The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa
DOI:
https://doi.org/10.17159/1727-3781/2019/v22i0a4886Keywords:
Digital forensics, digital devices, digital search and seizure, digital evidence, forensic investigation, international standardsAbstract
The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic.
Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition.
The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur.
To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure.
Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics.
It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows:
- Data should not be changed or altered.
- Original evidence should not be directly examined.
- Forensically sound duplicates should be created.
- Digital forensic analyses should be performed by competent persons.
- Digital forensic analyses should adhere to relevant local legal requirements.
- Audit trails should exist consisting of all required documents and actions.
- The chain of custody should be protected.
- Processes and procedures should be proper, while recognised and accepted by the industry.
If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.
Downloads
References
Literature
Angermeier 2010 J Crim L & Criminology
Angermeier V "Swinging for the Fences: How Comprehensive Drug Testing, Inc. Missed the Ball on Digital Searches" 2010 J Crim L & Criminology 1587-1632
Anon Current Policy and Procedure
Anon Current Policy and Procedure on Digital Search and Seizure by the SAPS [telephonic interview] (15 September 2016 Pretoria)
Basdeo Constitutional Perspective of Police Powers
Basdeo V Constitutional Perspective of Police Powers of Search and Seizure in the Criminal Justice System (LLM-thesis UNISA 2009)
Basdeo 2012 SACJ
Basdeo V "The Legal Challenges of Search and Seizure of Electronic Evidence in South African Criminal Procedure: A Comparative Analysis" 2012 SACJ 198-211
Bouwer 2014 SACJ
Bouwer GP "Search and Seizure of Electronic Evidence: Division of the Traditional One-step Process into a New Two-step Process in a South African Context" 2014 SACJ 156-171
Brenner and Fredericksen 2002 Mich Telecomm & Tech L Rev
Brenner SW and Fredericksen BA "Computer Searches and Seizures: Some Unresolved Issues" 2002 Mich Telecomm & Tech L Rev 60-63, 81-82
Brown Computer Evidence
Brown CLT Computer Evidence: Collection and Preservation 2nd ed (Charles River Media Hingham 2010)
Casey Handbook of Computer Crime
Casey E (ed) Handbook of Computer Crime: Forensic Tools and Technology (Academic Press London 2000)
Casey Digital Evidence
Casey E (ed) Digital Evidence and Computer Crime: Forensics Science, Computers and the Internet 3rd ed (Elsevier Amsterdam 2011)
Craiger and Shenoi Advances in Digital Forensics
Craiger JP and Shenoi S Advances in Digital Forensics III (International Federation for Information Processing New York 2007)
Cross Scene of the Cybercrime
Cross M Scene of the Cybercrime 2nd ed (Syngress Publishing Arlington 2008)
Gibson Neuromancer
Gibson W Neuromancer (Phantasia Washington 1984)
Guzzi 2012 Am Crim L Rev
Guzzi S "Digital Searches and the Fourth Amendment: The Interplay between the Plain View Doctrine and Search-protocol Warrant Restrictions" 2012 Am Crim L Rev 301-329
Hart 1958 Harv L Rev
Hart HLA "Positivism and the Separation of Law and Morals" 1958 Harv L Rev 593-629
Jopek-Bosiacka 2011 Research in Language
Jopek-Bosiacka A "Defining Law Terms: A Cross-cultural Perspective" 2011 Research in Language 9-29
Kanellis Digital Crime
Kanellis P Digital Crime and Forensic Science in Cyberspace (Idea Group London 2006)
Kerr 2005 Harv L Rev
Kerr OS "Searches and Seizures in a Digital World" 2005 Harv L Rev 531-585
Kerr 2005 Miss LJ
Kerr OS "Search Warrants in an Era of Digital Evidence" 2005 Miss LJ 85-108
