The following case happened in France: A Court of Cassation rejected a simple data file as an evidence. The evidence proposed by one of both parties was a data file with information about an e-mail transmission (a log?) send from company A to company B.
According to the Court, the data file was not properly handled and failed to maintain the file integrity and the time stamp. The Judge decided to dematerialize the evidence.
What about digital evidences? They can be extracted from computers, ISP’s logs, mobile operators, chat services, websites and the whole bunch of electronic devices. How to protect evidences? A lot of useful information are provided on the website ijde.org (“International Journal of Digital Evidence“).
To prove the integrity of an evidence, we can compute digests (MD5 or better SHA1) or sign the evidence by using PGP or any other digital signature system. This operation must be performed in no time, just after the collection of the evidence.
Digital signature are a great way to remember “who” collected the evidence but they do not solve the problems related to the “time” (was the time correct and when the signing occurred?) To solve the time issues, all the devices in the IT infrastructure must be synchronized against a valid (legal) time source (ex: via the NTP protocol). Of course, the process of keeping the time synchronization must be accountable. A third-party must be able to determine if this process was correctly applied and that no corruption occurred.
Original article here (French).