Digital Evidence Gathering Procedure
It is not always the case that finding evidence of criminal activity on a device is adequate to prove an accused individual is responsible.
There are many alternative scenarios such as; someone else had access to the device, as in a computer in a shared house or a mobile device lent to someone; the content was downloaded without the accused knowing or the device previously belonged to someone else and the data was from the previous devices owner etc.
An accused may also decide to blame other occupants of the house or claim someone else used the device
To ensure a person not responsible for the criminal activity is not wrongly convicted and the correct person is, other procedures are always (or should always be) used.
These are:
- Evidence of other activity around the illegal content on the device by the accused such as, email access, bank account access, social media access, chat logs, favourite website access etc.
- Times and dates accessed
and whether the accused could of had access to and was capable of using the device at that time. (i.e the time and date the illegal activity occured on a home computer the accused was in hospital).
- An image should be made of the device. This will ensure that the original data is preserved, enabling an independent third party to re-examine it and achieve the same result, as required by principle 3 of the ACPO guide.
These are done as a matter of course, along with other ACPO principles.