Casey (2004, 1.3) says that digital data is “a messy, slippery form of evidence that can be difficult to handle”. This is true for multiple reasons. It is easily lost or destroyed, it is not necessarily easy to collect and there may be so much of it possibly germane that isolating the pertinent pieces could be tantamount to data mining. It is also possible that evidence could be forged (Maurer, 2004). Therefore digital evidence collection in a world where so much is recorded online is a critical but tricky activity.
Because there are so many variables as to what evidence may be available and applicable, digital evidence collection will generally start similarly to hard forensic science: by ascertaining that a crime has taken place. While some governments are doubtless engaged in massive data acquisition and mining projects in the hopes of combating 'terrorism', these activities are somewhat different from the collection that is associated with a known crime.
It is important that computer forensic examiners understand the dangers of data loss and corruption. It is also critical that they understand the liabilities and opportunities that data networks represent. Getting the initial data may be very time critical as some of it may be in RAM and cannot persist after the equipment is powered down, some may have traversed networks and jurisdictions, some may be in logs that will be overwritten, some may be encrypted and all of it could be subject to inadvertent or malicious deletion.
Much digital evidence is, as of yet, not well accepted by many courts (Laureate Education, 2009). This is one reason that computer forensic science needs to mature and implement professional standards and certifications (Ibid.). But the justice systems also need to become comfortable with the fact that digital devices can contain crucial evidence and cooperate with experts on establishing rigorous but reasonable levels of admissibility, in as timely a manner as possible. So the forensic sciences remain crucial to attempts at justice and as more of our lives take place online the ability to acquire, authenticate and analyze digital evidence can only become more important (Ibid.).
Casey, E. (2004) Computer Crime – Forensic Science, Computers and the Internet, Second Edition. London: Academic Press
Laureate Education (2009) Computer Forensics Seminar for Week 1: Digital Evidence, Computer Crime, Technology and Law [Online]. Available from: https://elearning.uol.ohecampus.com/bbcswebdav/xid-61831_4 (Accessed: 3 June, 2010)
Maurer, U. (2004) New Approaches to Digital Evidence [Online]. Available from: ftp://ftp.inf.ethz.ch/pub/crypto/publications/Maurer04.pdf (Accessed: 6 June, 2010)