Review of Digital Evidence

Posted in Forensics and Investigations on December 29, 2023
Digital Evidence

Digital evidence refers to any type of data or information that is stored on a digital device, such as a computer or a mobile phone, and that can be used as evidence in a legal investigation or court case. This type of evidence can be crucial in modern-day criminal investigations, as it can provide a wealth of information that is not available through other means.

When reviewing digital evidence, it is important to ensure that the evidence has been obtained in a legally permissible manner, as any evidence that has been obtained through illegal means may be inadmissible in court. Additionally, the evidence must be properly preserved and documented to maintain its integrity and authenticity.

Digital Evidence

Review of Digital Evidence

The digital financial crime investigation team works per the defined digital crime investigation program to obtain sufficient and appropriate evidence related to fraud incidents. The team explores different sources to gather such evidence as direct interviews with suspects, interviews of colleagues of the suspect, observation of the behavior of the particular employee or suspect, walkthroughs of transactions and systems, third-party confirmations, physical checks, or counting of physical assets, etc.

In the information and evidence-gathering process, it must be ensured that the case is not made very complicated to investigate. The right approach and selection of the right sources of shreds of evidence make the investigation process logical and result-oriented. 

All the evidence gathered from different sources and through different techniques must be appropriately recorded logically. Evidence is required to be corroborated with each other. Therefore, the presentation and recording of the evidence are important parts of the investigation process. 

Direct Evidence and Circumstantial Evidence

Direct evidence related to fraud is gathered by the fraud investigation team or experts directly performing investigation procedures, such as information gathered through interviewing the suspect or observation of employee behavior over some time. 

Direct evidence is considered more valuable because it is directly obtained by the experts as a result of appropriate planning and a directly approaching to the evidence. There is a possibility that direct evidence is obtained without performing any specific evidence-gathering procedure, such as information about the fraud may be provided by the customer or the company against the employee, or the suspect may surrender him or herself before the fraud investigation team and provide all relevant information. This occurs when the person who committed the fraud feels fear of punishment, which they may be awarded on the proof of the fraud. 

Electronic and Paper Evidence

In today’s digital environment, the audit trail is maintained by companies and organizations using electronic records using personal computers and other electronic devices such as PDAs. In the electronic environment, the fraud investigation team or experts perform computer forensic investigations by seizing and analyzing electronic data using a methodology that ensures its admissibility as evidence in a court of law.

Legislations allow the use of computer forensic investigations as an important part of fraud investigations because it impacts an organization’s ability to investigate computer systems and electronic records such as email.

Organizations must maintain electronic records and information appropriately and over a specified period per the applicable regulatory requirements. Such record maintenance enables and facilitates the appropriate fraud investigations by the experts.

Digital Evidence

The Forensic Image 

In computer forensics, the original information or data is never altered. To ensure this, the purpose-written ‘forensic image’ software is used by the fraud investigation teams to obtain a copy of a ‘target’ computer system. The forensic image enables the recreation of the original system at any time.

It must be ensured that the fraud investigation team is an experienced specialist who must ensure the confidentiality of information assets to ensure the confidentiality of the company’s information. Computer forensic investigators and other supporters who gather evidence from computers must be able to justify their actions in the future. It is strongly recommended that a forensics expert is hired for professional advice rather than relying solely on the company’s information technology department or staff.

Forensic computer images have been accepted in legal proceedings, and it is no longer required in most cases to seize computer hardware for investigation purposes.

Indeed, in situations where target computer systems contain critical data, physical seizure may not be a viable option for the fraud investigations team. The forensic image may be sufficient, and the need to seize physical assets may not arise. Forensic imaging also enables the drawing of information from the suspect’s personal computer without conducting inquiries from the suspect directly.

Evidence Gathered through Interviews

Many fraud investigations are concluded with a formal interview with the suspect. Here, all evidence is put to the suspect, for their feedback and answers, under a very controlled environment.

These interviews and the production of evidence before the suspect are performed by very skilled and experienced fraud investigators or experts. These interviews, where evidence is placed before the suspect, should be conducted ideally at the end of the investigation process. Legal advice must be sought before such interviews unless well-trained fraud investigators are deployed for interviews.

One of the most important parts of the investigation process is the official examination and scrutiny of the evidence obtained from different sources during the fraud investigation process. 

All the evidence gathered during the fraud investigation process by the experts or fraud investigations team is reviewed at appropriate levels. The evidence received from different sources is corroborated to establish the reasonableness of the evidence. Corroboration of evidence may require obtaining more in-depth information from the suspect or other sources.

Sufficient relates to the quantity of evidence. Appropriate relates to the quality or relevance and reliability of the evidence. During the evidence review process, it must be ensured that sufficient and appropriate audit evidence is obtained related to fraud activities.

Digital Evidence

The expert will need to exercise professional judgment on both of these aspects:

  • The quantity, and
  • The quality of evidence.

The two characteristics of quantity and quality are also inter-related, which are as follows:

  • An investigator may be able to reach a conclusion based on a smaller quantity of high-quality fraud evidence. Still, a larger quantity of lower-quality evidence may be required to reach the same conclusion.
  • A review of evidence must be documented appropriately to ensure that all relevant facts are considered apparent from the evidence. 

The documentation of a fraud investigation must contain the records that comprise the whole investigation proceedings. The objective of the expert is to prepare the documentation that provides the following:

  • A sufficient and appropriate record of the basis for the expert’s investigation report, and
  • An evidence that the investigation was planned and performed following legal and regulatory requirements. 

Final Thoughts

Digital evidence can be highly valuable in criminal investigations and civil disputes, but it is also subject to unique challenges and limitations. For example, digital evidence can be easily manipulated or deleted, and there may be questions about its authenticity, reliability, and admissibility in court.

To overcome these challenges, law enforcement agencies and legal professionals must use specialized tools and techniques to collect, analyze, and preserve digital evidence. This may involve working with forensic experts, using specialized software and hardware tools, and following strict protocols and guidelines to ensure the integrity and admissibility of the evidence.

Overall, digital evidence plays an increasingly important role in modern legal proceedings, and understanding its potential benefits and limitations is crucial for both law enforcement and legal professionals.