I came across an article this week where a judge didn’t accept printouts and screen grabs of a Facebook page as evidence because the metadata wasn't captured AND the defense couldn’t click on the links that were captured via screenshot. Really?
Since when is it is not enough for a law enforcement officer to not only testify what s/he saw, but also provides a print out of what was seen to not be enough to show that it probably happened? The ramifications can extend to every aspect of cases with electronic media. Can you imagine excluding evidence because RAM was not seized? Or because you didn't use a tool that the court liked (even though the community accepts it as forensically sound)? Or because you didn't capture links that were 3 or 4 levels deep?
Have we gone so far with capturing everything electronically that if we don’t capture everything, then nothing we capture will be admissible? That is a bridge we should not cross. Seriously, if a pdf of a website page, plus a screen grab of that page, plus testifying under penalty of perjury that what is presented is what was seen is not enough, we have a long road ahead with electronic evidence. Maybe this was just the work of a really really good defense attorney, but cases like this eventually start affecting your cases too.
On another note, I had planned on a peaceful weekend, but signed up for an online forensics course that I don’t think I can wait to finish (or start). There goes the weekend….but I guess in a good way. The course: Placing the Suspect Behind the Keyboard. I have the book already, but the course topics look very relevant (plus I get another copy with the course that I will donate to a newbie). I also sneaked in with a promo at half price >. The promotion includes an X-Ways Forensics online training course, but I did that one already...
I have also noticed that Magnet Forensics is putting on lots of webinars with cool topics too. Their blog is a good one to follow to catch some of the webinars they are putting out: https://www.magnetforensics.com/uncategorized/new-webinars-android-recovery-griffeye-integration-coming-way/