From: Lee Corbin (lcorbin@tsoft.com)
Date: Thu Apr 10 2003 - 22:34:47 MDT
Harvey writes
> FYI. For legal purposes of evidence, a file that has been copied is NOT the
> same as the original file. If a disk file is to be used as evidence in a
> court of law, it must be frozen unchanging at the time of confiscation. The
> files cannot be copied. The disk cannot be defragmented or moved around.
> It cannot be repaired by a virus program to remove viruses. It cannot have
> its last write date modified. It cannot be recovered with an undelete
> program.
Unbelievable! This means that crimial activity cannot be prosecuted
on the basis of files poorly deleted from disk?
Well, I'll look on the bright side. I can invest less in fragmenter
programs now to obliterate the records of all my nefarious activies. ;-)
> In fact, it must be read by another device specially made for this
> purpose. The operating system of the disk cannot be allowed to
> run or boot off the disk.
Or do you mean by this that when a search warrant is issued,
and a suspect's machine is taken as evidence, there do exist
programs that the prosecutors can run that will be allowed
to "recover" the file?
Lee
> A digitally exact copy of the files is not the same as the
> original file under the law.
>
> This is not just a foible of legal rulings. A copy may or may not be
> identical to the original. There may be errors introduced. It may have
> been deliberately changed. It may be someone's claim of how the original
> appeared to them, but it is not the original.
This archive was generated by hypermail 2.1.5 : Thu Apr 10 2003 - 22:43:42 MDT