A new triage model conforming to the needs of selective search and seizure of electronic evidence

Recently, digital evidence has been playing an increasingly important role in criminal cases. The seizure of Hard Disk Drives (HDDs) and creation of images of entire disk drives have become a best practice by law enforcement agencies. In most criminal cases, however, the incriminatory information found on an HDD is only a small portion of the entire HDD and the remaining information is not relevant to the case. For this reason, demands for the regulation of excessive search and seizure of defendants' innocuous information have been increasing and gaining strength. Some courts have even ruled out inadmissible digital evidence gathered from sites where the scope of a warrant has been exceeded, considering it to be a violation of due process. In order to protect the privacy of suspects, a standard should be made restricting excessive search and seizure. There are, however, many difficulties in selectively identifying and collecting digital evidence at a crime scene, and it is not realistic to expect law enforcement officers to search and collect completely only case-relevant evidence. Too much restriction can cause severe problems in investigations and may result in law enforcement authorities missing crucial evidence. Therefore, a model needs to be established that can assess and regulate excessive search and seizure of digital evidence in accordance with a reasonable standard that considers practical limitations. Consequently, we propose a new approach that balances two conflicting values: human rights protection versus the achievement of effective investigations. In this new approach, a triage model is derived from an assessment of the limiting factors of on-site search and seizure. For the assessment, a survey that provides information about the level of law enforcement, such as the available labor, equipment supply, technical limitations, and time constraints, was conducted using current field officers. A triage model that can meet the legal system's demand for privacy protection and which supports decision making by field officers that can have legal effects was implemented. Since the demands of each legal system and situation of law enforcement vary from country to country, the triage model should be established individually for each legal system. Along with experiment of our proposed approach, this paper presents a new triage model that is designed to meet the recent requirements of the Korean legal system for privacy protection from, specifically, a Korean perspective. (C) 2013 Elsevier Ltd. All rights reserved.