Evidential Notions of Defensibility and Admissibility with Property Preservation

Abstract : For security-emphasizing fields that deal with evidential data acquisition, processing, communication, storage and presentation, for instance network forensics, border security and enforcement surveillance, ultimately the outcome is not the technical output but rather physical prosecutions in court (e.g. of hackers, terrorists, law offenders) or counter-attack measures against the malicious adversaries.The aim of this paper is to motivate the research direction of formally linking these technical fields with the legal field. Notably, deriving technical representations of evidential data such that they are useful as evidences in court; while aiming that the legal parties understand the technical representations in better light. More precisely, we design the security notions of evidence processing and acquisition, guided by the evidential requirements from the legal perspective; and discuss example relations to forensics investigations.