The American Bar Association requires all prosecutors to make a clear and complete record for review during trial. As with other areas of security, organizations have to ensure record retention policies do not inadvertently work against them in the court of law.
In the Apple vs. Samsung patent infringement case, Samsung’s lack of digital evidence preservation resulted in Apple winning over $1 billion. This was partially attributed to Samsung’s automatic deletion of all emails after two weeks, digital evidence that the judge considered material to Apple’s case (Mouhtaropoulos et al., 2014).
I think this is a great case study that security professionals should consider when helping companies develop their record retention policies. In my experience, retention policies are designed with shorter periods to limit liability in the event of record subpoenas. As we see in the Apple vs. Samsung case, the shorter period can actually cost the company if digital evidence preservation is deemed insufficient. Therefore, it is important to consider cases like this when developing policies that involve potential digital evidence because they could have unintended legal implications.
I also agree with the assessment that chain of custody could make or break a case. One way to validate that data has not been tampered with is by creating a digital fingerprint, or hash, of the record. Hashing algorithms, such as MD-5, creates a unique digital forensic value of evidence. If any part of the evidence changes, the hash changes too, providing a continuous element to verify the chain of custody (Stone, 2015). Hashes are a great way to ensure admissibility while serving as a deterrent against evidence tampering. .
I also believe hashing would greatly improve law enforcement admissibility outcomes for being able to use digital forensics evidence to successfully solve crimes and prosecute cases. As the industry matures, I hope this technique becomes part of digital forensics frameworks and required training for first responders.
Mouhtaropoulos, A., Chang-Tsun, L., & Grobler, M. (2014). Digital Forensic Readiness: Are We There Yet?. Journal Of International Commercial Law & Technology, 9(3), 173-179.
Stone, A. (2015, September 17) Chain of Custody: How to Ensure Digital Evidence Stands Up In Court. GovTech Works. Retrieved from: https://www.govtechworks.com/chain-of-custody-how-to-ensure-digital-evidence-stands-up-in-court/#gs.7lOFcgI