By John Patzakis [1] and Brent Botta [2]
Previously, in Forensic Focus, we addressed the issue of evidentiary authentication of social media data (see previous entries here and here).
General Internet site data available through standard web browsing,
instead of social media data provided by APIs or user credentials,
presents slightly different but just as compelling challenges, which are
outlined below. To help address these unique challenges, we are
introducing and outlining a specified technical process to authenticate
collected “live” web pages for investigative and judicial purposes.[3]
We are not asserting that this process must be adopted as a universal
standard and recognize that there may be other valid means authenticate
website evidence. However, we believe that the technical protocols
outlined below can be a very effective means to properly authenticate
and verify evidence collected from websites while at the same time
facilitating an automated and scalable digital investigation workflow.
Legal Authentication Requirements
The Internet provides torrential amounts of evidence potentially
relevant to litigation matters, with courts routinely facing proffers of
data preserved from various websites. This evidence must be
authenticated in all cases, and the authentication standard is no
different for website data or chat room evidence than for any other.
Under US Federal Rule of Evidence 901(a), “The requirement of
authentication … is satisfied by evidence sufficient to support a
finding that the matter in question is what its proponent claims.”
United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).
Ideally, a proponent of the evidence can rely on uncontroverted
direct testimony from the creator of the web page in question. In many
cases, however, that option is not available. In such situations, the
testimony of the viewer/collector of the Internet evidence “in
combination with circumstantial indicia of authenticity
(such as the dates and web addresses), would support a finding” that
the website documents are what the proponent asserts. Perfect 10, Inc.
v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154.
(emphasis added) (See also, Lorraine v. Markel American Insurance
Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and
referencing MD5 hash values as an additional element of potential
“circumstantial indicia” for authentication of electronic evidence)...
Read more
No comments:
Post a Comment