| Software is reliable and robust |
|
xiii | |
| Preface |
|
xv | |
| Acknowledgments |
|
xvii | |
|
|
|
xxi | |
|
|
|
xxxi | |
|
1 The sources and characteristics of electronic evidence and artificial intelligence |
|
|
1 | (50) |
|
|
|
|
|
|
|
|
|
|
|
2 | (1) |
|
|
|
2 | (1) |
|
|
|
3 | (1) |
|
|
|
3 | (2) |
|
|
|
5 | (3) |
|
|
|
8 | (1) |
|
|
|
9 | (1) |
|
|
|
10 | (1) |
|
|
|
11 | (1) |
|
|
|
11 | (5) |
|
|
|
16 | (1) |
|
|
|
17 | (1) |
|
The deep web and the dark web |
|
|
17 | (2) |
|
Common network applications |
|
|
19 | (4) |
|
Types of evidence available on a digital device |
|
|
23 | (1) |
|
|
|
23 | (1) |
|
|
|
24 | (5) |
|
|
|
29 | (1) |
|
|
|
29 | (1) |
|
Temporary files and cache files |
|
|
30 | (1) |
|
|
|
31 | (1) |
|
Simulations, data visualizations, augmented and virtual reality |
|
|
32 | (1) |
|
Encryption and obfuscated data |
|
|
32 | (1) |
|
Artificial intelligence and machine learning |
|
|
33 | (3) |
|
Simulations, data visualizations, augmented and virtual reality |
|
|
36 | (2) |
|
Transparency and explainability |
|
|
38 | (1) |
|
|
|
39 | (1) |
|
Defining electronic evidence |
|
|
39 | (4) |
|
The dependency on machinery and software |
|
|
43 | (1) |
|
The mediation of technology |
|
|
43 | (1) |
|
|
|
44 | (2) |
|
|
|
46 | (2) |
|
|
|
48 | (2) |
|
|
|
50 | (1) |
|
2 The foundations of evidence in electronic form |
|
|
51 | (34) |
|
|
|
|
|
Direct and indirect evidence |
|
|
51 | (1) |
|
Evidence in both digital and analogue form |
|
|
51 | (1) |
|
Metadata and electronic evidence |
|
|
52 | (1) |
|
|
|
53 | (1) |
|
|
|
53 | (1) |
|
|
|
53 | (5) |
|
Documents and disclosure or discovery |
|
|
58 | (4) |
|
Visual reading of a document |
|
|
62 | (1) |
|
|
|
63 | (1) |
|
|
|
64 | (3) |
|
|
|
67 | (1) |
|
|
|
68 | (3) |
|
|
|
71 | (1) |
|
|
|
72 | (1) |
|
|
|
73 | (2) |
|
|
|
75 | (1) |
|
|
|
75 | (1) |
|
Testimonial use in legal proceedings |
|
|
75 | (1) |
|
Identification and recognition evidence |
|
|
76 | (3) |
|
Computer-generated animations and simulations |
|
|
79 | (1) |
|
Computer-generated evidence in England and Wales: civil proceedings |
|
|
80 | (1) |
|
Computer-generated evidence in England and Wales: criminal proceedings |
|
|
81 | (4) |
|
|
|
85 | (27) |
|
|
|
|
|
The rule of hearsay exclusion and its rationale |
|
|
85 | (2) |
|
The right of confrontation |
|
|
87 | (1) |
|
Hearsay and electronic evidence |
|
|
88 | (2) |
|
Electronic evidence and real evidence |
|
|
90 | (2) |
|
Testimonial and non-testimonial use of information |
|
|
92 | (3) |
|
|
|
95 | (1) |
|
Civil proceedings and the requirement to give notice |
|
|
96 | (1) |
|
|
|
97 | (1) |
|
Telephone calls and messages |
|
|
98 | (4) |
|
Representations other than by a person |
|
|
102 | (1) |
|
|
|
103 | (3) |
|
Business and other documents |
|
|
106 | (3) |
|
Judicial discretion to include hearsay |
|
|
109 | (1) |
|
Judicial discretion to exclude hearsay |
|
|
110 | (1) |
|
|
|
110 | (2) |
|
4 Software code as the witness |
