Forensics and the Law

Digital evidence is extremely volatile material. The admissibility of evidence is regulated by a complex formula of domestic law, international law and precedent. It is also influenced by codes of practice and technical constraints.

ISO/IEC 27002 provides the following advice regarding the collection of evidence:

'Collection of evidence; where action against a person or organisation after an information security incident involves legal action (either civil or criminal), evidence should be collected, retained, and presented to conform to the rules for evidence laid down in the relevant jurisdiction(s)." It goes on to add, "To achieve admissibility of the evidence, the organisation should ensure that their information systems comply with any published standard or code of practice for the production of admissible evidence'.

There is a legislative framework for Digital Forensics established under the:

• Criminal Justice Acts
• Police and Criminal Evidence Act
• Civil Evidence Act and Common Law

Most 'good practice' has been established by:

• Criminal precedent
• Codes of practice
• Forensic experts

Other legal and contractual considerations that need to be taken into account include:

• Changes in Data Protection Law to reflect new act and codes of practice issued in December 2000
• New Data Protection Code of Practice in the use of Closed Circuit Television (CCTV)
• Disciplinary and legal considerations arising from employment contracts such as breach of e-mail or Internet policy
• Human Rights Act
• Interception of e-mail and URL Monitoring
• "Safe Harbour" agreements under DPA 1998
• Information security and Information Technology outsourcing contracts
• Evidential issues from electronic contacts and Internet pages

Please refer to our Legislation  section for further information. Please note that these pages are designed to provide guidance and information; they are not intended to replace legal advice.