Percheziţia sistemelor informatice şi a mijloacelor de stocare a datelor informatice
Author(s): George Zlati
Search and seizure of computers and electronic devices (I)
Subject(s): Law, Constitution, Jurisprudence
Published by: Universul Juridic
Keywords: digital evidence; digital forensics; imaging; hash code; deleted computer data; timestamps; temporary files; remote forensic; computer search warrant.
Summary/Abstract: Because the relevant legal literature regarding the discipline of search and seizure of computers and electronic devices is lacking, the author considered to be important to analyse some difficult aspects regarding this domain, both from a technical and legal point of view. Firstly, the author acknowledges the importance of volatile data like the content in the RAM memory, network status, open ports, logging sessions, etc. but still considers that a live imaging or a remote forensic cannot be accepted as a valid solution because of the fact that such an interaction with a live computer system involves the risk of altering computer data. Secondly, practical aspects regarding the procedure of obtaining digital evidence and artefacts is considered. Regarding this matter, the author analyses – among others – the issues of: retrieving deleted computer data, identifying temporary additional files that were created without the will of the user in the process of accesing particular files or computer programs, or the role of hash codes in the quest of identifying child pornography or computer malwares on a seized computer or electronic device. Likewise, the author criticizes the way in which timestamps are interpreted and used by emphasizing the point that timestamps are not reliable enough. Because of this critique, some solutions are provided in an attempt to find a balance between the importance of timestamps in a criminal case and the need and their reliability.
- Issue Year: X/2014
- Issue No: 03
- Page Range: 20-39
- Page Count: 20
- Language: Romanian