|
|
112 | (14) |
|
|
|
The classification of digital data |
|
|
115 | (3) |
|
Category 1 Content written by one or more people |
|
|
118 | (2) |
|
Category 2 Records generated by the software that have not had any input from a human |
|
|
120 | (2) |
|
Category 3 Records comprising a mix of human input and calculations generated by software |
|
|
122 | (3) |
|
Challenging the code to test the truth of the statement |
|
|
125 | (1) |
|
5 The presumption that computers are `reliable' |
|
|
126 | (110) |
|
|
|
The purpose of a presumption |
|
|
127 | (1) |
|
Presumptions and mechanical instruments |
|
|
128 | (2) |
|
Judicial formulations of the presumption that mechanical instruments are in order when used |
|
|
130 | (1) |
|
|
|
130 | (3) |
|
|
|
133 | (3) |
|
|
|
136 | (3) |
|
Evidential foundations of the presumption |
|
|
139 | (2) |
|
How judges assess the evidence of devices controlled by software |
|
|
141 | (8) |
|
Mechanical instruments and computer-like devices |
|
|
149 | (1) |
|
The nature of software errors |
|
|
149 | (3) |
|
Why software appears to fail |
|
|
152 | (2) |
|
Classification of software errors |
|
|
154 | (7) |
|
The development, maintenance and operation of software |
|
|
161 | (1) |
|
Developmental issues and software errors |
|
|
162 | (2) |
|
Increasing the risk of errors through modification of software |
|
|
164 | (3) |
|
|
|
167 | (3) |
|
|
|
170 | (1) |
|
Writing software that is free of faults |
|
|
171 | (1) |
|
|
|
172 | (2) |
|
|
|
174 | (2) |
|
Challenging `reliability' |
|
|
176 | (3) |
|
|
|
179 | (3) |
|
|
|
182 | (3) |
|
|
|
185 | (4) |
|
|
|
189 | (1) |
|
|
|
190 | (2) |
|
The Post Office Horizon scandal |
|
|
192 | (4) |
|
|
|
196 | (3) |
|
Interception of communications |
|
|
199 | (1) |
|
Most computer errors are either immediately detectable or result from input errors |
|
|
200 | (4) |
|
Challenging the authenticity of digital data - trial within a trial |
|
|
204 | (3) |
|
A protocol for challenging software in devices and systems |
|
|
207 | (4) |
|
Reintroduction of the common law presumption |
|
|
211 | (5) |
|
The statutory presumption |
|
|
216 | (2) |
|
Challenging the presumption |
|
|
218 | (4) |
|
|
|
222 | (1) |
|
|
|
223 | (13) |
|
6 Authenticating electronic evidence |
|
|
236 | (43) |
|
|
|
|
|
Authenticity and authentication |
|
|
236 | (2) |
|
|
|
238 | (1) |
|
Digital evidence compared to past paradigms |
|
|
238 | (2) |
|
Admissibility and authentication |
|
|
240 | (6) |
|
|
|
246 | (1) |
|
|
|
247 | (2) |
|
|
|
249 | (6) |
|
Methods of authentication |
|
|
255 | (1) |
|
|
|
255 | (1) |
|
|
|
255 | (2) |
|
|
|
257 | (1) |
|
|
|
258 | (1) |
|
Extrinsic and circumstantial evidence |
|
|
258 | (1) |
|
|
|
259 | (1) |
|
Digital evidence in archival systems |
|
|
260 | (3) |
|
Technological authentication |
|
|
263 | (1) |
|
|
|
263 | (1) |
|
|
|
263 | (2) |
|
Challenges to the authenticity of evidence in digital form |
|
|
265 | (1) |
|
|
|
