Understanding All About Email Spoliation

MailXaminer | June 3rd, 2020 | Forensics

The different stages of digital forensics involve securing the crime scene, collection, preservation, analysis, and reporting. In litigation, the evidentiary information collected from electronic media like computer systems has to withstand judicial scrutiny. Moreover, it is extremely necessary that the information collected should be presented in an admissible file format in the court of law. In this blog, we will dig deeper about email spoliation and the different laws associated with it.

What is Email Spoliation?

Email spoliation can be referred to as any alternation that happens to the email evidence, which is to be used in the legal case. Moreover, spoliation can happen intentionally or accidentally. When the gathered digital evidence is presented in the court, it is required to prove that the archived emails were not tampered or altered.

If proper analysis and methods are used for email investigation, it is possible to preserve email evidence allowing admissibility at lawsuits. Crucial investigation proofs or the email evidence can be destroyed or altered by the culprit or any third party to manipulate the case. Spoiled evidence also includes data from any digital device. Furthermore, companies which confront such devastation of evidentiary email data can be responsible for the loss of evidence pertaining to relevant lawsuit.

How to Avoid Spoliation of Evidential Data?

Following are some major countermeasures that helps to avoid spoliation of the electronic evidence.

  • Make sure to preserve the collected evidence when the litigation is reasonably foreseeable.
  • It is important to preserve all sources of data. This includes voicemail messages, text messages, videos recorded over smartphones, etc.
  • While transferring the evidential files, there occurs potential exposure to data breaches, virus attacks, etc. So, it needs to be taken care of by compressing and encrypting the files during transfer to preserve the metadata and avoid spoliation.
  • The email evidence presented in the court of law must be authentic and unchanged. By maintaining the chain of custody, it allows the expert to prove the authenticity of the evidence. Thus, making the evidence court-admissible.

What are the Laws for Spoliation?

When it comes to email spoliation, it can be simply defined as – “The destruction or substantial alteration of evidence, or failure in preserving as evidence”. Several policies of spoliation have been imposed on the organization on document retention coming under common law.

Organizations especially security managers must be aware of these policies to maintain such email evidence to be forensically analyzed. Such email spoliation policies have undoubtedly generated greater access to IT resources for litigation and forensic analysis. Below mentioned are some laws of spoliations which are followed by judiciaries;

The Common Law: This imposes duties on parties for retaining artefacts. It is an organization’s responsibility to preserve emails that are related to any of the cases. An organization should be ready to deal with a probability of such suspicious actions that might take place in the near future. If any intentional or unintentional alteration of email evidence is done by the organization, then it will be found guilty under the act of spoliation.

The Discovery Law: The Discovery Law is “pre-trial phase in a lawsuit in which each party can appeal for documents and other electronic evidence from opponent party under law of civil procedure”. However, in many other countries, the discovery process is conducted by the court or under its supervision. The United States allows the discovery process to be initiated by litigants or accusers. The pattern for such investigation can vary as per judiciary rules followed by respective states or countries.

Electronic Discovery Law: Ever since technology has risen to another level, electronic gadgets, storage media, and communication platforms have been introduced for forensics analysis. Evidence in the form of electronic sources like emails, hard disks, documents, have become common in the courtroom trials.

Actions to Protect Against Spoliation Claim

Organizations must follow procedures to manage that no accidental spoliation of email evidence is done. This will help to minimize the spoliation. The procedure should ensure that employees are aware of what to do if any evidence or traces related to a particular case is found. In such instances, potential evidence must be marked or kept safe with a record of who possessed this evidence. Moreover, the “chain of custody” document helps organizations to prove that the integrity of evidence is well-maintained thereby making it court-admissible.

Summing Up

Email spoliation is one of the common occurrences which can be seen these days. It is important to preserve the evidence by maintaining the chain of custody. Organizations need to hold detailed and up-to-date records of electronic documents, email databases of the custodians to which these data belong. Moreover, MailXaminer Email Examiner Software has made it possible to retain email data which has been deleted and thus has reinforced email forensics despite email spoliation.