Kessler Judges' Awareness
Kessler G Judges' Awareness, Understanding, and Application of Digital Evidence (PhD-thesis Nova Southeastern University 2010)
Lange and Nimsger Electronic Evidence
Lange MCS and Nimsger KM Electronic Evidence and Discovery: What Every Lawyer should Know (ABA Chicago 2004)
Mohay et al Computer and Intrusion Forensics
Mohay GM et al Computer and Intrusion Forensics (Artech House Boston 2003)
National Institute of Justice Forensic Examination of Digital Evidence
National Institute of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement (US Department of Justice Washington 2004)
Nieman Search and Seizure
Nieman A Search and Seizure, Production and Preservation of Electronic Evidence (PhD-thesis North West University 2006)
Nieman 2009 JILT
Nieman A "Cyberforensics: Bridging the Law / Technology Divide" 2009 JILT 1-29
SALRC Discussion Paper 9
South African Law Reform Commission Discussion Paper 99, Project 108. Computer-related Crime: Preliminary Proposals for Reform in respect of Unauthorised Access to Computers, Unauthorised Modification of Computer Data and Software Applications and Related Procedural Aspects (SALRC Pretoria 2002)
SALRC Issue Paper 27
South African Law Reform Commission Issue Paper 27, Project 126. Review of the Law of Evidence - Electronic Evidence in Criminal and Civil Proceedings: Admissibility and Related Issues (SALRC Pretoria 2010)
SAPS National Instruction 2/2002
South African Police Service National Instruction 2/2002: Search and Seizure (SAPS Pretoria 2002)
SAPS Practical Guide to Apply for Search Warrants
South African Police Service Practical Guide to Apply for Search Warrants in terms of Section 21 of the Criminal Procedure Act 51 of 1977 (SAPS Pretoria 2016)
Schetina, Green and Carlson Internet Site Security
Schetina ES, Green K and Carlson J Internet Site Security (Addison-Wesley Boston 2002)
Schneier Applied Cryptography
Schneier B Applied Cryptography, Second Edition Protocols, Algorithms and Source Code in C (Wiley New Jersey 1996)
Scholtz Towards an Automated Digital Data Forensic Model
Scholtz J Towards an Automated Digital Data Forensic Model with Specific Reference to Investigation Processes: A Survey of Actual and Desirable Practice (MCIS-thesis Auckland University of Technology 2009)
Silvernail 1997 Ala Law
Silvernail SJ "Electronic Evidence: Discovery in the Computer Age" 1997 Ala Law 176-177
Steytler Constitutional Criminal Procedure
Steytler N Constitutional Criminal Procedure: A Commentary on the Constitution of the Republic of South Africa (LexisNexis Butterworths Durban 2004)
Thompson 2005 Digital Investigation
Thompson E "MD5 Collisions and the Impact on Computer Forensics" 2005 Digital Investigation 36-40
UN UNCITRAL Model Law
United Nations UNCITRAL Model Law on Electronic Commerce with Guide to Enactment (United Nations New York 1996)
Vacca Computer Forensics
Vacca JR Computer Forensics: Computer Crime Scene Investigation 2nd ed (Charles River Media Hingham 2005)
Van der Merwe et al Information and Communications Technology Law
Van der Merwe D et al Information and Communications Technology Law (LexisNexis Durban 2008)
Wang 2007 CSI
Wang SJ "Measures of Retaining Digital Evidence to Prosecute Computer Based Cybercrimes" 2007 CSI 216-223
Case law
Canada
R v Munshi 2002 CanLII 39110 (ON SC)
R v Vu 2013 3 SCR 657 (SCC)
South Africa
Bennett v Minister of Safety and Security (TPD) (unreported) case number 10828/2005 of 13 May 2005
Heaney v S 2016 ZAGPPHC 257 (19 April 2016)
Minister of Safety and Security v Bennett 2008 2 All SA 26 (SCA)
Minister of Safety and Security v Xaba 2003 1 All SA 596 (D)
Muller v BOE Bank Ltd 2011 1 SA 252 (WCC)
National Director of Public Prosecutions v Zuma 2008 1 All SA 197 (SCA)
Ntoyakhe v Minister of Safety and Security 2000 1 SA 257 (E)
