What is Electronic Evidence?

Electronic evidence is any information created or stored in digital form that is relevant to a legal issue. Electronic evidence includes, but is not limited to, emails, text documents, spreadsheets, pictures and graphics, database files, deleted files and data backups that may be located on floppy disks, zip disks, hard drives, tape drives, CDs or DVDs, as well as a multitude of portable electronic devices such as PDAs, cellular phones and memory cards.

Many people think that when you delete a file that it is permanently erased from the storage medium. But, in reality, the information is still there. All that is erased is a small portion of information that points to the location of the file. This pointer is what operating systems use to show us the directory structure. So, all that really happens is that the deleted information becomes invisible to the operating system. But, over time, the location of the deleted file will be overwritten by new information.

Computer forensic examiners can locate, reconstruct and recover information and files as long as they exist in whole or in part. Time is of the essence. Don't wait too long to contact us because data can be overwritten or altered to the point of uselessness either accidentally or intentionally (spoliation of evidence), making it impossible to recover.

To address spoliation and minimize threats to the forensic integrity of your electronic evidence (and its admissibility in litigation) quickly isolate the computer in question from additional use or tampering. If the computer is a server that supports a vital mission function on the network, remove the server in question from the network and put a backup in its place. Call us as soon as possible, 619.291.SDCF (7323).