电竞传奇

書名： Practical Mobile Forensics（Second Edition）
作者名： Heather Mahalik Rohit Tamma Satish Bommisetty
本章字數： 353字
更新時間： 2021-07-16 10:55:48

Rules of evidence

Courtrooms rely more and more on the information inside a mobile phone as vital evidence. Prevailing evidence in court requires a good understanding of the rules of evidence. Mobile forensics is a relatively new discipline and laws dictating the validity of evidence are not widely known. However, there are five general rules of evidence that apply to digital forensics and need to be followed in order for evidence to be useful. Ignoring these rules makes evidence inadmissible, and your case could be thrown out. These five rules are: admissible, authentic, complete, reliable, and believable:

Admissible: This is the most basic rule and a measure of evidence validity and importance. The evidence must be preserved and gathered in such a way that it can be used in court or elsewhere. Many errors can be made that could cause a judge to rule a piece of evidence as inadmissible. For example, evidence that is gathered using illegal methods is commonly ruled inadmissible.
Authentic: The evidence must be tied to the incident in a relevant way to prove something. The forensic examiner must be accountable for the origin of the evidence.
Complete: When evidence is presented, it must be clear and complete and should reflect the whole story. It is not enough to collect evidence that just shows one perspective of the incident. Presenting incomplete evidence is more dangerous than not providing any evidence at all as it could lead to a different judgment.
Reliable: Evidence collected from the device must be reliable. This depends on the tools and methodology used. The techniques used and evidence collected must not cast doubt on the authenticity of the evidence. If the examiner used some techniques that cannot be reproduced, the evidence is not considered unless they were directed to do so. This would include possible destructive methods such as chip-off extraction.
Believable: A forensic examiner must be able to explain, with clarity and conciseness, what processes they used and the way the integrity of the evidence was preserved. The evidence presented by the examiner must be clear, easy to understand, and believable by jury.

官术网_书友最值得收藏!

Practical Mobile Forensics（Second Edition）

Rules of evidence