Authenticating Web Record Legal Evidence


Saving MySpace, Facebook & Other Social Networking Pages


Deterring Alteration of Digital Photos & Electronic Proof


Making a Digital (Computer) Chain of Custody


Images, photos, statements and other content from web pages are sometimes used as evidence in court and in legal disputes such as divorces, child custody battles and sexual harassment cases. When an investigator sees relevant material on the web (such as pictures on a social networking site), how should she save it?

New for 2012:  How-to video on capturing and preserving legal and other important text and SMS messages.

Update 2011: http://hack-igations.blogspot.com/2011/10/how-to-make-gotcha-video.html



 My Electronic Evidence is a tool to help professional and amateur investigators use their voice to verifiably sign a record about what they collected.






Yesterday I explained the advantages of signing records about important text messages. Today I describe how the service can be used to authenticate a record from a web page or a log of a hacking incident.






I wanted to preseve a record showing the appearance of the page http//hack-igations.blogspot.com. I did it by creating two files:






1. a pfd showing the appearance of the page at http://hack-igations.blogspot.com; and






2. a Statement of Evidence using My Electronic Evidence. The Statement of Evidence includes a record of my voice uniquely tied to the first file (the original pdf, #1 above).






Here's how I did it. To start: with my browser logged to http://hack-igations.blogspot.com, I printed to pdf. The pdf file became the "original evidence file" I wanted to authenticate and preserve. In other words, I wanted to show to the future (1) I was the one responsible for capturing the evidence, (2) the evidence did not change after I authenticated it, (3) the date I captured the evidence and (4) the methods I used to capture the evidence.






To associate my signature with the original evidence file, I went to http://www.myelectronicevidence.com (MEE) and clicked "Get Started". That took me to a page where I identified myself as the signer and I described my evidence.













I uploaded my original evidence pdf file. I also retained a copy of my original evidence pdf because I would need it later.






The MEE system took me to pages that asked me to confirm my information and then review the "Statement of Evidence" the system was creating for me.













When I clicked Next, I came to a Signature Instructions page. In blue font, the page showed me a Signature Statment that I would be asked to speak and a place to enter my telephone number.




Shortly after I entered my phone number, my phone rang. I answered, and an automated voice asked me to speak the blue signature statement. (At the end of the statement were a few words that constituted the Signature Code . . . a cryptographic fingerprint of my original evidence pdf file. When I spoke the code, I was linking my unique voice with the uniqueness of the evidence file.)




Soon after I hung up, the web page allowed me to display and download a new pdf -- my signed Statement of Evidence.






I now possessed two pfd files on my hard drive: 1. the original evidence pdf; and 2. the new Statement of Evidence. I saved both of these, together, in several places so they would not be lost or deleted.






Now let's examine the two files I possess. From my hard drive, I opened the Statement of Evidence. At the bottom of the Statement was a speaker icon; clicking it caused my recorded voice statement to play. At the lower right of the Statement of Evidence appeared the words "Archive Details".













Clicking on "Archive Details" revealed that several files were embedded in the Statement of Evidence pdf stored on my PC. One of those files, the "Readme," provided detailed information about all of the files. It showed that one of the embedded files was a wav record of my voice statement. Another embedded file was a cetficate explaining how the Voice Signature process worked and how a third party could verify the link between my voice statement and the original evidence file.






To recap: I saved web evidence as a pdf. Then at MEE I described how I captured the evidence pdf. Next I uploaded the evidence pdf so MEE could calculate a signature code from it. Using the signatured code, MEE created a new pdf, a "Statement of Evidence". MEE captured a voice record of me signing the words in the Statement of Evidence. My voice record included the signature code derived from the original evidence pdf. MEE enabled me to download the Statement of Evidence. The Statement of Evidence contained my voice record plus material explaining the connection between my original evidence pdf and the signature code. I saved both pdfs (the original evidence file and the Statement of Evidence). With these two files, in the future, a third party could confirm the link between my voice record and the original pdf showing http://hack-igations.blogspot.com.






For more on using voice signatures to authenticate electronic records, see my earlier article on text message investigations.



[The above is not legal advice for any particular situation. It is not a substitute for counsel from a lawyer or other professional. If you need legal advice, you should consult an attorney. Remember there can never be any assurance how evidence will be used or interpreted for legal purposes, if it is used at all. Also the above may not be a complete analysis or the best for a particular situation.]