On the Creation of Reliable Digital Evidence

  • Nicolai Kuntze
  • Carsten Rudolph
  • Aaron Alva
  • Barbara Endicott-Popovsky
  • John Christiansen
  • Thomas Kemmerich
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 383)

Abstract

Traditional approaches to digital forensics deal with the reconstruction of events within digital devices that were often not built for the creation of evidence. This paper focuses on incorporating requirements for forensic readiness – designing in features and characteristics that support the use of the data produced by digital devices as evidence. The legal requirements that such evidence must meet are explored in developing technical requirements for the design of digital devices. The resulting approach can be used to develop digital devices and establish processes for creating digital evidence. Incorporating the legal view early in device design and implementation can help ensure the probative value of the evidence produced the devices.

Keywords

Digital evidence admissibility forensic readiness 

References

  1. 1.
    K. Brady, C. Crowley, P. Doyle, M. O’Neill, J. Shook and J. Williams, The Sedona Conference Commentary on ESI Evidence and Admissibility, The Sedona Conference, Phoenix, Arizona, 2008.Google Scholar
  2. 2.
    M. Calhoun, Scientific evidence in court: Daubert or Frye, 15 years later, Washington Legal Foundation, vol. 23(37), pp. 1–4, 2008.Google Scholar
  3. 3.
    J. Christiansen, Discovery and admission of electronic information as evidence, in E-Health Business and Transactional Law: 2010 Cumulative Supplement, J. Sullivan (Ed.), BNA Books, Arlington, Virginia, pp. 427–452, 2010.Google Scholar
  4. 4.
    B. Endicott-Popovsky, B. Chee and D. Frincke, Calibration testing of network tap devices, in Advances in Digital Forensics III, P. Craiger and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 3–19, 2007. CrossRefGoogle Scholar
  5. 5.
    B. Endicott-Popovsky and D. Frincke, Embedding forensic capabilities into networks: Addressing inefficiencies in digital forensic investigations, Proceedings of the IEEE Information Assurance Workshop, pp. 133–139, 2006.CrossRefGoogle Scholar
  6. 6.
    D. Fridman and J. Janoe, The state of judicial gatekeeping in California, presented at the Criminal Justice Gatekeeping Seminar, 1999.Google Scholar
  7. 7.
    W. Jansen and R. Ayers, Guidelines on Cell Phone Forensics, NIST Special Publication 800-101, National Institute of Standards and Technology, Gaithersburg, Maryland, 2007.Google Scholar
  8. 8.
    N. Kuntze and C. Rudolph, Secure digital chains of evidence, Proceedings of the Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, 2011.Google Scholar
  9. 9.
    M. LeMay and C. Gunter, Cumulative attestation kernels for embedded systems, Proceedings of the Fourteenth European Conference on Research in Computer Security, pp. 655–670, 2009.Google Scholar
  10. 10.
    R. McKemmish, When is digital evidence forensically sound? in Advances in Digital Forensics IV, I. Ray and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 3–15, 2008.CrossRefGoogle Scholar
  11. 11.
    J. McLaughlin (Ed.), Weinstein’s Federal Evidence: Commentary on Rules of Evidence for the United States Courts, Matthew Bender, New York, 1997.Google Scholar
  12. 12.
    C. Mitchell, Trusted Computing, Institute of Engineering and Technology, London, United Kingdom, 2005.CrossRefGoogle Scholar
  13. 13.
    G. Paul and B. Nearon, The Discovery Revolution: e-Discovery Amendments to the Federal Rules of Civil Procedure, American Bar Association, Chicago, Illinois, 2006.Google Scholar
  14. 14.
    J. Richter, N. Kuntze and C. Rudolph, Securing digital evidence, Proceedings of the Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 119–130, 2010.CrossRefGoogle Scholar
  15. 15.
    B. Schneier, The story behind the Stuxnet virus, Forbes.com, October 7, 2010.Google Scholar
  16. 16.
    J. Tan, Forensic readiness (isis.poly.edu/kulesh/forensics/forensic_readiness.pdf), 2001.
  17. 17.
    U.S. Court of Appeals (Fourth Circuit), Silvestri v. General Motors Corp., Federal Reporter Third Series, vol. 271, pp. 583–595, 2001.Google Scholar
  18. 18.
    U.S. District Court (Northern District of Illinois), In re Brand Name Prescription Drugs Antitrust Litigation, Westlaw, no. 360526, 1995.Google Scholar
  19. 19.
    U.S. Government, Rule 26(b)(2), Federal Rules of Civil Procedure, United States Code, p. 156, 2006.Google Scholar
  20. 20.
    U.S. Government, Rule 34(a), Federal Rules of Civil Procedure, United States Code, p. 195, 2006.Google Scholar
  21. 21.
    U.S. Government, Rule 702, Federal Rules of Evidence, United States Code, p. 357, 2006.Google Scholar
  22. 22.
    U.S. Supreme Court, Daubert v. Merrell Dow Pharmaceuticals, Inc., United States Reports, vol. 509, pp. 579–601, 1993.Google Scholar
  23. 23.
    T. Winkler and B. Rinner, Applications of trusted computing in pervasive smart camera networks, Proceedings of the Fourth Workshop on Embedded Systems Security, 2009.Google Scholar
  24. 24.
    T. Winkler and B. Rinner, Trustcam: Security and privacy-protection for an embedded smart camera based on trusted computing, Proceedings of the Seventh IEEE International Conference on Advanced Video and Signal Based Surveillance, pp. 593–600, 2010. CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Nicolai Kuntze
    • 1
  • Carsten Rudolph
    • 1
  • Aaron Alva
    • 2
  • Barbara Endicott-Popovsky
    • 2
  • John Christiansen
    • 3
  • Thomas Kemmerich
    • 4
  1. 1.Fraunhofer Institute for Secure Information TechnologyDarmstadtGermany
  2. 2.University of WashingtonSeattleUSA
  3. 3.Christiansen IT LawSeattleUSA
  4. 4.University of BremenBremenGermany

Personalised recommendations