The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa

Authors

DOI:

https://doi.org/10.17159/1727-3781/2019/v22i0a4886

Keywords:

Digital forensics, digital devices, digital search and seizure, digital evidence, forensic investigation, international standards

Abstract

The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic.

Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition.

The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur.

To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure.

Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics.

It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows:

  • Data should not be changed or altered.
  • Original evidence should not be directly examined.
  • Forensically sound duplicates should be created.
  • Digital forensic analyses should be performed by competent persons.
  • Digital forensic analyses should adhere to relevant local legal requirements.
  • Audit trails should exist consisting of all required documents and actions.
  • The chain of custody should be protected.
  • Processes and procedures should be proper, while recognised and accepted by the industry.

If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.

Google_Scholar83.png      SO18.png

Downloads

Download data is not yet available.

References

Literature

Angermeier 2010 J Crim L & Criminology

Angermeier V "Swinging for the Fences: How Comprehensive Drug Testing, Inc. Missed the Ball on Digital Searches" 2010 J Crim L & Criminology 1587-1632

Anon Current Policy and Procedure

Anon Current Policy and Procedure on Digital Search and Seizure by the SAPS [telephonic interview] (15 September 2016 Pretoria)

Basdeo Constitutional Perspective of Police Powers

Basdeo V Constitutional Perspective of Police Powers of Search and Seizure in the Criminal Justice System (LLM-thesis UNISA 2009)

Basdeo 2012 SACJ

Basdeo V "The Legal Challenges of Search and Seizure of Electronic Evidence in South African Criminal Procedure: A Comparative Analysis" 2012 SACJ 198-211

Bouwer 2014 SACJ

Bouwer GP "Search and Seizure of Electronic Evidence: Division of the Traditional One-step Process into a New Two-step Process in a South African Context" 2014 SACJ 156-171

Brenner and Fredericksen 2002 Mich Telecomm & Tech L Rev

Brenner SW and Fredericksen BA "Computer Searches and Seizures: Some Unresolved Issues" 2002 Mich Telecomm & Tech L Rev 60-63, 81-82

Brown Computer Evidence

Brown CLT Computer Evidence: Collection and Preservation 2nd ed (Charles River Media Hingham 2010)

Casey Handbook of Computer Crime

Casey E (ed) Handbook of Computer Crime: Forensic Tools and Technology (Academic Press London 2000)

Casey Digital Evidence

Casey E (ed) Digital Evidence and Computer Crime: Forensics Science, Computers and the Internet 3rd ed (Elsevier Amsterdam 2011)

Craiger and Shenoi Advances in Digital Forensics

Craiger JP and Shenoi S Advances in Digital Forensics III (International Federation for Information Processing New York 2007)

Cross Scene of the Cybercrime

Cross M Scene of the Cybercrime 2nd ed (Syngress Publishing Arlington 2008)

Gibson Neuromancer

Gibson W Neuromancer (Phantasia Washington 1984)

Guzzi 2012 Am Crim L Rev

Guzzi S "Digital Searches and the Fourth Amendment: The Interplay between the Plain View Doctrine and Search-protocol Warrant Restrictions" 2012 Am Crim L Rev 301-329

Hart 1958 Harv L Rev

Hart HLA "Positivism and the Separation of Law and Morals" 1958 Harv L Rev 593-629

Jopek-Bosiacka 2011 Research in Language

Jopek-Bosiacka A "Defining Law Terms: A Cross-cultural Perspective" 2011 Research in Language 9-29

Kanellis Digital Crime

Kanellis P Digital Crime and Forensic Science in Cyberspace (Idea Group London 2006)

Kerr 2005 Harv L Rev

Kerr OS "Searches and Seizures in a Digital World" 2005 Harv L Rev 531-585

Kerr 2005 Miss LJ

Kerr OS "Search Warrants in an Era of Digital Evidence" 2005 Miss LJ 85-108

Kessler Judges' Awareness

Kessler G Judges' Awareness, Understanding, and Application of Digital Evidence (PhD-thesis Nova Southeastern University 2010)

Lange and Nimsger Electronic Evidence

Lange MCS and Nimsger KM Electronic Evidence and Discovery: What Every Lawyer should Know (ABA Chicago 2004)

