Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2018 | Book

Introduction: Opportunities and Challenges for Electronic Evidence Read chapter Read first chapter

Handling and Exchanging Electronic Evidence Across Europe

Editors: Dr. Maria Angela Biasiotti, Prof. Jeanne Pia Mifsud Bonnici, Prof. Joe Cannataci, Dr. Fabrizio Turchi

Publisher: Springer International Publishing

Book Series : Law, Governance and Technology Series

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This volume offers a general overview on the handling and regulating electronic evidence in Europe, presenting a standard for the exchange process. Chapters explore the nature of electronic evidence and readers will learn of the challenges involved in upholding the necessary standards and maintaining the integrity of information. Challenges particularly occur when European Union member states collaborate and evidence is exchanged, as may be the case when solving a cybercrime. One such challenge is that the variety of possible evidences is so wide that potentially anything may become the evidence of a crime. Moreover, the introduction and the extensive use of information and communications technology (ICT) has generated new forms of crimes or new ways of perpetrating them, as well as a new type of evidence.

Contributing authors examine the legal framework in place in various EU member states when dealing with electronic evidence, with prominence given to data protection and privacy issues. Readers may learn about the state of the art tools and standards utilized for treating and exchanging evidence, and existing platforms and environments run by different Law Enforcement Agencies (LEAs) at local and central level. Readers will also discover the operational point of view of LEAs when dealing with electronic evidence, and their requirements and expectations for the future. Finally, readers may consider a proposal for realizing a unique legal framework for governing in a uniform and aligned way the treatment and cross border exchange of electronic evidence in Europe.

The use, collection and exchange of electronic evidence in the European Union context and the rules, practises, operational guidelines, standards and tools utilized by LEAs, judges, Public prosecutors and other relevant stakeholders are all covered in this comprehensive work. It will appeal to researchers in both law and computer science, as well as those with an interest in privacy, digital forensics, electronic evidence, legal frameworks and law enforcement.

Table of Contents

Frontmatter

Setting the Scene

Frontmatter
Chapter 1. Introduction: Opportunities and Challenges for Electronic Evidence
Abstract
Beyond the different and varied rules that each Member State adopts regarding the admissibility and development of evidence, including digital evidence, elements that in any case must be guaranteed are its relevance and its authenticity with respect to the case being examined. However, these requirements are far from easy to achieve, taking into account some peculiar characteristics of digital evidence, for example, its fragility (easily alterable, damageable and destructible) and its immateriality, namely, the difficulty in associating particular evidence to a physical object: Often it is confused with the device that contains it and therefore closely linked to the concepts of changeability and volatility. This means that the lifecycle of digital evidence must always be accompanied by documentation, always kept up to date, constituting the so-called chain of custody, i.e., the document that describes in detail what happens to digital evidence from the moment in which it was identified as evidence until its presentation before the judge in the trial phase, more specifically, the person who took possession of it to preserve its authenticity, when, where and how, and in what manner. The issue of digital evidence is necessarily interdisciplinary in that it affects different areas: the law in its national, European and international forms, digital forensics, computer science, sociology of law and diplomatics. The latter discipline, perhaps the least known among those mentioned, is focused on “studying the forms that official, legally probative or even constitutive documentation has taken over time”.
Maria Angela Biasiotti, Joseph A. Cannataci, Jeanne Pia Mifsud Bonnici, Fabrizio Turchi
Chapter 2. Present and Future of the Exchange of Electronic Evidence in Europe
Abstract
Crime has become global, and almost all crimes involve electronic evidence. A significant problem has become the exchange of data, across jurisdictions and between the domestic participants in the criminal judicial process. The exchange becomes crucial in counterterrorism operations and when dealing with global crimes. At the same time, a secure and trusted exchange of information and of electronic evidence relating to crimes is an important element in order to promote judicial cooperation in criminal matters, as well as to contribute to an effective and coherent application of EU Mutual Legal Assistance (MLA) and European Investigation Order (EIO) procedures. This paper deals with the electronic evidence exchange in Europe, and more specifically with the new challenges of the implementation of the European Investigation Order Directive, in particular, and some of the results of the work carried out by the European Commission internally and by EU-funded projects. This contribution also proposes recommendations for future activities, and ideas for the follow-up of the results achieved and the policies promoted by the European Commission.
Maria Angela Biasiotti