Powell v Van der Merwe 2005 1 All SA 149 (SCA)
Rudolph v Commissioner for Inland Revenue 1996 7 BCLR 11 (CC)
Thint (Pty) Ltd v National Director of Public Prosecutions, Zuma v National Director of Public Prosecutions 2009 1 SA 1 (CC)
United States of America
Arizona v Hicks 480 US 321, 325 (1987)
Daubert v Merrell Dow Pharmaceuticals, Inc 509 US 579 (1993)
Lorraine v Markel American Ins Co (2007) 241 FRD 534, 544 (D Md 2007)
United States v Flores-Lopez No 10-3803 (7th Cir 2012)
Legislation
Australia
Australian Crimes Act 12 of 1914
New Zealand
Search and Surveillance Act 24 of 2012
South Africa
Constitution of the Republic of South Africa, 1996
Criminal Procedure Act 51 of 1977
Draft Cybercrimes and Cybersecurity Bill, 2016
Electronic Communications and Transactions Act 25 of 2002
International instruments
Council of Europe Convention on Cybercrime (2001)
UNCITRAL Model Law on Electronic Commerce (1996)
Internet sources
AAFS 2008 http://www.aafs.org/students/choosing-a-career/types-of-forensic-scientists-disciplines-of-aafs/
American Academy of Forensic Sciences 2008 AAFS Digital and Multimedia Sciences http://www.aafs.org/students/choosing-a-career/types-of-forensic-scientists-disciplines-of-aafs/ accessed 5 January 2016
Association of Chief Police Officers 1997 Good Practice Guide for Computer-Based Electronic Evidence Version 5 http://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf accessed 27 December 2015
Chisum and Turvey 2000 http://www.profiling.org/journal/vol1_no1/jbp_ed_january2000_1-1.html
Chisum WJ and Turvey BE 2000 Evidence Dynamics: Locard's Exchange Principle and Crime Reconstruction http://www.profiling.org/journal/vol1_no1/jbp_ed_january2000_1-1.html accessed 29 January 2018
Christensson 2005 http://pc.net/helpcenter/answers/difference_between_analog_and_digital
Christensson P 2005 What is the Difference between Analog and Digital Technology? http://pc.net/helpcenter/answers/difference_between_analog_and_digital accessed 10 December 2015
Clark and Connolly 2006 https://www.law.georgetown.edu/academics/academic-programs/legal-writing-scholarship/writing-center/upload/statutoryinterpretation.pdf
Clark K and Connolly M 2006 A Guide to Reading, Interpreting and Applying Statutes https://www.law.georgetown.edu/academics/academic-programs/legal-writing-scholarship/writing-center/upload/statutoryinterpretation.pdf accessed 15 February 2016
Council of Europe 2001 http://www.oas.org/juridico/english/cyb_pry_coe.pdf
Council of Europe 2001 The Council of Europe Convention on Cybercrime: Status Quo and Future Challenges http://www.oas.org/juridico/english/cyb_pry_coe.pdf accessed 29 April 2016
Digital Intelligence 2016 https://www.digitalintelligence.com/products/forensic_duplicator/
Digital Intelligence 2016 Forensic Duplicator https://www.digitalintelligence.com/products/forensic_duplicator/ accessed 1 April 2016
Francoeur 2003 http://www.scribd.com/doc/276157/The-Principles-of-Electronic-Agreement-Legal-Admissibility-WP-8-07
Francoeur J 2003 The Principles of Electronic Agreement Legal Admissibility http://www.scribd.com/doc/276157/The-Principles-of-Electronic-Agreement-Legal-Admissibility-WP-8-07 accessed 14 June 2016
Forensic Handbook 2012 http://www.forensichandbook.com/locards-exchange-principle/
Forensic Handbook 2012 Locard's Exchange Principle http://www.forensichandbook.com/locards-exchange-principle/ accessed 16 July 2016
Forensics Library 2014 http://aboutforensics.co.uk/edmond-locard/
The Forensics Library 2014 Edmond Locard http://aboutforensics.co.uk/edmond-locard/ accessed 12 December 2015
Hofman 2006 http://hofman@law.uct.ac.za
Hofman J 2006 Electronic Evidence in South Africa http://hofman@law.uct.ac.za accessed 2 November 2014
IOS 2012 https://www.iso.org/standard/44381.html
