, collected and analysed in a forensically sound manner, electronic evidence can prove crucial to the outcome of criminal, civil and corporate investigations.

What is electronic evidence?

Electronic evidence, also commonly known as digital evidence, is data stored within electronic devices or systems that can be recovered by forensic experts and used as admissible evidence in court.

 

What forms of media are considered electronic evidence?

Data recovered from the following devices and applications are considered as evidence. However, this is only admissible if recovered using a forensic methodology by a certified expert.

  • Computers, laptops and tablets
  • Mobile phone data
  • HDD, RAID and SSD hard drives
  • USB memory sticks and SD cards
  • Social media information
  • Whatsapp messages
  • Cloud storage data
  • Digital photographs
  • CCTV

 

Applying the ACPO Guidelines to electronic evidence

The Association of Chief Police Officers (ACPO) guidelines are a set of principles for handling electronic evidence. It is critical that these are strictly adhered to when investigating computers or digital media as it ensures evidence continuity and admissibility of digital evidence in court.

The main principles of the ACPO Good Practice Guide for Computer Based Electronic Evidence are:

  • Principle 1:

No action taken by law enforcement agencies or their agents should change data held on a computer or storage media, which may subsequently be relied upon in court.

  • Principle 2:

In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.

  • Principle 3:

An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.

  • Principle 4:

The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to.

Applying the ACPO Guidelines in practice means that a chain of custody should be established. This ensures that no unauthorised access to digital media can occur. When the digital evidence is forensically interrogated a write-blocker is required, so that data cannot be overwritten or altered from its original format, preserving the evidence. Specialist forensic tools should be used, and all interrogations completed on a forensic image (or clone), not on the original media device.

Back to all Posts

Call us today and speak with a Forensic Specialist

London: 0207 438 2045

Manchester: 0161 797 8123

Feel free to send us an enquiry

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the new General Data Protection Regulation (GDPR) act, 2018.