P ROTOCOLO EN CASO DE I NCENDIO

According to Kenneally (2002) digital evidence constitutes a unique legal challenge. Reliable evidence that can stand the rigorous requirements of admissibility is critically important to computer crime investigations. Admissibility of the evidence is dependent on its relative weight and judicial value. Legal systems are based on precedents and this raises the need to introduce cohesion and consistency in the adopted digital forensic methodologies.

Allen (2005) and Wilson (2008) raised the issue of jurisdiction being a challenge for digital forensics. Features like portability and connectivity raise the question of jurisdictions and the difference between legal systems in different jurisdictions complicates the matter further. For a piece of evidence to be considered admissible, it must fulfil the evidentiary mandates of the court in which it is presented. Lack of effective cyber laws is another major obstacle in investigations. For example, no legal action could be taken against the author of the „ILOVEYOU‟ virus in the year 2000, as the suspect was located in the Philippines and the country had no legislation with respect to such crime at that time (Karyda and Mitrou, 2007). Another important challenge that is critical for digital forensics is the issue of privacy. For instance, seizure of equipment and release of information are often disputed in the Court on these grounds.

In the case of Daubert vs. Merell, the US Supreme Court provided specific criteria for the lower courts to rule on the admissibility of scientific evidence (Rogers, 2003):

 Whether the theory or technique has been tested on reliable grounds;

 Whether the theory or technique has been reviewed and published;

 Has the theory or technique been tested and analysed for potential errors;

66

Hence the court stresses the reliability of the evidence; and if the evidence fulfils this criterion, it would still be accepted in a court of law. However, this does mean that anything is permissible and benchmarks will certainly exist.

A further major legal hurdle in the USA is the use of evidence in courts. The Fourth Amendment (Adams, 2008) states:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”.

This acts as a significant barrier in the search and seizure operation because the computer hardware and other related accessories which are taken for digital forensic analysis normally contain a huge amount of personal and private information, apart from the expected data that could lead to the perpetrator.

Search warrant issues for the forensic investigator are too restrictive at times and may even specify the types of files they are supposed to search for on the suspect‟s computer. Such facts make the task of a digital forensic examiner much more laborious than in the case where a generic search warrant is issued (Adams, 2008). It also means that it is the choice of the examiner as to whether to exhibit strict integrity and professionalism by not obtaining anything which is unrelated to the warrant. Hence, considering various legislative aspects is a key requirement in the next generation of digital forensic tools, allowing the investigator‟s boundaries to be pre-defined.

It is understandable that the state of cyber laws is not equal everywhere in the world. For example, taking the case of the Sultanate of Oman where the decree implementing cyber laws was passed as recently as February 2011 (ITA, 2011) and the document describes various aspects relating to cyber laws. Although the document tries to incorporate various facets of cyber laws, it is still not as comprehensive as places where a system of well-established cyber laws exists, such as the United Kingdom. The cyber laws in the UK are much more refined and cover aspects relating to various dimensions like digital signatures, e-commerce, intellectual property rights, and Cloud Computing; in addition it is a signatory to various

67

international conventions such as the convention on computer crimes and EU data protection directive (BSA, 2012).

Cloud Computing also raises a different set of challenges for digital forensic examiners due to its dispersed nature of data; as a result it is difficult to pinpoint the exact legal framework that would be used when incidents occur within a cloud environment (Ruan et al, 2012). Also as the controlling personnel may be different from the company or individuals whose data is held in such Cloud environments, it becomes more difficult from the legal perspective to retain the evidence in an untouched and unaltered manner, suggesting that the evidence could not be accepted as solid proof in a court of law.

According to Alazab (2013) there are five main objectives of digital forensics which are listed as follows:

 Any undesired events should be detected;

 The impact of these events on the system should be analysed;

 Requisite evidence should be gathered from the legal perspective;

 Ways to prevent such future mishaps should be devised;

 The pattern and underlying reasons for the event should be analysed and understood in order to prevent any future happening of such events.

This view includes evidence that may not be admissible in a court of law. It is possible to collect evidence from events like theft or destruction of intellectual property, commission of fraud, or any such criminal activity relating to digital devices. Digital evidence can also be used for establishing a link between the crime and the victim (Perumal, 2009).

Carrier (2002) also discussed a number of scenarios that involve the use of open source toolkits for carrying out digital forensic examinations. This trend has become more prevalent after the involvement of commercial organisations in the forensic investigation process, since earlier it was mainly a governmental matter. Therefore, it is necessary to ensure that the quality of digital tools and the evidence which they produce are technically sound and without any flaws, which consequently makes it difficult for a court of law to accept such evidence.

68

Also, an open public debate should be organised in tune with the open source tradition, so that there is a consensus on the type of tools being used in digital forensic analysis, the methods used by these tools and the acceptability of their results.

Hence it can be seen that though the field of digital forensics pertains to procuring and presenting evidence considered admissible in a court of law, it is not so easy in actual practice. There are many hurdles and challenges which a digital forensic investigator has to face.