Threshold Consideration

It's a well-known fact that Evidence to be considered admissible in court requires certain level of competency and relevancy. Legal procedures when dealing with Digital evidences are no different and also need certain level of acceptability such as mentioned in Daubert Standard.

Compliance with the Legal Proceedings

Since currently there is no specific test for digital evidence validation we will examine the software taking consideration the guidelines mentioned in Daubert standard and its compliance with all five yardsticks of it:

  • Reproduction of Evidence: The process you have used to arrive at some conclusion or evidence is repeatable and will generate the same hash key value.
  • Acceptability: The software has been used in different cases by different Government agencies. To know how the software helped cracked CBI cases see the PDF.
  • Authenticity:The software has been tested on over 1TeraBytes of data and has been scrutinized under various parameters. All issues are managed and consistently  patched withperiodical software updates.
  • Compliance: The software makes sure that it does not alter or make any changes in the evidence file (no write permission). MD5 (integrity checking algorithm) ensures that the data remainsunaltered.
  • Competence: The software has already been incorporated in forensics email fraud detection and is a proven email forensic methodology.

Admissibility of Digital Evidence: The jury or the trier of the facts needs to be convinced that the evidences provided are trustworthy and unaltered. Facts with stats you can augment and argument your case significantly.

Admissible format: The data and evidence file derived from the source file is hashed with MD5 hashing algorithm which ensures the integrity of the evidence and signify that the evidence is unaltered. The MD5 also happens to be widely used and acknowledged file format in numerous court.

Compliance with the guidelines set by International Hi-Tech Crime Conference:

Action should not result in alteration when you have access to the digital data the software will not make any changes, alteration or modification on the file being examined.
Documentation The recommendation requires documentation of all the activities done with the data in question. The MailXaminer maintains Audit Trail (in form of logs) of all the activities performed with the case and can be exported in CSV format for review and analysis. The log file is consistent with the Emile Locard's Principle - "every contact leaves a trail".
Examination of the Evidence The evidence file even if it is large in size the investigator can easily narrow down the result by using search features which give the ability to filter out the unwanted data. Result can easily be normalized by filtering data based on providedvalues (e.g. certain words in Subject, or in Body of the emails).Additional information regarding can be learned from here.
Rules and Compliance

Due to increase level of frauds that are digital in nature various laws have been formulated. Some of the rules that the software complies with air:

  • Federal Rule of evidence Article Ix Authentication and Identification rule 901. The software provides the finding in MD5 format which is admissible in most courts and therefore complies with the fed r evid 901.
  • Federal Rule of evidence Article X. Contents of Writing, Recording, and Photographs: The court allows the proponent to show the summarized version of the voluminous data therefore as a proponent of the case you will be to show your finding in accessible and acceptable file format complying with fed r evid 1006.