A new triage model conforming to the needs of selective search and seizure of electronic evidence

Ilyoung Hong, Hyeon Yu, Sangjin Lee, Kyung Ho Lee

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

Recently, digital evidence has been playing an increasingly important role in criminal cases. The seizure of Hard Disk Drives (HDDs) and creation of images of entire disk drives have become a best practice by law enforcement agencies. In most criminal cases, however, the incriminatory information found on an HDD is only a small portion of the entire HDD and the remaining information is not relevant to the case. For this reason, demands for the regulation of excessive search and seizure of defendants' innocuous information have been increasing and gaining strength. Some courts have even ruled out inadmissible digital evidence gathered from sites where the scope of a warrant has been exceeded, considering it to be a violation of due process. In order to protect the privacy of suspects, a standard should be made restricting excessive search and seizure. There are, however, many difficulties in selectively identifying and collecting digital evidence at a crime scene, and it is not realistic to expect law enforcement officers to search and collect completely only case-relevant evidence. Too much restriction can cause severe problems in investigations and may result in law enforcement authorities missing crucial evidence. Therefore, a model needs to be established that can assess and regulate excessive search and seizure of digital evidence in accordance with a reasonable standard that considers practical limitations. Consequently, we propose a new approach that balances two conflicting values: human rights protection versus the achievement of effective investigations. In this new approach, a triage model is derived from an assessment of the limiting factors of on-site search and seizure. For the assessment, a survey that provides information about the level of law enforcement, such as the available labor, equipment supply, technical limitations, and time constraints, was conducted using current field officers. A triage model that can meet the legal system's demand for privacy protection and which supports decision making by field officers that can have legal effects was implemented. Since the demands of each legal system and situation of law enforcement vary from country to country, the triage model should be established individually for each legal system. Along with experiment of our proposed approach, this paper presents a new triage model that is designed to meet the recent requirements of the Korean legal system for privacy protection from, specifically, a Korean perspective.

Original languageEnglish
Pages (from-to)175-192
Number of pages18
JournalDigital Investigation
Volume10
Issue number2
DOIs
Publication statusPublished - 2013 Sep 1

Fingerprint

seizure
Triage
Law enforcement
Law Enforcement
law enforcement
Seizures
electronics
Privacy
Hard disk storage
legal system
evidence
privacy
Civil Rights
Crime
Police
Practice Guidelines
Decision Making
Decision making
best practice
Personnel

Keywords

  • Digital forensics
  • Electronic evidence
  • Privacy
  • Search and seizure
  • Triage

ASJC Scopus subject areas

  • Law
  • Computer Science Applications
  • Medical Laboratory Technology

Cite this

A new triage model conforming to the needs of selective search and seizure of electronic evidence. / Hong, Ilyoung; Yu, Hyeon; Lee, Sangjin; Lee, Kyung Ho.

In: Digital Investigation, Vol. 10, No. 2, 01.09.2013, p. 175-192.

Research output: Contribution to journalArticle

@article{37d48e9330f94135be66aeb78caffdb3,
title = "A new triage model conforming to the needs of selective search and seizure of electronic evidence",
abstract = "Recently, digital evidence has been playing an increasingly important role in criminal cases. The seizure of Hard Disk Drives (HDDs) and creation of images of entire disk drives have become a best practice by law enforcement agencies. In most criminal cases, however, the incriminatory information found on an HDD is only a small portion of the entire HDD and the remaining information is not relevant to the case. For this reason, demands for the regulation of excessive search and seizure of defendants' innocuous information have been increasing and gaining strength. Some courts have even ruled out inadmissible digital evidence gathered from sites where the scope of a warrant has been exceeded, considering it to be a violation of due process. In order to protect the privacy of suspects, a standard should be made restricting excessive search and seizure. There are, however, many difficulties in selectively identifying and collecting digital evidence at a crime scene, and it is not realistic to expect law enforcement officers to search and collect completely only case-relevant evidence. Too much restriction can cause severe problems in investigations and may result in law enforcement authorities missing crucial evidence. Therefore, a model needs to be established that can assess and regulate excessive search and seizure of digital evidence in accordance with a reasonable standard that considers practical limitations. Consequently, we propose a new approach that balances two conflicting values: human rights protection versus the achievement of effective investigations. In this new approach, a triage model is derived from an assessment of the limiting factors of on-site search and seizure. For the assessment, a survey that provides information about the level of law enforcement, such as the available labor, equipment supply, technical limitations, and time constraints, was conducted using current field officers. A triage model that can meet the legal system's demand for privacy protection and which supports decision making by field officers that can have legal effects was implemented. Since the demands of each legal system and situation of law enforcement vary from country to country, the triage model should be established individually for each legal system. Along with experiment of our proposed approach, this paper presents a new triage model that is designed to meet the recent requirements of the Korean legal system for privacy protection from, specifically, a Korean perspective.",
keywords = "Digital forensics, Electronic evidence, Privacy, Search and seizure, Triage",
author = "Ilyoung Hong and Hyeon Yu and Sangjin Lee and Lee, {Kyung Ho}",
year = "2013",
month = "9",
day = "1",
doi = "10.1016/j.diin.2013.01.003",
language = "English",
volume = "10",
pages = "175--192",
journal = "Digital Investigation",
issn = "1742-2876",
publisher = "Elsevier Limited",
number = "2",