International Perspective

Frontmatter
Chapter 3. e-Evidence and Access to Data in the Cloud Results of the Cloud Evidence Group of the Cybercrime Convention Committee
Abstract
Evidence in relation to any crime is increasingly (only) available in electronic form on computer systems or storage devices and needs to be secured for criminal proceedings. Criminal investigations not relying on electronic evidence are becoming the exception. Access to electronic evidence—in relation to cybercrime and any other type of crime—is thus essential for criminal justice, as well as for ensuring the rule of law. A major problem is that electronic evidence is often not located in the territory of the investigating criminal justice authority but increasingly in foreign, multiple or unknown jurisdictions, that is, somewhere “in the cloud”. To address this issue, the Cybercrime Convention Committee of the Council of Europe—representing the Parties to the Budapest Convention on Cybercrime—in December 2014 established a Cloud Evidence Working Group (CEG) which has identified options for common international solutions.
Alexander Seger
Chapter 4. The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form
Abstract
The growing number of investigations involving digital traces from various data sources is driving the demand for a standard way to represent and exchange pertinent information. Enabling automated combination and correlation of cyber-investigation information from multiple systems or organizations enables more efficient and comprehensive analysis, reducing the risk of mistakes and missed opportunities. These needs are being met by the evolving open-source, community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. CASE leverages the Unified Cyber Ontology (UCO), which abstracts and expresses concepts that are common across multiple domains. This paper introduces CASE and UCO, explaining how they improve upon prior related work. The value of fully-structured data, representing provenance, and action lifecycles are discussed. The guiding principles of CASE and UCO are presented, and illustrative examples of CASE are provided using the default JSON-LD serialization.
Eoghan Casey, Sean Barnum, Ryan Griffith, Jonathan Snyder, Harm van Beek, Alex Nelson
Chapter 5. “All Along the Watchtower”: Matters Not Yet Solved Regarding Communication Interception Systems and Electronic Data Retained on Foreign Servers
Abstract
The chapter describes an overview of the current situation in the EU with respect to matters not yet solved regarding communication interception systems and electronic data retention, also based on direct and personal experience of the author who is a public prosecutor. A state of the art on this topic is well described also focusing on some experiences and cases experimented by the Italian authorities when dealing with VOIP Systems and the cross-border acquisition of such information as probative values in the investigation phase. After having summarised the technological landscape with which investigators must deal in their daily activities fighting (not just organised) crime, the author tries to answer to the practical question of what can be done to overcome the legislative gap. Some solutions are given also considering the current scenario taking place in the USA with respect to the same issues and barriers.
Francesco Cajani

Institutional/Operational Perspective

Frontmatter
Chapter 6. Electronic Evidence: Challenges and Opportunities for Law Enforcement
Abstract
This chapter presents a cross-section of law enforcement issues addressed as part of the research conducted by INTERPOL in the framework of the European Informatics Data Exchange Framework for Courts and Evidence (EVIDENCE) project. The aim of the research was to formulate recommendations and best practice based on the status quo and challenges identified regarding the handling of electronic evidence by law enforcement agencies (LEAs).
First, the status quo on the handling of digital evidence by LEAs and the main trends identified for each phase of the electronic evidence lifecycle are set out. Subsequently, the main challenges hampering law enforcement investigations and forensic analyses involving digital evidence are presented. These challenges can be categorised under two main headers, namely challenges caused by technical measures such as encryption and anonymisation tools and those caused by legal lacunae.
Then, building further upon these findings, a set of recommendations are presented to strengthen law enforcement action in the field of digital evidence. This can, first, be done by working towards the professionalisation of digital forensics, as suggested by digital forensics practitioners themselves. Furthermore, as LEAs are not the only actors within the electronic evidence domain, it is also essential to continue enhancing the collaboration between LEAs and other actors, such as the judiciary and policymakers. Lastly, mutual legal assistance (MLA) procedures are no longer considered fit-for-purpose and LEAs continue to increasingly call for initiatives to expedite these often lengthy procedures.
Sabine Berghs, Geoffrey Stewart Morrison, Caroline Goemans-Dorny
Chapter 7. International Digital Forensic Investigation at the ICC
Abstract
The International Criminal Court (“ICC” or “the Court”) investigates and tries individuals charged with crimes of concern to the international community: genocide, war crimes and crimes against humanity. With regard to digital forensic investigations, the ICC has been confronted with various challenges especially derived from the nature of the crimes it handles and the fact that its procedure is distinct from national criminal procedure. This paper provides an introduction to the activities and challenges of digital forensics in international criminal investigations, and draws attention to requirements for more international cooperation, awareness improvement, standard establishment and the need for a joint effort at solving technical issues.
Ilyoung Hong
Chapter 8. The Online Environment as a Challenge for Privacy and the Suppression of Crime
Abstract
Anonymity and encryption offered by the Internet represent huge resources for cybercriminals: ransomware and spyware are just two examples of cyber threats that in the past years caused serious damage, not only via desktop computers, but via mobile devices as well.
By its own nature, cybercrime has an outreach which goes well beyond national level. This leads to great difficulties in detecting it, and raises questions over how Law Enforcement can effectively fight it without violating any fundamental rights, including rights on data protection. Europol is the most controlled agency in the world of Law Enforcement and manages to provide high standards of internal and external accountability, as demonstrated by the supervision activity of the DPO, EDPS, and the growing control by the EU Parliament via the JPSG. Europol is a clear example that enhancing both Freedom and Security is possible in the fight against serious and organised crime.
Daniel Drewer, Jan Ellermann
Chapter 9. Electronic Evidence in Criminal Trials: The Use of PowerPoint Presentations by Prosecutors and Attorneys in the Courtroom
Abstract
Organising training courses on electronic evidence in criminal trials at EU level would contribute to create a common legal and judicial culture among judges, prosecutors, attorneys, experts as well as police and military police officers. The content of such courses may include the use of PowerPoint presentations by prosecutors and attorneys to support their oral submissions in criminal trials. These presentations especially assist litigators in making factual arguments during hearings.
Xavier Tracol

