New Guide to Digital Investigations and Evidence

November 26, 2008

Lawyers must increasingly expect that almost every instruction they take on will involve digital evidence – and they must develop the knowledge to handle it: that’s the message of the Director’s and Corporate Advisor’s Guide to Digital Investigations and Evidence published by the Information Assurance Advisory Council on 27 November as a 100-page free download from

‘The need for digital evidence is not confined to obvious cybercrime events such as hacking, fraud and denial of service attacks’,  says report author Professor Peter Sommer, ‘it’s also required when transactions are disputed, in HR issues, and almost all forms of non-cyber crime, including murder, forgery, industrial espionage and terrorism. It can also be important in family and housing matters. The statistics tell their own story. The Information Security Breaches Survey 2008 published by the Department for Business Enterprise and Regulatory Reform says that 96% of very large companies had a computer security incident in the previous year. Garlik claimed over 3.5 million cybercrimes per year. Even if you discount some of these, it shows that during the course of a single year every business must expect to have to carry out an investigation involving computers. On the level of the individual, almost everyone who wants a computer can afford and has one; indeed there are many people now who have owned computers – and hence created digital foot-prints of their activities – for over 10 years.’

Sommer, who is a Visiting Professor at the London School of Economics and has appeared as an expert witness in many high profile cases involving computer and Internet evidence,believes that most businesses and individuals do not need to have on their staff a Digital Sherlock Holmes but they should have plans to identify and preserve important digital evidence such as email, web transactions, PCs, PDAs and cellphones. He takes the view that what lawyers need to understand is that this evidence may exist and be crucial; he thinks that they also need to be in a position to advise their clients that some means of acquiring evidence are illegal and there are often important issues of admissibility and compliance with data protection and human rights legislation.

The first third of the Guide gives general management advice, the remainder provides details of procedures, techniques, applicable law and sources of further information. The first edition appeared in 2005 and the new edition provides updates on the technologies and the law as well as new material on encryption and changing law enforcement structures. IAAC are making the publication free to download in view of its general importance and the lack of any other comparable advice.

To download the guide, click here.