Legislation regarding the retention of imaged material
A bit of guidence would be useful. I recently found myself at the Infosec show in London arguing (nicely) with another forensic investigator about the requirements under the RIP law and Data protection legislation to keep imaged material.
We ranged from whether material needed to be kept at all in corporate cases through to 7 years for criminal cases.
Also the question was raised in defence cases about whether the prosecutor retains the data or both parties and whether it is the responsibility of the law firm or the forensic agency?
They were trying to sell rather a nice DVD archiver and so had an axe to grind, but I realised that although we have a particular proceedure that we adhere to I was not totally sure of the latest UK laws in all these differing cases.
Any thoughts, references etc would be most useful.
Hi Nick, I actually do not think the retention of data/evidence and limitations is covered by the RIP Act 2000, I've not read the full article, and what little training I had was some time ago. I could be mistaken, so If you want to look it up, hereâ€™s a link: http://www.fipr.org/rip/ripa2000.htm
I had a quick read, before almost falling asleep (sorry legalese does that to me).
However I found a policy document online, as follows:
Case material in the following case categories will be retained for 30 years as a matter of course.
â€¢ Attempted murder
â€¢ Section 18 assaults
â€¢ Other suspicious death
â€¢ Aggravated burglary
All other retained material, unless specially exempted below, will be retained in the first instance for a minimum period of 7 years.
Exemptions to Minimum Retention Period
Material in the following cases will be retained for only three years:
â€¢ Simple possession of drugs
â€¢ Driving after consuming alcohol
â€¢ Driving after consuming drugs
â€¢ Alcohol technical defence
I also recall seeing some paper about paedophile or child abuse cases, and the term 25 years……..
I actually think the relevant legislation comes under the Freedom of Information Act 2000 and/or Criminal Procedure and Investigations Act 1996 (CPIA).
I will get you the definitive answer next week for you, I have a friend who is a CPS lawyer.
Thanks Andy its a real mine-field; but does that apply to defence and prosecution?
I was involved in defending an indecent images case (I was on the dark side for that case I'm afraid, but he was guilty and I told them so and he pleaded) and I worked at the Hi tech crime unit and was asked to delete all the imaged files from my machine before leaving, which of course I was happy to do.
I can get legal advice, but thought my collegues on the forum may have an answer. I look forward to hearing from you.
I am curious as to whether you were given any guidelines on 'secure deletion' requirements for your case? …. As assuming the machine were sold/given to someone else the chances being later recovered as part of another case still do exist.
Should 'secure wipe (6 times with random char overwretes) ' of the entire machine; as opposed to just the evidence in questions be preferred?
Any guideline son this matter would be greatly appreciated.
IME, I have yet to see a difference in recoverability from a 6 pass wipe or a 1 pass wipe, with most all DOS based wiping software.