Mohay et al Computer and Intrusion Forensics

Mohay GM et al Computer and Intrusion Forensics (Artech House Boston 2003)

National Institute of Justice Forensic Examination of Digital Evidence

National Institute of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement (US Department of Justice Washington 2004)

Nieman Search and Seizure

Nieman A Search and Seizure, Production and Preservation of Electronic Evidence (PhD-thesis North West University 2006)

Nieman 2009 JILT

Nieman A "Cyberforensics: Bridging the Law / Technology Divide" 2009 JILT 1-29

SALRC Discussion Paper 9

South African Law Reform Commission Discussion Paper 99, Project 108. Computer-related Crime: Preliminary Proposals for Reform in respect of Unauthorised Access to Computers, Unauthorised Modification of Computer Data and Software Applications and Related Procedural Aspects (SALRC Pretoria 2002)

SALRC Issue Paper 27

South African Law Reform Commission Issue Paper 27, Project 126. Review of the Law of Evidence - Electronic Evidence in Criminal and Civil Proceedings: Admissibility and Related Issues (SALRC Pretoria 2010)

SAPS National Instruction 2/2002

South African Police Service National Instruction 2/2002: Search and Seizure (SAPS Pretoria 2002)

SAPS Practical Guide to Apply for Search Warrants

South African Police Service Practical Guide to Apply for Search Warrants in terms of Section 21 of the Criminal Procedure Act 51 of 1977 (SAPS Pretoria 2016)

Schetina, Green and Carlson Internet Site Security

Schetina ES, Green K and Carlson J Internet Site Security (Addison-Wesley Boston 2002)

Schneier Applied Cryptography

Schneier B Applied Cryptography, Second Edition Protocols, Algorithms and Source Code in C (Wiley New Jersey 1996)

Scholtz Towards an Automated Digital Data Forensic Model

Scholtz J Towards an Automated Digital Data Forensic Model with Specific Reference to Investigation Processes: A Survey of Actual and Desirable Practice (MCIS-thesis Auckland University of Technology 2009)

Silvernail 1997 Ala Law

Silvernail SJ "Electronic Evidence: Discovery in the Computer Age" 1997 Ala Law 176-177

Steytler Constitutional Criminal Procedure

Steytler N Constitutional Criminal Procedure: A Commentary on the Constitution of the Republic of South Africa (LexisNexis Butterworths Durban 2004)

Thompson 2005 Digital Investigation

Thompson E "MD5 Collisions and the Impact on Computer Forensics" 2005 Digital Investigation 36-40

UN UNCITRAL Model Law

United Nations UNCITRAL Model Law on Electronic Commerce with Guide to Enactment (United Nations New York 1996)

Vacca Computer Forensics

Vacca JR Computer Forensics: Computer Crime Scene Investigation 2nd ed (Charles River Media Hingham 2005)

Van der Merwe et al Information and Communications Technology Law

Van der Merwe D et al Information and Communications Technology Law (LexisNexis Durban 2008)

Wang 2007 CSI

Wang SJ "Measures of Retaining Digital Evidence to Prosecute Computer Based Cybercrimes" 2007 CSI 216-223

Case law

Canada

R v Munshi 2002 CanLII 39110 (ON SC)

R v Vu 2013 3 SCR 657 (SCC)

South Africa

Bennett v Minister of Safety and Security (TPD) (unreported) case number 10828/2005 of 13 May 2005

Heaney v S 2016 ZAGPPHC 257 (19 April 2016)

Minister of Safety and Security v Bennett 2008 2 All SA 26 (SCA)

Minister of Safety and Security v Xaba 2003 1 All SA 596 (D)

Muller v BOE Bank Ltd 2011 1 SA 252 (WCC)

National Director of Public Prosecutions v Zuma 2008 1 All SA 197 (SCA)

Ntoyakhe v Minister of Safety and Security 2000 1 SA 257 (E)

Powell v Van der Merwe 2005 1 All SA 149 (SCA)

Rudolph v Commissioner for Inland Revenue 1996 7 BCLR 11 (CC)

Thint (Pty) Ltd v National Director of Public Prosecutions, Zuma v National Director of Public Prosecutions 2009 1 SA 1 (CC)

United States of America

Arizona v Hicks 480 US 321, 325 (1987)

