The Kingdom of Saudi Arabia recently announced the issuance of the Evidence Law, which comes into effect on July 8, 2022. This law governs all commercial and civil transactions and, in part, administrative and criminal cases. It permits and legitimizes the submission of digital evidence in an electronic form and gives it the same status as written evidence.

The law considers but is not limited to, emails, digital signatures, and digital media as evidence, and the fact that digital evidence is admissible in court. More importantly, it indicates that Saudi courts can use digital software and tools in evidentiary procedures.

One might think, what discipline underpins digital evidence? What is it? And how can organizations effectively handle digital evidence?

The Emergence of Digital Evidence

With the spread of personal computing devices in the 1980s, a new scientific field was born: computer forensics. Programs and processes were developed to meet the demand from the law enforcement community to examine computer evidence. The first organizational structure, (CART) was formed by the FBI.1 In the 1990s, Computer forensics evolved to Digital Forensics. The Scientific Working Group Digital Evidence (SWGDE), which was founded in 1998 defines digital evidence as "information or probative value that is either stored or transmitted in a binary form", which was later transformed from binary to "digital".2

Ever since, data has exponentially grown as the cost to store data has decreased. However, data spread across multiple sources and complexity have dramatically grown, posing a challenge to organizations to govern and retain.

The Growing Data Landscape

If we examine today's data landscape in an organization, we will immediately realize the growing digital footprint of any employee across multiple data sources. This increases the need to utilize robust solutions to quickly identify, collect, and preserve such data in case of investigations or disclosure purposes.

To put things into perspective, imagine the number of devices, cloud locations and data volumes you would need to inspect to identify traces of activity or potential evidence compared to 20 years ago. In 2009, 2.5 billion devices were connected to the internet, and it is estimated that the growth of internet of things devices (IoT) will result in more than 100 billion devices to be connected by 2050.3 In comparison to the expected world population of around 10 billion in 2050, there are about 10 devices per human that will be connected to the internet.

This drastic growth demanded that digital forensic professionals up their game and rapidly innovate to meet data identification, collection, and forensic analysis challenges.

Six Digital Forensics Trends in 2022

In a rapidly changing digital landscape, there are multiple trends that digital forensic professionals regularly assess:

  1. The rise of remote work culture, due to the COVID-19 pandemic, means that digital assets may not be physically accessible, introducing remote data preservation techniques in a forensically sound manner. Professionals found solutions to resolve this, such as mailing in preservation kits and assisted remote access to computing and mobile devices.
  2. Storage technologies have evolved, drives within computing devices are rarely using HDD technology, and rather use Solid State Drives (SSD). Unlike HDD drives, where unless a drive is forensically wiped chances are high to recover and preserve deleted evidence, SSD drives are a lot harder to recover.
  3. The complexity and size of data to be analyzed is growing. In the example of multimedia (pictures and videos), AI techniques are being implemented to identify frames of interest from thousands of hours of video footage. Additionally, AI techniques also help digital forensic professionals in grouping and categorizing multimedia based on content, such as clustering pictures that contain guns in a criminal case.
  4. The need for advanced mobile forensics and recovery of deleted content is rising. There are more than 115 million WhatsApp subscribers in the Middle East and North Africa region with adoption rates of 77%. [4] Recovery and analysis of WhatsApp communications is almost essential to any investigation, and therefore, there is an- increased responsibility to preserve, recover and present data from mobile sources in forensically acceptable manner in legal cases.
  5. The significant growth of many non-traditional data sources, such as drones, digital surveillance cameras and IoT devices. Capabilities to preserve such data sources continue to develop to capture and decode data and metadata associated with such data sources.
  6. Encryption is on the rise, posing challenges to future digital forensics and ability to uncover cyber-attacks and malicious electronic activity.

Moving Forward

In an era where data is exponentially growing along with its sources, it is essential to treat data in a forensically defensible manner for litigation purposes. The disruptive trends in the global landscape require swift adaptation and continuous innovation by digital forensic professionals.

Regionally, we are ahead of a transformation in the laws that govern evidence and now accept the submission of digital evidence. Is your organization prepared to retain and handle digital evidence?

Footnotes

1. https://www.ojp.gov/ncjrs/virtual-library/abstracts/computer-analysis-and-response-team-cart-microcomputer-evidence

2. https://www.ojp.gov/ncjrs/virtual-library/abstracts/digital-evidence-standards-and-principles

3. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

4. https://www.cequens.com/blog/why-whatsapp-makes-sense-for-businesses-in-mea

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.