4.1 Comparison between physical evidence and cyber evidence


As mentioned earlier, evidence is defined as anything that is produced in court by the parties involved in order to testify the truth or falsity of the facts in a particular case. According to the Malaysian Administrative Modernisation and Management Planning Unit, evidence can be devided into few categories namely the direct evidence which is the oral testimony by the witness for instance eyewitness statement which contains proof.

Secondly is the documentary evidence which can be presented in the form of written or printed documents. Usually, computer crime cases use documentary evidence as the evidence of the case. Next is the demonstrative evidence which is basically the type of evidence that can be seen in the form of a model, experiment, chart, or an illustration. Another type of evidence is the real evidence which is also known as associative or physical evidence. Physical evidence is any evidence which is produced in court in form of physical object or objects which shows that a crime has been committed. This type of evidence is very important as it can link the investigators to a conclusion by looking at the characteristics of the object. Last but not least is the computer generated evidence or known as cyber evidence. For example, the visual output on the monitor, printed evidence on a printer/plotter, film recorder which includes magnetic representation on disk and optical representation on CD, and lastly, the data and information stored electronically on storage devices such as pen drive, CD or even diskettes.

However, for the purpose of this topic, we will focus only on the physical evidence and also cyber evidence where we compare between these two types of evidences. Various definitions can be seen from various experts on physical evidence. According to John Beech and Simon Chadwick, physical evidence can be defined as the tangible evidence of a service, including everything which can be seen, touched, smelt and heard. Secondly, according to 1st Class Investigations Inc., physical evidence is anything that may be found by investigators, to have a connection with a crime. Another definition regarding physical evidence is that any object that can provide information during the investigation. Initially, physical evidence includes many types of evidence such as finger prints, blood, semen, DNA, weapons and many more. Physical evidence can be found at the crime scene and it can establish that a crime has been committed. Sometimes it can also provide a link between a crime and its victim or between a crime and its perpetrator.

For instance, in a murder case, the DNA and fingerprints left by the attacker can be traced on the victim’s body, the blood splattered on the floor, the weapon used or even the footprints on the floor. According to Henry C. Lee and Howard A. Haris, physical evidence can be divided into four types namely transient, pattern, conditional and transfer. Transient is the physical evidence that is temporary in nature and can be easily change or lost for instance odor, temperature, imprints and indentations and lastly markings. This category of physical evidence must be collected, recorded and documented as soon as possible to avoid the loss of the evidence. Secondly is pattern evidence where it is the evidence that had been produced by force, direct contact between persons and objects or even the objects with other objects. The examples of pattern evidence are blood splatter patterns, glass fracture patterns, fire burning patterns and many more. Next is the conditional evidence where it is produced by certain occurrence. If this evidence is wrongly documented, it may cause such lost or changes. This type of physical evidence is very crucial to the crime scene reconstruction.

For instance, the condition of the light during the accident, the colour of the fire when it burns at the time of the accident, the direction of the burning flame and many more. Lastly, the classical type of evidence, the transfer evidence where this evidence is created by the physical contact between persons, objects, or between person and objects. There are many classifications that had been made according to its particular criteria. The examples for transfer evidence are blood, saliva, semen, fingerprints and many more. In order to determine the identity, common standard tests are used. Some of the evidence may require only one test but some may require more. The advantage of physical evidence is that it cannot be easily removed, modified or duplicate as the evidence such as fingerprints will remain permanently unless the perpetrator took some precautions by using gloves but sometimes they did not realize they had acted carelessly and leaving the some prints behind. The next advantage is that, by obtaining the objects at the crime scene which has fingerprints or DNA on it, it is easier for the investigators since it will link them straight to the suspect. In addition, the process of testifying the evidence does not need any specialization or expertise regarding computer like what is needed for the computer forensic. Thus, the complexity of the process is lower. Fourthly, the process of testifying the evidence does not require the spending of a large sum of money to pay the investigators since it does not necessitate special skill to testify the evidence.

Cyber evidence or also known as electronic evidence can be defined as all information which is generated, stored, transmitted using the electronic technology, the computer or other related technology and equipment that can provide explanations regarding the crime committed. The process or scientific method in extracting, gathering, processing and interpreting the cyber evidence in order to find a conclusion regarding the crime committed is called cyber forensic. There are many challenges in doing so since the accuracy and reliability of the evidence should be preserved and guaranteed in order to be presented to the court. Evidence obtained from a computer-related crime differs from the traditional form of evidence. This is because in most cases, the cyber evidence is intangible. Therefore, it is more fragile as compared to the physical evidence. Furthermore, the scope of cyber evidence is wider and the contents are easily modified, duplicated and it is more accessible. Questions arise regarding the validity of the evidence. However, there are cases which produced the cyber evidence before the court in order to prosecute the accused but it involves a very complex process.

For instance, if there is a case where the evidence can only be obtained from the computer, an expert should be called to obtain and testify the evidence as not all people has the skill that can operate the computer efficiently. By using the experts, not only it will create a difficulty since the number of experts in our country is very little as compared to other developing countries but it will also results the spending of a large sum of money to pay the experts. Hence, it is a waste for our country as the money can be used for other purposes which are more crucial. For some, they consider it as a weakness for using cyber evidence but for unknown author, she considers it to be an advantage. Since it involves the basis of high-tech technology, it makes the traces of modification cannot be easily noticed and take hold by ordinary people to make changes and the modification. Only experts can easily detect the modification made by the perpetrator. Thus, it shows the stability in using this kind of evidence. However, in our personal opinion, we disagree with the view given by the unknown author after taking into consideration many factors such as the cyber evidences are easily modified, duplicated and accessible, it does not maintain the originality and authenticity of the evidence. Thus, it will create doubt.

As a result, the strength of this cyber evidence is lesser as compared to the physical evidence where according to Paul L.Kirk, a forensic scientist who was awarded the criminalistics section of the American Academy of Forensic Sciences,

This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are, it is factual evidence, physical evidence cannot be wrong, it cannot perjure itself...only its interpretation can."

Various opinions and views were given by various people regarding this issue but for the purpose of this course, we concluded that the strength of physical evidence is greater as compared to cyber evidence as physical evidence cannot be easily removed, modified or duplicate, the collection of evidence will link them straight to the suspect, the process of testifying the evidence does not need any specialization or expertise regarding computer, the complexity of the process is lower and lastly, the process of testifying the evidence does not require the spending of a large sum of money to pay the investigators since it does not necessitate special skill to testify the evidence.



Renuka said...

Gud information.