Daubert v Merrell Dow Pharmaceuticals, Inc 509 US 579 (1993)

Lorraine v Markel American Ins Co (2007) 241 FRD 534, 544 (D Md 2007)

United States v Flores-Lopez No 10-3803 (7th Cir 2012)

Legislation

Australia

Australian Crimes Act 12 of 1914

New Zealand

Search and Surveillance Act 24 of 2012

South Africa

Constitution of the Republic of South Africa, 1996

Criminal Procedure Act 51 of 1977

Draft Cybercrimes and Cybersecurity Bill, 2016

Electronic Communications and Transactions Act 25 of 2002

International instruments

Council of Europe Convention on Cybercrime (2001)

UNCITRAL Model Law on Electronic Commerce (1996)

Internet sources

AAFS 2008 http://www.aafs.org/students/choosing-a-career/types-of-forensic-scientists-disciplines-of-aafs/

American Academy of Forensic Sciences 2008 AAFS Digital and Multimedia Sciences http://www.aafs.org/students/choosing-a-career/types-of-forensic-scientists-disciplines-of-aafs/ accessed 5 January 2016

ACPO 1997 http://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf

Association of Chief Police Officers 1997 Good Practice Guide for Computer-Based Electronic Evidence Version 5 http://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf accessed 27 December 2015

Chisum and Turvey 2000 http://www.profiling.org/journal/vol1_no1/jbp_ed_january2000_1-1.html

Chisum WJ and Turvey BE 2000 Evidence Dynamics: Locard's Exchange Principle and Crime Reconstruction http://www.profiling.org/journal/vol1_no1/jbp_ed_january2000_1-1.html accessed 29 January 2018

Christensson 2005 http://pc.net/helpcenter/answers/difference_between_analog_and_digital

Christensson P 2005 What is the Difference between Analog and Digital Technology? http://pc.net/helpcenter/answers/difference_between_analog_and_digital accessed 10 December 2015

Clark and Connolly 2006 https://www.law.georgetown.edu/academics/academic-programs/legal-writing-scholarship/writing-center/upload/statutoryinterpretation.pdf

Clark K and Connolly M 2006 A Guide to Reading, Interpreting and Applying Statutes https://www.law.georgetown.edu/academics/academic-programs/legal-writing-scholarship/writing-center/upload/statutoryinterpretation.pdf accessed 15 February 2016

Council of Europe 2001 http://www.oas.org/juridico/english/cyb_pry_coe.pdf

Council of Europe 2001 The Council of Europe Convention on Cybercrime: Status Quo and Future Challenges http://www.oas.org/juridico/english/cyb_pry_coe.pdf accessed 29 April 2016

Digital Intelligence 2016 https://www.digitalintelligence.com/products/forensic_duplicator/

Digital Intelligence 2016 Forensic Duplicator https://www.digitalintelligence.com/products/forensic_duplicator/ accessed 1 April 2016

Francoeur 2003 http://www.scribd.com/doc/276157/The-Principles-of-Electronic-Agreement-Legal-Admissibility-WP-8-07

Francoeur J 2003 The Principles of Electronic Agreement Legal Admissibility http://www.scribd.com/doc/276157/The-Principles-of-Electronic-Agreement-Legal-Admissibility-WP-8-07 accessed 14 June 2016

Forensic Handbook 2012 http://www.forensichandbook.com/locards-exchange-principle/

Forensic Handbook 2012 Locard's Exchange Principle http://www.forensichandbook.com/locards-exchange-principle/ accessed 16 July 2016

Forensics Library 2014 http://aboutforensics.co.uk/edmond-locard/

The Forensics Library 2014 Edmond Locard http://aboutforensics.co.uk/edmond-locard/ accessed 12 December 2015

Hofman 2006 http://hofman@law.uct.ac.za

Hofman J 2006 Electronic Evidence in South Africa http://hofman@law.uct.ac.za accessed 2 November 2014

IOS 2012 https://www.iso.org/standard/44381.html

International Organisation of Standardisation 2012 ISO/IEC 27037:2012 Information Technology ? Security Techniques ? Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence https://www.iso.org/standard/44381.html accessed 22 February 2016

