Computer Forensics – Criminal vs Civil: What’s the Difference?

by | Aug 3, 2015 | Uncategorized

In the field of computer forensics, as in the field of law, procedures in civil cases differ somewhat from those in criminal cases. The collection of data and presentation of evidence may be held to different standards, the process of data collection and imaging can be quite different, and the consequences of the case may have very different impacts.

A couple of quick definitions may be in order. Criminal law deals with offenses against the state – the prosecution of a person accused of breaking a law. Such offenses may of course include crimes against a person. A government body, or the representative of a government body accuses the person of having committed the offense, and the resources of the state are brought to bear against the accused. Guilty outcomes can result in fines, probation, incarceration, or even death.

Civil law covers everything else, such as violations of contracts and lawsuits between two or more parties. The loser in such a dispute often must give payment, property or services to the prevailing party. Imprisonment is not at issue in civil cases. As a result, the standard for evidence is not as high in civil cases as in criminal cases.

For the law enforcement computer forensics specialist, a certain amount of extra care should be taken in collecting data and producing results, for the standard of proof is higher. There are advantages on the data collection end, however. For once a court has authorized a search warrant, an officer (and possibly several) with badge and gun can go seize the defendant’s computer by surprise and by force. Once the computer has been seized and imaged, all data is accessible and may result in additional charges being brought against the defendant.

By contrast, in a civil case, there tends to be a lot of negotiation over what computers and what data can be inspected, as well as where and when. There is not likely to be any seizing of computers, and quite a long time may take place between the time the request to inspect a computer is made and the time the computer is made available to be inspected. It is common for one party to have access to a very limited area of data from the other party’s computer. During this time, a defendant may take the opportunity to attempt to hide or destroy data. The author has had several cases wherein the computer needed for analysis was destroyed before the plaintiff had the opportunity to inspect. Such attempts at hiding data are often discovered by the digital forensic sleuth, who may in turn present evidence of such further wrongdoing in expert witness testimony. For a light look at one such example, see CSI Computer Forensics – Real Cases From Burgess Forensics #12 – The Case of the Computer That Got Lost.

Opportunities for learning techniques and interacting with other professionals may differ as well. While some computer forensic software suites and training, such as Access FTK, EnCase, or SMART Forensics are available to most who can pay, others, such as iLook are available only to law enforcement and military personnel. While many support and professional organizations and groups are available to all, some, such as the High Technology Crime Investigation Association (HTCIA) are not open to professionals who provide for criminal defense (with a few minor exceptions).

When law enforcement has a case involving computer forensics, the intention is to locate enough data to find the defendant guilty in court, where the standard for information presented tends to be fairly high. From the time digital data or hardware is seized and acquired, Rules of Evidence must be kept in mind. Law enforcement personnel must follow accepted procedures or evidence could be thrown out. Acquisition of data and discovery in criminal cases often must follow sometimes strict and differing procedures depending upon whether the jurisdiction is federal, state, or municipality and at times depending upon a judge’s preferences.

In a civil case, the initial processes of electronic discovery may be just to find enough data to show one or the other party whether they are likely to prevail, should the case go all the way to court. As such, the initial presentation of data may be fairly informal, and be just enough to induce the parties to settle the case. On the other hand, the data found may be so minimal the line of inquiry into electronic evidence is dropped.

Although we use many of the same tools, computer forensic professionals in private practice and those in law enforcement are held to different standards, have access to different resources, and their work results in substantially different outcomes between the criminal and civil cases to which they contribute.

Copyright Steve Burgess, 2008

Subscribe to our free and informative weekly forensics newsletter!

 

Related Posts

CSI Cases from Burgess Forensics #69 A Case of Hiphop Beef

The Stories are true; the names and places have been changed to protect the potentially guilty. It was almost closing time on Friday and my thoughts were turning to Barbequeing some of that mouth-watering Santa Maria tri-tip while my nose was turned to the scent of...

Email as a signed contract vs. fraudulent emails

Email as a signed contract vs. fraudulent emails We all send and receive email, but did you know that what you say in an email can be interpreted as a legal contract? And that sometimes, emails are fraudulent? Both are true. The Statute of Frauds Although email didn’t...

El Salvador Adopts BitCoin

El Salvador Adopts BitCoin copyright Steve Burgess, 2021 El Salvador just passed a law to make BitCoin (BTC) legal tender and is the first country to do so. It did something similar back in 2001, when it made the US Dollar the official currency, replacing the...

Keeping Your Bitcoin Safe

BitCoin. Everybody wants some. But what’s the best way to keep it safe once you’ve got it? And how to get it? First things first – you get BitCoin (and Etherium, and DogeCoin) from a cryptocurrency exchange, like you would from a “regular” currency exchange to turn...

Cyberbullying and Covid-19: 2021 Update

California defines a cyberbully as anyone who sends any online communication to deliberately frighten, embarrass, harass, or otherwise target another. The Cyberbullying Research Center defines it as “willful and repeated harm inflicted through the use of computers,...

Cybersecurity & Covid-19: Vulnerability and What to Do About It

Cybersecurity & Covid-19: Vulnerability and What to Do About It Steve Burgess, 2020 As if we didn’t have enough to worry about. With so many of us working from home (close to 90% of American corporations are encouraging or requiring employees to do so) and having...

Indian Summer Lovin’ – Tech Tips For a Warm Autumn

by Natalie Miller, 2019 With Indian Summer temperatures rising, here are some tips to help you make sure your devices are ready to conquer these warm days of Fall like you are. Check Those Pockets! Taking a dip in the pool, going for a paddle in a kayak, and jumping...

Electronic Waste and Recycling – What Your Old Devices Can Say About You

by Natalie Miller, 2019 With new models of phones and computers being released every year, wanting the latest and greatest is never a bad thing, but what about your old devices? The truth is that old devices can still hold all of the data you put on them or that they...

The Case of The Client Who Wanted … to be Wanted

The Case of The Client Who Wanted … to be Wanted copyright Steve Burgess, 2018 It was nearly Christmas, but the morning sun was pouring in through the windows of my Central Coast office, casting shoe-shaped shadows on the West side of my desk. Perhaps I should have...

Burgess Forensics Newsletter Vol. 5 Issue 1: FitBit Fun Forensics & Foes 08.08.2018

  Fitbit, Fun, Forensics, and Foes Have you tracked your 10,000 steps today? Has anyone else tracked them? Fitness trackers are big business, helping people get and stay fit, and helping them share their progress with friends – and sometimes with strangers. The...

Pin It on Pinterest

Share This