Digital evidence collection is quite crucial for solving cybercrimes and starting computer forensic investigations and it is essential for law enforcement personnel to understand about various types of corporate violations and policy considerations in enforcement in terms of digital evidence collection. Digital evidence has a wider span and it helps in handling “both physically and personally sensitive information” and “it taps into interconnected criminal justice issues that go beyond law enforcement’s typical role in collecting evidence” (Goodison, et al, 2015, p. 3). Therefore, the importance of digital evidence cannot be negated. However, the law enforcement personnel should be up-to-date about related legislation in order to strengthen their collected digital evidence.
The fourth amendment restricts governmental authorities to initiate an unreasonable search and seizure in order to protect people. For collecting digital evidence, the law enforcement official must obtain search warrant from court in order to validate their search (Goodison, et al, 2015). In corporate sector, attorneys are hired for handling such kind of issues. Employees and employers have to adhere to the corporate policy for accessing any kind of personal or private information and prior consent should be taken from the employees. Warrantless searches are also allowed sometimes, but this should be a part of corporate policy (Casey, 2011). As per US legislation, there are four US codes applicable for handling digital information, which are the “Wiretap Act”, the “Pen Registers and Trap and Trace Device Statute”, the “Electronic Communications Privacy Act (ECPA)”, and the “Privacy Protection Act (PPA)” (Goodison, et al, 2015).
According to the Wiretap Act, any third party cannot intercept wire, oral or electronic communication, but a court can approve such access in case of a legal situation, but without prior approval, such an act leads to criminal or civil penalization and suppression of proof. Information collection about telephonic and internet based communication is restricted as per the Pen Registers and Trap and Trace Device Statute, however, with court’s approval, such data can be accessed. ECPA restricts accessing and disclosure of stored information stored by ISPs (Internet service providers) without legal consent by the court. Search warrants are required for accessing electronically stored information. Lastly, PPA ensures the protection of electronic products and their accessories from unauthorized access. The electronic products such as online newsletters or blogs need such securities (Goodison, et al, 2015).
The policy considerations in enforcement for securing organizations can be manifold. The creation of a security policy including cyber-security policy with guidance to the end-users is essential and any breach of this policy by posing a threat to the information and data stored should be considered a corporate violation and should be handled accordingly. There should also be a policy about computing and its resources usage and the end-users are made the custodian of their accounts and such information and usage needs to be as per legal authorizations. Then, there should be policy about network usage informing about regulations for accessing and using network resources and facilities and any violation to the usage regulations should be handled following approved legislations. Lastly, there should be a policy about data sharing and usage informing and permitting end-users and providers to use and transmit data throughout the organization (Yeboah-Boateng & Boadi, 2015). Any corporate violation regarding data usage, sharing, network usage, computing and networking resources usage, and cyber security needs to be handled as per guided corporate policies and governmental legislation.
- Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic Press.
- Goodison, S. E., Davis, R. C., & Jackson, B. A. (2015). Digital evidence and the US Criminal Justice System. Identifying technology and other needs to more effectively acquire and utilize digital evidence. U.S. Department of Justice, National Institute of Justice (NIJ), the RAND Corporation.
- Yeboah-Boateng, E. O., & Boadi, E. B. (2015). An assessment of corporate security policy violations using live forensics analysis. International Journal of Cyber-Security and Digital Forensics, 4(1), 1-11.