Digital Evidence
Robin C. Stuart, Digital Investigations Consultant
Volatile versus Nonvolatile Evidence
DEFINITION
We know that evidence is an offer or support of proof: the latent fingerprint, the bloodstains on the carpet, the smoking gun. How does digital evidence fit into this landscape? And what constitutes “digital evidence”?
What Is Digital Evidence?
According to Merriam-Webster's Dictionary of Law, the word evidence means, “something that furnishes or tends to furnish proof.” In 1998, the Scientific Working Group on Digital Evidence defined the term digital evidence as “...any information of probative value that is either stored or transmitted in digital form.”
In plain English, and as tested and defined in various United States courts, digital evidence is an offer of proof generated, stored, or transmitted in electronic form. This proof could originate from sources such as a cell phone, a pager, a personal digital assistant (PDA), or a computer; basically, any device that can be used to transmit and store data in binary form. For example, text messages, e-mail, databases, or Web server logs.
How Is Digital ...
Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.