Chapter 3. Digital Evidence in the Courtroom > 3.2 Admissibility

56 ChAPTER 3: Digital Evidence in the Courtroom investigators may be confronted with a difficult choice--of renouncing such truth or facing the consequences of holding an unpopular belief. It is the duty of investigators to unwaveringly assert the truth even in the face of opposition. This is not intended to suggest that science is infallible. The fact is that science is still advancing and previous theories are being replaced by better ones. For instance, DNA analysis has largely replaced blood typing in forensic serology, and although the technique of blood typing was valid, it was not conclusive enough to support some of the convictions based upon evidence derived from that analysis alone. This weakness can be shown in dramatic fashion by the existence and success of the Innocence Project, 2 which is using results of DNA analysis to overturn wrongful convictions based on less than conclusive ABO blood typing and enzyme testing. When preparing for the final step of the investigative process (the decision or verdict), it is important to keep in mind that discrepancies between legal judgment and theories based on scientific truth may arise from a lack of under- standing on the part of the decision makers. The court process differs from scientific peer review, where reviewers are qualified to understand and com- ment on relevant facts and methods with credibility. When technical evidence supporting theories based on scientific truth is presented to a group of review- ers who are not familiar with the methods used, misunderstandings and mis- conceptions may result. To minimize the risk of such misunderstandings, the investigative process and the evidence uncovered to support prosecution must be presented clearly to the court as discussed at the end of this chapter. A clear presentation of findings is also necessary when the investigative process is pre- sented to decision makers who are in charge of civilian and military network operations. However, investigators may find this situation easier as decision makers in these domains often have some familiarity with methods and tools employed in forensic investigations for computer and network defense. 3.2 ADMISSIBIlITy The concept of admissibility is a simple one. Courts need to determine whether evidence is "safe" to put before a jury and will help provide a solid foundation for making a decision in the case. In practice, admissibility is a set of legal tests carried out by a judge to assess an item of evidence. This assessment process can become complicated, particularly when the evidence was not handled properly or has traits that make it less reliable or more prejudicial. Some jurisdictions have rules relating to admissibility that are formal and sometimes inflexible, while other jurisdictions give judges more discretion. 2