±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36459
New Yesterday: 5 Visitors: 145

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Authentication of provider records

Discussion of legislation relating to computer forensics.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

hcso1510
Senior Member
 

Re: Authentication of provider records

Post Posted: Mar 18, 12 07:12

What I previously described as my "best practices" were not an attempt to supersede anything! As I mentioned in my initial post my common practice and what I suggest to others is to request a Certificate of Record or Business Records Affidavit.

Seeing how this is the electronic age and most providers seem to like transferring the requested data via the internet there has to be a process of getting the data to your computer and into the property room.

If all that was required was a Certificate of Record it would seem to me that there is always the possibility that the records could be tampered with?

We have this thing in Tennessee called "Chain of Custody." My "best practices" are only my attempt to show the prosecution and the defense that I have taken the necessary steps (IMO) to maintain the integrity of the records. "A timeline of when I received them and how they got to a disk and into property."

If the DA has questions as to whether or not I'm qualified to interpret the records he only needs to ask. I think I have a fairly good shot at passing the litmus test.

If you go with just the COR that's great, but how do you document receiving the records and getting them into the property room?
_________________
Ed

I'm not a cellular technology expert, but I did stay at a Holiday Inn Express last night. 
 
  

JLEllis
Member
 

Re: Authentication of provider records

Post Posted: Mar 18, 12 09:22

- hcso1510
<snip> If all that was required was a Certificate of Record it would seem to me that there is always the possibility that the records could be tampered with?


That's true, unless the records are delivered directly to the Court, they will always be subject to a defense challenge that they have been tampered with or altered, it's unavoidable. Electronic records are no different than any other form of evidence we collect. You can take as many screen shots as you want, hash away and save to logical evidence files; but in the end, the defense can make whatever accusation they want.

We have this thing in Tennessee called "Chain of Custody.

Come on now, don't get snippy! We're just having a conversation here.

If the DA has questions as to whether or not I'm qualified to interpret the records he only needs to ask. I think I have a fairly good shot at passing the litmus test.

Ask him/her. Is he new(er)? Have you worked with this DA before? Does he actually know your qualifications.

" My "best practices" are only my attempt to show the prosecution and the defense that I have taken the necessary steps (IMO) to maintain the integrity of the records. "A timeline of when I received them and how they got to a disk and into property."
<snip>
If you go with just the COR that's great, but how do you document receiving the records and getting them into the property room?


I think the things you've done are a great way of documenting how you received the records, what you did with them, etc. But, screen shots, hashing, etc, etc, will not make evidence admissible that is otherwise inadmissible because it lacks a COR. Your original question was, "I was wondering if anyone out there has been able to overcome bringing in experts and whether or not your Judges are allowing records in with a Certificate of Record." My answer is, "Yes" and "Yes" .... all the time.  
 
  

LarryDaniel
Senior Member
 

Re: Authentication of provider records

Post Posted: Nov 22, 12 21:38

Disclaimer, I am not an attorney and this is not legal advice.

First of all, records from a cell provider would normally get in under the Business Rules Exception to hearsay.

Review this for Rule 803 of the Federal Rules of Evidence;

Rule 803 - Business Rules Exception to the Hearsay

On authentication, you can review Rule 901 of the Federal Rules of Evidence;

Authenticating Evidence

What your prosecutor is concerned about is actually a legal argument and not an issue of experts.

Most states have their own version of the Federal rules codified in their state statutes, but the Federal rules are always handy to review.
_________________
Larry E. Daniel
DFCP, EnCE, BCE, ACE, AME, CTNS , CTA, CWA
Guardian Digital Forensics
"An Envista Forensics Company" 
 

Page 2 of 2
Page Previous  1, 2