With aim to produce compelling elements to justice

According to the findings of the latest Symantec report published in September, the attacks on the Internet are more insidious. And virus type Polip chameleons, adopt various forms to remain invisible, no spare neither individuals nor corporations. The service of the judicial police and magistrates to pursue various forms of cybercrime, laboratories are specialized in the research of digital evidence. They offer to the State or new instruments of investigation business. "Attacks are increasing and the current security tools are insufficient to prevent." "Must be therefore handle it otherwise," said Marc Daniel, technical director of the laboratory of computer investigation of the company Kroll Ontrack, and legal expert, in a debate organized early October by the firm Bird & Bird on the management of computer evidence.

Prove the unfair competition of the fact of an employee, counterfeiting, financial crime, or even pornography, falls within the jurisdiction of this type of laboratory. With aim to produce compelling elements to justice. That is what defines the computer evidence What are the conditions of its collection to be admissible in court, and what its probative value "Any information collected on storage electronic and capable of being used in a court is a computer evidence," said Marc Daniel.

Files archived in a computer, SMS or address books stored in mobile phones, or even credit cards are some of the media likely to retain useful investigations traces. But, more often, it is the hard disk of the computer that will deliver the evidence. "If the hard disk is damaged, it is restored in"rooms white"which are local dust free, standardized technical criteria defined by the manufacturers of hard disk drives", explains Didier Millereaux, Manager of projects for Kroll Ontrack.

Schema collection

Specialized engineers looking for trace, recover erased data and save on a suitable medium. Investigations are carried out in the laboratory using software identical to those used by the science police. "In paedophilia cases where courts have already seized computers or DVD, the mission of the laboratory will highlight the illegal images and continue investigations on these networks on the Internet", says Didier Millereaux. To further ensure the reliability of the evidence, especially if it is a hard disk, its collection must meet a specific schema. "To be first to isolate the offending computer network support and then make two copies, one for laboratory analysis, the other being left to the provision of justice", advocates Marc Daniel. The presence of a bailiff during these procedures provides additional security.

"However, in criminal matters, no text does prohibit the production of unfair or illegal evidence." Any evidence in the debate subject to adversarial discussion may have probative value. "But it is the judge who, in the end, appreciates the case by case basis the relevance of the evidence," said Francklin Bush, lawyer at the law firm Bird & Bird.

Do computer matter, magistrates, even if they appeal to experts, have sufficient tools to have opinions The question arises with particular acuity in the field of software infringement: "software may have been simply copied, it can also be changed to provide better performance or more features," explains Jean-Pierre Bigot, expert judicial and President of the laboratory of computer analysis and Telecom EsaLab.

The judge must decide in distinguishing the original of the plagiarism. "To this end, our laboratory has developed a comparison software called"simile", says Jean-Pierre Bigot. The methodology is to model codes, analyze the structures and global comparisons on two software. It provides to the tribunal a valuable assessment tool. For this expert, which provides market soon its method in the United States, the creation of new instruments of analysis of the computer evidence is a legal and economic necessity. It is a sector full open to innovation.