265 | (2) |
|
|
|
267 | (1) |
|
|
|
268 | (2) |
|
Migration and format changes |
|
|
270 | (1) |
|
The business records exception to the rule against hearsay |
|
|
271 | (1) |
|
The business records exception |
|
|
271 | (3) |
|
Authentication of digital business records |
|
|
274 | (2) |
|
|
|
276 | (3) |
|
|
|
279 | (118) |
|
|
|
The purpose of a signature |
|
|
279 | (1) |
|
|
|
280 | (1) |
|
|
|
281 | (1) |
|
Statutory definition of signature |
|
|
282 | (1) |
|
The functions of a signature |
|
|
283 | (1) |
|
The primary evidential function |
|
|
283 | (1) |
|
Secondary evidential functions |
|
|
284 | (1) |
|
|
|
284 | (1) |
|
|
|
285 | (1) |
|
|
|
285 | (1) |
|
|
|
285 | (1) |
|
Disputing a manuscript signature |
|
|
285 | (1) |
|
|
|
285 | (1) |
|
Evidence of the manuscript signature |
|
|
286 | (1) |
|
Intention to authenticate and adopt the document |
|
|
287 | (1) |
|
|
|
288 | (1) |
|
Forms of electronic signature |
|
|
289 | (1) |
|
Authority, delegation and ratification |
|
|
290 | (1) |
|
|
|
291 | (1) |
|
Evidence of intent to sign |
|
|
291 | (1) |
|
The automatic inclusion of the signature |
|
|
292 | (3) |
|
Partial document with separate signature page |
|
|
295 | (1) |
|
The Electronic Communications Act 2000 |
|
|
296 | (1) |
|
The definition of an electronic signature |
|
|
297 | (1) |
|
The elements of an electronic signature |
|
|
298 | (2) |
|
Liability of a certification service provider |
|
|
300 | (1) |
|
The power to modify legislation |
|
|
301 | (2) |
|
Regulation of Investigatory Powers Act 2000 |
|
|
303 | (2) |
|
|
|
305 | (3) |
|
The `I accept' and `wrap' methods of indicating intent |
|
|
308 | (1) |
|
|
|
308 | (3) |
|
|
|
311 | (1) |
|
|
|
312 | (1) |
|
Personal Identification Number (PIN) and password |
|
|
313 | (4) |
|
Typing a name into an electronic document |
|
|
317 | (2) |
|
Acts by a lawyer as agent |
|
|
319 | (1) |
|
Interest in real property |
|
|
319 | (1) |
|
|
|
319 | (1) |
|
|
|
320 | (1) |
|
|
|
321 | (1) |
|
|
|
322 | (1) |
|
Public administration, the judiciary and the police |
|
|
322 | (2) |
|
|
|
324 | (1) |
|
|
|
325 | (4) |
|
Constitution of a legal entity |
|
|
329 | (1) |
|
Amending boilerplate contractual terms |
|
|
329 | (2) |
|
The name in an email address |
|
|
331 | (1) |
|
Limitation Act 1969 (NSW) |
|
|
331 | (1) |
|
|
|
332 | (11) |
|
|
|
343 | (1) |
|
|
|
343 | (2) |
|
A manuscript signature that has been scanned |
|
|
345 | (1) |
|
|
|
346 | (1) |
|
|
|
347 | (1) |
|
|
|
347 | (1) |
|
Biodynamic version of a manuscript signature |
|
|
348 | (1) |
|
|
|
348 | (2) |
|
|
|
350 | (1) |
|
|
|
350 | (1) |
|
Technical overview of digital signatures |
|
|
350 | (1) |
|
|
|
351 | (1) |
|
|
|
352 | (1) |
|
|
|
352 | (3) |
|
Public key infrastructure |
|
|
355 | (1) |
|
Difficulties with public key infrastructure |
|
|
356 | (2) |
|
Authenticating the sender |
|
|
358 | (1) |
|
The ideal attributes of a signature in electronic form |
|
|
358 | (2) |
|