International Organisation of Standardisation 2012 ISO/IEC 27037:2012 Information Technology ? Security Techniques ? Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence https://www.iso.org/standard/44381.html accessed 22 February 2016
IOS 2014 https://www.iso.org/standard/44407.html
International Organisation of Standardisation 2014 ISO/IEC 27043:2014 Information Technology ? Security Techniques ? Incident Investigation Principles and Processes https://www.iso.org/standard/44407.html accessed 22 February 2016
Lidbury and Boland 2012 http://www.insidecounsel.com/2012/05/11/technology-forensically-sound-collection-of-esi
Lidbury T and Boland M 2012 Technology: Forensically Sound Collection of ESI http://www.insidecounsel.com/2012/05/11/technology-forensically-sound-collection-of-esi accessed 13 January 2016
Losey 2007 https://e-discoveryteam.com/school/computer-hash-5f0266c4c326b9a1ef9e39cb78c352dc/
Losey R 2007 e-Discovery Team Blog: Hash https://e-discoveryteam.com/school/computer-hash-5f0266c4c326b9a1ef9e39cb78c352dc/ accessed 16 July 2016
Lowe Date Unknown http://www.dummies.com/how-to/content/digital-electronics-binary-basics.html
Lowe D Date Unknown Digital Electronics: Binary Basics http://www.dummies.com/how-to/content/digital-electronics-binary-basics.html accessed 2 September 2015
Oxford English Dictionary 2016 https://en.oxforddictionaries.com/definition/cellular_phone
Oxford English Dictionary 2016 Cellular Phone https://en.oxforddictionaries.com/definition/cellular_phone accessed 23 October 2016
Oxford English Dictionary 2016 http://www.oxforddictionaries.com/definition/english/computer
Oxford English Dictionary 2016 Computer http://www.oxforddictionaries.com/definition/english/computer accessed 23 April 2016
Oxford English Dictionary 2016 https://en.oxforddictionaries.com/definition/cyber
Oxford English Dictionary 2016 Cyber https://en.oxforddictionaries.com/definition/cyber accessed 23 October 2016
Palmer 2001 https://isis.poly.edu/kulesh/forensics/docs/DFRWS_RM_Final.pdf
Palmer G 2001 A Road Map for Digital Forensic Research https://isis.poly.edu/kulesh/forensics/docs/DFRWS_RM_Final.pdf accessed 10 November 2015
Spencer 2014 https://www.quora.com/Whats-the-difference-between-electronic-and-digital
Spencer M 2014 What's the Difference between "Electronic" and "Digital"? https://www.quora.com/Whats-the-difference-between-electronic-and-digital accessed 23 May 2016
Scientific Working Group on Digital Evidence 2012 SWGDE/SWGIT Digital and Multimedia Evidence Glossary https://www.swgit.org/pdf/SWGDE%20and%20SWGIT%20Digital%20and%20Multimedia%20Evidence%20Glossary?docID=60 accessed 3 May 2015
Van Deusen Phillips 2010 https://crlgrn.wordpress.com/2010/07/27/legal-considerations-for-electronic-evidence-part-5-original-vs-duplicate-documents-unfair-prejudice/
Van Deusen Phillips S 2010 The Documentalist - Legal Considerations for Electronic Evidence, Part 5: Original vs Duplicate Documents and Unfair Prejudice https://crlgrn.wordpress.com/2010/07/27/legal-considerations-for-electronic-evidence-part-5-original-vs-duplicate-documents-unfair-prejudice/ accessed 23 October 2015
Vandeven 2014 https://www.sans.org/reading-room/whitepapers/forensics/forensic-images-viewing-pleasure-35447
Vandeven S 2014 Forensic Images: For Your Viewing Pleasure https://www.sans.org/reading-room/whitepapers/forensics/forensic-images-viewing-pleasure-35447 accessed 2 October 2015
Woodford 2007 http://www.explainthatstuff.com/howcomputerswork.html
Woodford C 2007 Computers http://www.explainthatstuff.com/howcomputerswork.html accessed 22 February 2016
Published
Issue
Section
License
Copyright (c) 2019 Jacobus Gerhardus Nortje, Daniel Christoffel Myburgh
This work is licensed under a Creative Commons Attribution 4.0 International License.
.png){kind=spacer}