The ACPO Principles of Digital Based Evidence
At Athena Forensics all of our computer forensic experts adhere to the Association of Chief Police Officers ACPO Guidelines for Computer Based Evidence. The main principles of the ACPO Good Practice Guide for Computer Based Electronic Evidence are:
ACPO Principle 1: That no action take is taken that should change data held on a digital device including a computer or mobile phone that may subsequently be relied upon as evidence in court.
ACPO Principle 2: Where a person finds it necessary to access original data held on a digital device that the person must be competent to do so and able to explain their actions and the implications of those actions on the digital evidence to a Court.
ACPO Principle 3: That a trail or record of all actions taken that have been applied to the digital evidence should be created and preserved. An independent third party forensic expert should be able to examine those processes and reach the same conclusion.
ACPO Principle 4: That the individual in charge of the investigation has overall responsibility to ensure that these principles are followed.
An Explanation of the ACPO Guidelines For Computer Based Evidence
Computer based electronic evidence is held to the same rules and expectations that apply to all other evidence before a court.
The onus is on the prosecution to prove to a court that the evidence produced by them is no more and no less than it was when it was first taken into the possession of the Police at the point of seizure.
As computer and mobile phone operating systems and other programs present often alter, including create and delete files from a device and this can happen without the user being aware of it, simply by being switched on.
To comply with the ACPO principles of computer based evidence where possible a full bit copy image of the memory present on the digital device should be taken.
The ACPO guidelines for digital based evidence also require that any data is acquired using a suitable write blocking hardware unit, however, on some occasions this is not possible, for example, when the original digital device itself requires access. In these circumstances, the individual who carries out this process is sufficiently competent to provide evidence in court to explain the actions undertaken.
When providing evidence to court, the individual must display objectivity and fairness whilst being able to explain each process completed with the digital evidence, including the acquisition and examination of it, so that a third party digital examiner/expert can repeat the same process if required and arrive at the same result as that presented to the court.
Further material is available here: https://athenaforensics.co.uk/reference-material-for-best-digital-forensic-practices-standards/
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensic experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years. Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.