Methods of authentication |
|
|
360 | (2) |
|
Types of infrastructure for asymmetric cryptographic systems |
|
|
362 | (1) |
|
Management of the key and certificate |
|
|
363 | (4) |
|
|
|
367 | (1) |
|
Internal management of a certification authority |
|
|
367 | (1) |
|
Barriers to the use of the public key infrastructure |
|
|
368 | (1) |
|
Risks associated with the use of digital signatures |
|
|
369 | (2) |
|
What a digital signature is capable of doing |
|
|
371 | (1) |
|
What no form of electronic signature is capable of doing |
|
|
371 | (3) |
|
|
|
374 | (2) |
|
The burden of managing the private key |
|
|
376 | (1) |
|
Evidence and digital signatures |
|
|
377 | (3) |
|
|
|
380 | (4) |
|
|
|
384 | (1) |
|
|
|
385 | (3) |
|
The recipient's procedural and due diligence burden |
|
|
388 | (1) |
|
The sending party: the burden of proof of security and integrity |
|
|
388 | (3) |
|
Burden of proof-the jitsuin |
|
|
391 | (3) |
|
Burden of proof - summary |
|
|
394 | (3) |
|
|
|
397 | (32) |
|
|
|
|
|
|
|
|
|
397 | (1) |
|
Methods to obtain encrypted data |
|
|
398 | (1) |
|
Breaking the encryption without obtaining the key |
|
|
398 | (1) |
|
|
|
399 | (1) |
|
Compelling disclosure in England and Wales |
|
|
400 | (1) |
|
|
|
400 | (1) |
|
Notice requiring disclosure |
|
|
401 | (7) |
|
Obligations of secrecy and tipping off |
|
|
408 | (1) |
|
Circumventing the procedure |
|
|
409 | (1) |
|
The privilege against self-incrimination |
|
|
410 | (1) |
|
|
|
411 | (3) |
|
|
|
414 | (11) |
|
|
|
425 | (1) |
|
|
|
426 | (1) |
|
|
|
427 | (2) |
|
9 Proof: the technical collection and examination of electronic evidence |
|
|
429 | (59) |
|
|
|
|
|
|
|
|
|
|
|
Accreditation of the digital forensics discipline |
|
|
430 | (1) |
|
Guidelines for handling digital evidence |
|
|
431 | (1) |
|
Handling electronic evidence |
|
|
432 | (3) |
|
Identifying electronic evidence |
|
|
435 | (1) |
|
Gathering electronic evidence |
|
|
436 | (2) |
|
Gathering of data following legal retention or reporting obligations |
|
|
438 | (2) |
|
Copying electronic evidence |
|
|
440 | (3) |
|
|
|
443 | (1) |
|
Preserving electronic evidence |
|
|
444 | (7) |
|
Analysis of electronic evidence |
|
|
451 | (6) |
|
|
|
457 | (5) |
|
|
|
462 | (5) |
|
|
|
467 | (3) |
|
|
|
470 | (1) |
|
Anti-forensics and interpretation of evidence |
|
|
471 | (2) |
|
|
|
473 | (5) |
|
|
|
478 | (3) |
|
|
|
481 | (1) |
|
Attacks against computer forensics |
|
|
482 | (1) |
|
|
|
483 | (2) |
|
An intellectual framework for analysing electronic evidence |
|
|
485 | (1) |
|
Conclusions and future considerations |
|
|
486 | (2) |
|
10 Competence of witnesses |
|
|
488 | (12) |
|
|
|
|
|
|
|
488 | (1) |
|
Separating data reliability from computer reliability |
|
|
489 | (1) |
|
|
|
490 | (4) |
|
Qualification of witnesses |
|
|
494 | (6) |
| Appendix 1 Draft Convention on Electronic Evidence |
|
500 | (8) |
| Appendix 2 Cumulative vignettes |
|
508 | (5) |
| Index |
|
513 | |
