The Council of Europe (CoE) defines electronic evidence as any information generated, stored or transmitted in digital form that may later be needed to prove or disprove a fact disputed in legal proceedings. The COE publishes guidance on the identification and handling of electronic evidence, in three papers, 1) Electronic Evidence Guide, 2) Standard Operating Procedures for the collection, analysis and presentation of electronic evidence and 3) Digital Forensics: A basic guide for the management and procedures of a Digital Forensics Laboratory.
All training materials, guides, templates published by CoE are available HERE.
At a crime scene there are many variables that investigators must consider in order to collect, present and analyse evidence, to preserves the chain of custody and enable it to be used in legal proceedings. Inexpert handling can cause damage and destruction of electronic evidence. Key considerations include - Do digital forensics need to be conducted on-site? Can devices be seized and if so, what is the best practice? Are hard drives encrypted? Could data be stored in the cloud and if so, can it be accessed based on the jurisdictions involved? How are devices to be packaged, transported, and stored? This process needs to be documented and timestamped.
Furthermore, evidence that is to be shared with other jurisdictions must comply with the respective domestic regulations.
Today, the level of competency varies wildly, not only from agency to agency and country to country, but within an organisation. Some have zero expertise in the use of digital evidence, whilst others understand the guidance and have procedures in place, along with the necessary technical capabilities. To move forward there needs to be a basic baseline of competence across all the actors, both inside a single jurisdiction and across borders.
Most people do not have computer science backgrounds and there can be a tendency (particularly at a management level) to assume that the tools can do everything. If tools are to be used for digital evidence purposes, there needs to be a clear understanding of what the technology is doing and what it is telling them.
Today, in highly sensitive investigation areas such as child sexual exploitation, data is being shared between law enforcement agencies around the world without restrictions, as if these are added the data cannot be used and is therefore worthless. Time is often of the essence in such criminal investigations and the use of rogatory letters and European Investigation Orders can slow down the process when requesting digital evidence. So, a tool that speeds-up, automates and standardises the whole process would be useful.
With the expansion of the Internet worldwide, digital evidences are underlying proofs of almost every crime nowadays. Emails, text messages, log files, storage media, network traffic or memory dumps may reveal detailed information about illicit activities, such as financial fraud, terrorism online propaganda, contraband, streaming of copyrighted content, online grooming, child pornography or murder, to name a few. The transversal nature of LOCARD enables prosecuting all these (and more) digital crimes.
We are constantly generating digital content because most of our communications and interactions involve some sort of technology. Therefore, it is unsurprising that most of the proofs that we could present in a court of law are digital evidences, such as emails or text messages. But, their admissibility is not straightforward, since it is mandatory to follow the national standards, laws and methodology regarding the chain of custody (investigation, acquisition, preservation, transfer, storage, etc.) to ensure that the digital evidences have not been tampered with. Blockchain technology, implemented in LOCARD, ensures the integrity, authenticity, traceability and auditability of digital evidences.
Blockchain is an emerging technology that offers differential values. It provides traceability, security, time and cost efficiency, but may also foster ethical values such as truthfulness, transparency, democratization or trust.
LOCARD blockchain technology should be focused on providing decentralization, transparency and privacy, with the aim to increase trust in the handling and processing of digital evidence.
The blockchain technology that the platform will implement to store the information (metadata) of the forensics procedure is called Hyperledger, which is a private blockchain technology that allows creating independent modules.
Therefore, specific cases will be managed by different parties using determined channels always requiring access permission.
Law Enforcement Agencies and Judicial Authorities are one of the main stakeholders of the project: the need to keep track of all evidences (including the digital ones) associated to crimes for enabling successful prosecution is an integral part of their job. Besides, forensic laboratories and security consulting organizations can also be interested parties. Organizations (e.g., online service providers) can benefit from LOCARD in case that they have indications that their systems or information have been compromised or breached. Finally, LOCARD also considers citizens through its crowdsourcing platform, so they could timely report incidents and know that their input is evaluted.
Yes, we are continuously seeking for new stakeholders as we want to increase the impact of LOCARD in our society. Therefore, we will be glad whether you want to form part of this reality. Please, feel free to send us a message in the Contact form, and we will get in touch as soon as possible.