The Bankruptcy Court in the Central District of California issued a decision in October following the Vinhnee approach to digital evidence authentication. It bears repeating that in order to have evidence considered by a jury (or a judge, in Bankruptcy court) it must first be authenticated in accordance with Federal Rules of Evidence Rule 901. The Bankruptcy Court in In re Vargas, --- B.R---, 2008 WL 4864986 (Bkrtcy.C.D.Cal. 2008) sets forth what must be demonstrated by a party seeking to have its digital evidence admitted. The challenge for the CSO/CISO is to understand why many of the following factors fall under the info-sec umbrella. We'll get into more detail in upcoming posts.
"The basic elements for the introduction of business records under the hearsay exception for records of regularly conducted activity all apply to records maintained electronically.
1. The business uses a computer.
2. The computer is reliable.
3. The business has developed a procedure for inserting data into the computer.
4. The procedure has built-in safeguards to ensure accuracy and identify errors.
5. The business keeps the computer in a good state of repair.
6. The witness had the computer readout certain data.
7. The witness used the proper procedures to obtain the readout.
8. The computer was in working order at the time the witness obtained the readout.
9. The witness recognizes the exhibit as the readout.
10. The witness explains how he or she recognizes the readout.
11. If the readout contains strange symbols or terms, the witness explains the meaning of the symbols or terms for the trier of fact.
"Under Ninth Circuit law, the fourth requirement subsumes details regarding the computer policy consisting of
(a) control procedures including control of access to the database,
(b) control of access to the program,
(c) recording and logging of changes,
(d) back-up practices, and
(e) audit procedures to assure the continuing integrity of the records."