Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Monday, March 1, 2010

Legal news

There's been a lot of discussion about CCTV based evidence and the lack of clear case law. Today in Los Angeles Superior Court, an interesting discussion and decision (or non-decision) was made.

In People v. Otis Vann (BA3531183), the defendant believes that a privately owned CCTV system "witnessed" the crime for which he is charged and that the video will show that he is innocent. OK so far ... just go out and retrieve the evidence, right? Not so fast. The PC based DVR's software shows that the date in question is not on the system any more.

The defendant requested that the judge issue an order requiring the CCTV system be given over to the police agency's computer crimes unit for analysis and that they attempt to recover the lost data. The judge declined, citing a lack of compelling evidence that the data would be present or case law that would lead her to remove the privately held system from service for an indeterminate amount of time when the owner is not charged with the crime.

This is important to consider. The judge did not order the CCTV system seized, even though it may contain evidence.

This throws a large monkey wrench in the works of the "bag-it-and-tag-it" crowd. The owner of the system did not want to be without his equipment and did not believe that he should bear the cost of replacing it in order to help the police with their case. The police could not afford to lend the owner a replacement for his rather elaborate system (perfectly understandable given the current financial state of California).

What to do? We know what the judge did. What would you have done? What case law would you have cited? What say you?

Enjoy.

1 comment:

Larry C. @ Media-Geek.com said...

Interesting case Jim, thanks for sharing.

I'm not sure that there is such a thing as a "bag-it-and-tag-it crowd” though, as I have only heard that method discussed as a last resort. It may be referenced in agency specific policies more explicitly, but I don’t know of any industry documents or training that actually references it as a preferred method.

That being said, I don't disagree at all with the Judge's decision here. The onus is on the defense when making such a request and as the judge stated there was a “lack of compelling evidence” that the data would be present.

The defense could have approached this much differently, had they known any better. First, especially since it’s a PC based system, all that was really necessary was to have the system drive(s) forensically imaged. As you know, this can be done right in the field and would require far less disruption of the business and system (probably less than an hour).

They could have also provided evidence as to why they feel the data may still exist (e.g. info on traditional computer forensics, how data is stored, overwritten, etc...).

They had other options too of course, but they choose to ask the government to prove their defense, and they didn’t know what they were asking for…so they asked for everything.

I think the court made the right call on this one. Had they gone the other way, then I would've been really concerned.