digital forensics in litigation

How Digital Forensics Can Help Win Litigation Cases

By ERMProtect Staff

Digital forensics, the science of extracting evidence from electronic data, has, for the last few decades, been a key component of criminal investigations. Messages and email exchanges can shed light on intent and motive. Image metadata can indicate when and where a picture was taken, and whether it was altered or edited, serving as evidence in criminal cases.

But digital forensics has increasingly become a crucial part of civil litigation as well and has helped provide case-clinching evidence in cases of defamation, fraud, whistleblower allegations, industrial espionage, and tax evasion.

Evidence extracted from mobile phones, computers and other smart devices connected to the internet can provide vital clues indicating the movement of money, unauthorized access to a file or system, and any deletion or alterations made to critical data, often influencing the outcome of a civil case.

But for digital forensics evidence to be permissible in court, it is crucial to prevent any contamination of data and to ensure it is handled only by experts. Digital forensics experts often work with legal counsel, ensuring they extract evidence, which is pertinent to the case, and present it in a way that is legally permissible in court.


What Kind of Legal Cases Can a Digital Forensics Investigation Help With?

The science of digital forensics finds many applications in criminal cases, where evidence of exchanges between an alleged perpetrator and others can often serve as evidence in cases of threats and harassment, violence and assault, homicide, or rape. Additionally, devices like mobile phones and smartwatches that track location, can put an alleged perpetrator at the scene of the crime at the right time, or provide an alibi.

Digital evidence is also particularly helpful in cases of cybercrime and fraud, unlawful distribution of child pornography, financial fraud, embezzlement, or industrial espionage.

But many lawyers are now relying on digital evidence to aid in litigation or other civil cases, which can include commercial disputes, intellectual property theft, tax evasion, computer misuse, industrial espionage, whistleblower complaints, blackmail and extortion, unauthorized disclosure of confidential information or sharing of company secrets by an employee, defamation, or family matters.

A digital forensics investigation has the potential to reveal critical evidence and completely change the outcome of a litigation case.

A few examples of civil cases where digital forensics can play a key role include:

  • In a case of employee misconduct, digital forensics investigators can create a ‘forensic image’ of an employee’s device or account. A forensic image is an exact digital copy of the data and information stored at a given point in time. Even if the employee attempts to cover their tracks by deleting data or withdrawing access to confidential information, an investigation can uncover proof of unauthorized access, and also discover whether any data was deleted, and the time of deletion.
  • In financial fraud or tax evasion cases, digital forensics has proved extremely useful in tracing the flow of money, countering any attempts to obscure this movement.
  • In cases of fraud, bribery, intellectual property theft or business disputes, digital forensics can provide evidence by recovering any deleted messages or other exchanges that point to wrongdoing or prove that commercial use of intellectual property has occurred, even if it has been deleted or taken down.


How Are Digital Forensics Investigations Conducted?

A digital forensics investigation, whether it is conducted to aid an ongoing criminal investigation, a lawsuit, or an internal investigation, usually begins with the seizure of any devices connected to the case. Any mobile phones, laptops, desktop computers, tablets, or other devices likely to contain evidence are collected and placed in a secure location. The devices are first disconnected from the internet or turned off, to prevent remote access or remote alteration of data.

Before or even during the course of a digital forensics’ investigation, a defendant or person connected with the case may attempt to conceal or delete evidence from the devices under consideration. In such cases, an investigator is often able to recover deleted files or data - and the very act of deletion itself could serve as evidence of wrongdoing.

Extracting and documenting evidence in a legally admissible way is a crucial part of any investigation, and digital forensics investigators are trained in investigative techniques that ensure that the data they have discovered can be used as evidence in court. The integrity of digital evidence is closely examined in court and any indication of tampering, intentional or unintentional, can get the evidence ruled inadmissible to use in court. This is why it is critical that digital evidence is handled only by experts. Even something as simple as opening a file could change timestamps and other important metadata.

Once the investigation is concluded, digital forensics investigators present it in court, often acting as expert witnesses.


What Kinds of Evidence Can a Digital Forensics Investigation Unearth?

In civil or litigation cases such as employee misconduct, industrial espionage, fraud, embezzlement, etc., employing forensic investigative techniques can help uncover critical evidence such as:

  • Any deleted or hidden data,
  • Evidence of deletion,
  • Whether a file or system was accessed by a particular IP address or account, and when it was accessed,
  • Evidence of the movement of money, in case of fraud, embezzlement or tax evasion cases,
  • Contact or exchanges between specific persons,
  • Cached images and data which can reveal illegal downloads or access,
  • Image metadata, which can reveal whether an image has been digitally altered,
  • Location data,
  • and more.


How Evidence Obtained from Digital Forensics Investigations Can Help Win Lawsuits

A team of digital forensics specialists can be brought in at the beginning of a legal proceeding, or even halfway, if new digital evidence has come to light. It is best to bring in investigators or specialists as early as possible, in order to prevent inadvertent destruction or loss of any digital evidence.

Digital forensics specialists are trained in extracting, reviewing, and documenting digital evidence in a way that is legally permissible and admissible, and stands up in court. Investigative teams often work in collaboration with legal counsel, who can provide important inputs on which actions they want investigated, and what evidence they hope to recover.

Evidence obtained through digital forensics has the potential to really turn around the outcome of a case and could be the difference between being awarded significant damages and the case being dismissed. In civil cases such as fraud, embezzlement, defamation, or blackmail and extortion, the charges can be difficult to prove without digital evidence, which often acts as a clincher based on its concrete nature.

It is very common for those connected with the case to attempt to delete data, wipe their devices clean, and erase any trace of wrongdoing. This is where digital forensics investigators come in. Digital forensics can help recover deleted data and use investigative techniques to create a timeline of the entire case, including any wrongdoing. Data uncovered in such a way, using legally permissible techniques, is usually irrefutable and serves as iron-clad evidence in legal cases.


How ERMProtect Can Help You Win Your Litigation Case

With nearly 25 years of experience successfully handling complex digital forensics cases, the ERMProtect team of digital forensics investigators can work with your legal team and help unearth evidence that can significantly impact the outcome of a lawsuit or other legal proceeding.

Click here for information about how ERMProtect's digital forensics investigators can help you win your case, or email [email protected].

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

NIST Cybersecurity Framework

Complete Guide to the NIST Cybersecurity Framework 2.0

In this comprehensive guide, we explain in simple terms every aspect of complying with the NIST Cybersecurity Framework 2.0 …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 2

We asked Akash to take a trip down memory lane and discuss some of his more interesting intrusion cases. This is Part 2 of “Musings from Pen Tester’s Diary.” …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 1

Ever want to peek inside the mind of an ethical hacker? Akash Desai, our Director of IT Consulting for 18 years, is sharing his diary of experiences “hacking” banks, factories, fire departments, airports, etc …