IOS 2014 https://www.iso.org/standard/44407.html

International Organisation of Standardisation 2014 ISO/IEC 27043:2014 Information Technology ? Security Techniques ? Incident Investigation Principles and Processes https://www.iso.org/standard/44407.html accessed 22 February 2016

Lidbury and Boland 2012 http://www.insidecounsel.com/2012/05/11/technology-forensically-sound-collection-of-esi

Lidbury T and Boland M 2012 Technology: Forensically Sound Collection of ESI http://www.insidecounsel.com/2012/05/11/technology-forensically-sound-collection-of-esi accessed 13 January 2016

Losey 2007 https://e-discoveryteam.com/school/computer-hash-5f0266c4c326b9a1ef9e39cb78c352dc/

Losey R 2007 e-Discovery Team Blog: Hash https://e-discoveryteam.com/school/computer-hash-5f0266c4c326b9a1ef9e39cb78c352dc/ accessed 16 July 2016

Lowe Date Unknown http://www.dummies.com/how-to/content/digital-electronics-binary-basics.html

Lowe D Date Unknown Digital Electronics: Binary Basics http://www.dummies.com/how-to/content/digital-electronics-binary-basics.html accessed 2 September 2015

Oxford English Dictionary 2016 https://en.oxforddictionaries.com/definition/cellular_phone

Oxford English Dictionary 2016 Cellular Phone https://en.oxforddictionaries.com/definition/cellular_phone accessed 23 October 2016

Oxford English Dictionary 2016 http://www.oxforddictionaries.com/definition/english/computer

Oxford English Dictionary 2016 Computer http://www.oxforddictionaries.com/definition/english/computer accessed 23 April 2016

Oxford English Dictionary 2016 https://en.oxforddictionaries.com/definition/cyber

Oxford English Dictionary 2016 Cyber https://en.oxforddictionaries.com/definition/cyber accessed 23 October 2016

Palmer 2001 https://isis.poly.edu/kulesh/forensics/docs/DFRWS_RM_Final.pdf

Palmer G 2001 A Road Map for Digital Forensic Research https://isis.poly.edu/kulesh/forensics/docs/DFRWS_RM_Final.pdf accessed 10 November 2015

Spencer 2014 https://www.quora.com/Whats-the-difference-between-electronic-and-digital

Spencer M 2014 What's the Difference between "Electronic" and "Digital"? https://www.quora.com/Whats-the-difference-between-electronic-and-digital accessed 23 May 2016

SWGDE 2012 https://www.swgit.org/pdf/SWGDE%20and%20SWGIT%20Digital%20and%20Multimedia%20Evidence%20Glossary?docID=60

Scientific Working Group on Digital Evidence 2012 SWGDE/SWGIT Digital and Multimedia Evidence Glossary https://www.swgit.org/pdf/SWGDE%20and%20SWGIT%20Digital%20and%20Multimedia%20Evidence%20Glossary?docID=60 accessed 3 May 2015

Van Deusen Phillips 2010 https://crlgrn.wordpress.com/2010/07/27/legal-considerations-for-electronic-evidence-part-5-original-vs-duplicate-documents-unfair-prejudice/

Van Deusen Phillips S 2010 The Documentalist - Legal Considerations for Electronic Evidence, Part 5: Original vs Duplicate Documents and Unfair Prejudice https://crlgrn.wordpress.com/2010/07/27/legal-considerations-for-electronic-evidence-part-5-original-vs-duplicate-documents-unfair-prejudice/ accessed 23 October 2015

Vandeven 2014 https://www.sans.org/reading-room/whitepapers/forensics/forensic-images-viewing-pleasure-35447

Vandeven S 2014 Forensic Images: For Your Viewing Pleasure https://www.sans.org/reading-room/whitepapers/forensics/forensic-images-viewing-pleasure-35447 accessed 2 October 2015

Woodford 2007 http://www.explainthatstuff.com/howcomputerswork.html

Woodford C 2007 Computers http://www.explainthatstuff.com/howcomputerswork.html accessed 22 February 2016

Published

25-04-2019

Issue

Section

Articles

How to Cite

Nortje, J. G., & Myburgh, D. C. (2019). The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa. Potchefstroom Electronic Law Journal, 22, 1-42. https://doi.org/10.17159/1727-3781/2019/v22i0a4886

Similar Articles

31-40 of 1127

You may also start an advanced similarity search for this article.