}

TY - JOUR

T1 - A new triage model conforming to the needs of selective search and seizure of electronic evidence

AU - Hong, Ilyoung

AU - Yu, Hyeon

AU - Lee, Sangjin

AU - Lee, Kyung Ho

PY - 2013/9/1

Y1 - 2013/9/1

N2 - Recently, digital evidence has been playing an increasingly important role in criminal cases. The seizure of Hard Disk Drives (HDDs) and creation of images of entire disk drives have become a best practice by law enforcement agencies. In most criminal cases, however, the incriminatory information found on an HDD is only a small portion of the entire HDD and the remaining information is not relevant to the case. For this reason, demands for the regulation of excessive search and seizure of defendants' innocuous information have been increasing and gaining strength. Some courts have even ruled out inadmissible digital evidence gathered from sites where the scope of a warrant has been exceeded, considering it to be a violation of due process. In order to protect the privacy of suspects, a standard should be made restricting excessive search and seizure. There are, however, many difficulties in selectively identifying and collecting digital evidence at a crime scene, and it is not realistic to expect law enforcement officers to search and collect completely only case-relevant evidence. Too much restriction can cause severe problems in investigations and may result in law enforcement authorities missing crucial evidence. Therefore, a model needs to be established that can assess and regulate excessive search and seizure of digital evidence in accordance with a reasonable standard that considers practical limitations. Consequently, we propose a new approach that balances two conflicting values: human rights protection versus the achievement of effective investigations. In this new approach, a triage model is derived from an assessment of the limiting factors of on-site search and seizure. For the assessment, a survey that provides information about the level of law enforcement, such as the available labor, equipment supply, technical limitations, and time constraints, was conducted using current field officers. A triage model that can meet the legal system's demand for privacy protection and which supports decision making by field officers that can have legal effects was implemented. Since the demands of each legal system and situation of law enforcement vary from country to country, the triage model should be established individually for each legal system. Along with experiment of our proposed approach, this paper presents a new triage model that is designed to meet the recent requirements of the Korean legal system for privacy protection from, specifically, a Korean perspective.

AB - Recently, digital evidence has been playing an increasingly important role in criminal cases. The seizure of Hard Disk Drives (HDDs) and creation of images of entire disk drives have become a best practice by law enforcement agencies. In most criminal cases, however, the incriminatory information found on an HDD is only a small portion of the entire HDD and the remaining information is not relevant to the case. For this reason, demands for the regulation of excessive search and seizure of defendants' innocuous information have been increasing and gaining strength. Some courts have even ruled out inadmissible digital evidence gathered from sites where the scope of a warrant has been exceeded, considering it to be a violation of due process. In order to protect the privacy of suspects, a standard should be made restricting excessive search and seizure. There are, however, many difficulties in selectively identifying and collecting digital evidence at a crime scene, and it is not realistic to expect law enforcement officers to search and collect completely only case-relevant evidence. Too much restriction can cause severe problems in investigations and may result in law enforcement authorities missing crucial evidence. Therefore, a model needs to be established that can assess and regulate excessive search and seizure of digital evidence in accordance with a reasonable standard that considers practical limitations. Consequently, we propose a new approach that balances two conflicting values: human rights protection versus the achievement of effective investigations. In this new approach, a triage model is derived from an assessment of the limiting factors of on-site search and seizure. For the assessment, a survey that provides information about the level of law enforcement, such as the available labor, equipment supply, technical limitations, and time constraints, was conducted using current field officers. A triage model that can meet the legal system's demand for privacy protection and which supports decision making by field officers that can have legal effects was implemented. Since the demands of each legal system and situation of law enforcement vary from country to country, the triage model should be established individually for each legal system. Along with experiment of our proposed approach, this paper presents a new triage model that is designed to meet the recent requirements of the Korean legal system for privacy protection from, specifically, a Korean perspective.

KW - Digital forensics

KW - Electronic evidence

KW - Privacy

KW - Search and seizure

KW - Triage

UR - http://www.scopus.com/inward/record.url?scp=84883555836&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883555836&partnerID=8YFLogxK

U2 - 10.1016/j.diin.2013.01.003

DO - 10.1016/j.diin.2013.01.003

M3 - Article

AN - SCOPUS:84883555836

VL - 10

SP - 175

EP - 192

JO - Digital Investigation

JF - Digital Investigation

SN - 1742-2876

IS - 2

ER -