Electronic Evidence | Forensics and Authentication in Police Investigation
For responsible parties like corporations and government agencies, a reason to retain all their e-mail, text and instant message records is to refute forgeries of e-records. Thorough email archives (including each attachment) provide forensic evidence to invalidate false claims.
Just ask Australia’s prime minister, Kevin Rudd. His political opponents tried to embarrass him with an electronic mail record purportedly from his senior advisor Andrew Charlton. The e-mail appeared to show corruption; it appeared to show Rudd’s government conferring a business advantage to Rudd’s friend John Grant.
But fortunately for the government, it retained its own e-mail records for the time in question. An investigation revealed that the scandalous e-mail was a forgery!
The investigation proceeded in two steps. First it examined the alleged sender’s digital records. “Searches by the Department of Prime Minister and Cabinet and Treasury of Dr Charlton's computer and the system of the public service had found nothing. ‘There have been exhaustive searches conducted on Dr Charlton's computer email system and no such correspondence can be found,’ Mr Rudd said.”
Second, the Australian Federal Police (equivalent to FBI) conducted a forensic analysis of two computers used by the purported receiver of the e-mail. "Preliminary results of those forensic examinations indicate that the email referred to at the centre of this investigation has been created by a person or persons other than the purported author of the email," said the AFP.
This revelation of course played to the Prime Minister’s distinct advantage. He could show that his adversaries had based their attack on misrepresented facts.
Mr. Wright is an advisor to Messaging Architects, thought leader on ESI investigations.