If the investigators believe the computer
system is only acting as a storage device, they usually aren't allowed to seize
the hardware itself. This limits any evidence investigation to the
field. On the other hand, if the investigators believe the hardware itself is
evidence, they can seize the hardware and bring it to another location. For
example, if the computer is stolen property, then the investigators could seize
the hardware.
In order to use evidence from a computer
system in court, the prosecution must authenticate the evidence. That
is, the prosecution must be able to prove that the information presented as
evidence came from the suspect's computer and that it remains unaltered.
Although it's generally acknowledged that
tampering with computer data is both possible and relatively simple to do, the
courts so far haven't discounted computer evidence completely. Rather, the
courts require proof or evidence of tampering before dismissing computer
evidence.
Another consideration the courts take into
account with computer evidence is hearsay. Hearsay is a term referring to
statements made outside of a court of law. In most cases, courts can't allow
hearsay as evidence. The courts have determined that information on a computer
does not constitute hearsay in most cases, and is therefore admissible.
If the computer records include
human-generated statements like e-mail messages, the court must
determine if the statements can be considered trustworthy before allowing them
as evidence. Courts determine this on a case-by-case basis.
No comments:
Post a Comment