Evidence Project Perspective

Frontmatter
Chapter 10. The Conceptual Representation of the “Electronic Evidence” Domain
Abstract
The conceptual representation of the “Electronic Evidence” domain presented in this chapter aims at building a common language to identifying, connecting and aligning all relevant concepts for the systematic and uniform application of new technologies in the collection, use and exchange of evidence. For setting the domain boundaries, a literature review is presented along with the current standards used to define and handle Electronic Evidence. These sources of information allowed to identify a first set of terms and definitions used in the top-down extraction of relevant concepts to be considered the basis for the development of the full categorization exercise. In parallel, the gathered documentation was used to apply a bottom-up strategy that foresees a semi-automatic extraction of lemmas and syntagms, using a natural language processing technique. The results of this activity allowed the identification of further terms and concepts to enrich the top-down extraction. The research team identified eight classes to represent the Electronic Evidence domain: Crime, Source of Evidence, Process, Electronic Evidence, Requirement, Stakeholder, Rule, and Digital Forensics. These main classes have been hierarchically structured in sub-classes that may be easily updated and maintained. A SKOS structure, Simple Knowledge Organization System, was chosen to represent the domain. Finally considering that one of the main focuses of the EVIDENCE Project concerns the development of a framework for data exchange between judicial actors and LEAs, the study has taken into account the exchange of both digital-born evidence and of not digital-born one.
Sveva Avveduto, Sara Conti, Daniela Luzi, Lucio Pisacane
Chapter 11. The European Legal Framework on Electronic Evidence: Complex and in Need of Reform
Abstract
More and more, “electronic evidence”, defined as “any of potential probative value that is manipulated, generated through, stored on or communicated by any electronic device”, plays an important role in criminal trials. This is not surprising given that most of the activities we take part in daily are captured in an electronic way, for example, our electricity consumption is registered electronically by smart meters, our smart mobile phones store information on our calls, messaging, Internet behavior, lifestyle choices, etc., all of which may have some potential probative value in a criminal trial. Apart from, or because of, its particular nature, electronic evidence is not necessarily linked to the same territorial jurisdiction as where an alleged crime would have taken place or is being investigated. This paper focuses on three aspects of this cross-border nature: (a) where it may be due to the information provider “recording” the information; (b) where the actual digital information is stored; (c) where the crime itself has a cross-border nature. This paper reflects on these three effects of this “cross-border” nature of electronic evidence when regulating electronic evidence in the criminal law process. This paper shows how current national and international legal frameworks are insufficient to meet with the current needs. Further it is argued that solving the current shortcomings is not merely a matter of introducing new agreements but is more complex, needing new theoretical frameworks and the collaboration of a large variety of actors.
Jeanne Pia Mifsud Bonnici, Melania Tudorica, Joseph A. Cannataci
Chapter 12. Digital Forensic Tools Catalogue, a Reference Point for the Forensic Community
Abstract
In the digital forensics community, there is no a general agreement on how to classify forensic tools related to the acquisition and analysis phases. The Digital Forensic Tools Catalogue has been developed flowing a bottom-up approach. Each tool has been distinguished on the basis of its own features and later it has been structured and classified in a coherent and sensible way. At the moment, the Catalogue, available on the web, includes about 1500 tools divided into two main branches: tools for the acquisition and tools for the analysis activities.
Mattia Epifani, Fabrizio Turchi
Chapter 13. Privacy Protection in Exchanging Electronic Evidence in Europe
Abstract
This chapter provides an overview of the legal framework addressing the exchange of electronic evidence and the implications related to privacy and data protection. While in Chap. 11 of this Volume, the current legal situation in general is reviewed, this chapter focuses specifically on privacy and data protection. Whereas many sources of law are subject to examination in both chapters—to a certain extent, this is in the nature of things, as they both deal with legal aspects—this review looks at the sources from a particular point of view. This chapter therefore follows a particular train of thoughts: after introducing the background and relevance of the protection of privacy in the collection and exchange of electronic evidence, and presenting the methodology used, the current European legal framework is examined about existing and applicable rules on data protection regarding electronic evidence, concluding with a final summary and recommendations for a future implementation of data protection standards.
Nikolaus Forgó, Christian Hawellek, Friederike Knoke, Jonathan Stoklas
Chapter 14. Some Societal Factors Impacting on the Potentialities of Electronic Evidence
Abstract
Electronic evidence is an important area of innovation, and inasmuch is characterized by strong and profound social dynamics. These dynamics can generate both opportunities and risks (if not managed or poorly managed), in terms of the functioning of the institutions of justice, the proper administration of justice for citizens and their rights, the representation of justice in public opinion, and so on. The aim of this paper is to present a panorama of some initial theoretical and empirical insights on this issue, from a sociological point of view. Our research tried to identify the types of actors that play a role in electronic evidence and its presence in judicial systems, as well as the obstacles and facilitating factors for the introduction of electronic evidence in courts.
Daniele Mezzana
Chapter 15. Standard for the Electronic Evidence Exchange
Abstract
Within the activities of the Evidence Project, it has been proposed a standard for the representation of the data and metadata involved in the electronic evidence exchange process. The main aim is to consider the widest range of forensic information and processing results including legal requirements. The standard consists of a set of data and metadata for describing all actions (i.e., tasks), actors (e.g., subjects, victims, authorities, examiners, etc.), tools (i.e., digital tools for carrying out different forensic processes), digital and physical objects involved in the investigative case (e.g., hard disk, smartphone, memory dump, etc.) and objects relationships (e.g., contains, extracted from, etc.); formal languages for representing in a standard way all the elements above cited; a platform for implementing the exchange process in terms of functionalities along with a recommendation for an integration with existing platforms already in place and run by European/international public bodies.
Mattia Epifani, Fabrizio Turchi
Chapter 16. Connecting the Dots: A Tale of Giants and Dwarfs, or How to Manage, Disseminate, Network and Present Your Research
Abstract
The project EVIDENCE—European Informatics Data Exchange Framework for Courts and Evidence—was designed as a Coordinating and Support Action. As such, it mainly comprised activities of coordination and networking of projects, programmes and policies in the field of electronic evidence. This commentary presents the EVIDENCE best practices towards successful stakeholder awareness and engagement and recommendations about mind-set changes that can be used by other policy-oriented projects to improve their dissemination and communication strategies. Hence, emphasizing the process of connecting the dots within the project’s ecosystem in such a way ensuring the project’s recognition and sustainability by building on its strengths and openly acknowledging its weaknesses in a constant pursue of improvement and further development.
Alexandra Tsvetkova
Chapter 17. Systems for Electronic Evidence Handling and Exchange
Technical Issues and Findings Using a Proof of Concept Implementation
Abstract
The EVIDENCE project aims at providing a roadmap (guidelines, recommendations and technical standards) for realising the missing Common European Framework for the systematic and uniform application of new technologies in the collection, use and exchange of Electronic Evidence. This chapter provides insights and expert’s recommendations for the roadmap regarding the software architecture design, the technologies, protocols and standards of software systems for digital evidence collection, handling and exchange. To this goal a software application and library prototypes have been developed that implement several of these protocols and have used the recommended representation language for applying a structure on the electronic evidence data, as well as metadata and for keeping the provenance of all steps of the digital forensic investigation lifecycle.
Nikolaos Matskanis, Jean-Christophe Deprez, Fabrice Estievenart, Christophe Ponsard
Chapter 18. The Way Forward: A Roadmap for the European Union
Abstract
The contributions describe the final Road Map for the realization of the harmonized framework on Electronic Evidence Treatment and Exchange. It is against a complex background that this “Roadmap” needs to be understood as it takes all challenges, including legal, operational, technical and data protection, forward and proposes ways to take action on a national and on a European level while taking into account various important aspects such as the actors involved. It is important to reiterate that no one action alone will solve the ensemble of challenges as regards the collection, preservation, use and exchange of electronic evidence. The actions need to be taken together for changes to be more effective. The Roadmap is aimed at showing the way forward for creating a Common European Framework for the systematic, aligned and uniform application of new technologies in the collection, preservation, use and exchange of evidence in criminal proceedings.
Maria Angela Biasiotti, Joseph A. Cannataci, Jeanne Pia Mifsud Bonnici, Melania Tudorica
Metadata
Title
Handling and Exchanging Electronic Evidence Across Europe
Editors
Dr. Maria Angela Biasiotti
Prof. Jeanne Pia Mifsud Bonnici
Prof. Joe Cannataci
Dr. Fabrizio Turchi
Copyright Year
2018
Electronic ISBN
978-3-319-74872-6
Print ISBN
978-3-319-74871-9
DOI
https://doi.org/10.1007/978-3-319-74872-6