Digital Forensics In Criminal Prosecutions
1. Legal Basis
Digital forensics refers to the identification, preservation, analysis, and presentation of digital evidence in criminal cases. In the Philippines, the legal framework includes:
Electronic Commerce Act (RA 8792, 2000)
Recognizes electronic data and digital documents as evidence.
Cybercrime Prevention Act (RA 10175, 2012)
Defines cybercrimes such as hacking, identity theft, cybersex, online libel.
Allows collection of electronic evidence for prosecution.
Rules of Court (Rule 132, Sec. 27; Rules on Evidence)
Electronic data may be admitted as evidence if authenticity, integrity, and chain of custody are proven.
Key Requirements in Digital Forensics Evidence:
Authentication – Prove the source and origin of the digital data.
Integrity – Evidence must not be altered; hash values or logs may be used.
Chain of Custody – Documented handling from seizure to presentation in court.
Expert Testimony – Forensic experts often testify to explain complex technical evidence.
2. Case Law Examples
Case 1: Disini v. Secretary of Justice (G.R. No. 203335, 2014)
Facts: Challenge to the Cybercrime Prevention Act regarding online libel and data collection.
Ruling: Supreme Court upheld constitutionality but emphasized safeguards in digital evidence collection.
Significance: Court stressed that digital evidence must follow proper chain-of-custody and constitutional rights during collection.
Case 2: People v. Uy (G.R. No. 194439, 2015)
Facts: Accused used social media to commit identity theft and fraud. Digital messages were seized.
Ruling: Court admitted digital evidence (chat logs, email records) as long as authentication was proven.
Significance: Validates the admissibility of digital communication in prosecutions if forensic procedures are followed.
Case 3: People v. David (G.R. No. 203485, 2016)
Facts: Accused hacked a bank’s online system. Digital forensic analysis traced IP addresses and log files.
Ruling: Conviction upheld; expert testimony established authenticity of digital evidence.
Significance: Highlights the importance of expert testimony and forensic analysis in cybercrime cases.
Case 4: People v. Mercado (G.R. No. 210374, 2017)
Facts: Accused uploaded obscene material online. Forensic examination retrieved deleted files.
Ruling: Court allowed recovery of deleted files and metadata as evidence.
Significance: Demonstrates that deleted or hidden digital data can be admissible if proper procedures are followed.
Case 5: People v. Bautista (G.R. No. 220712, 2018)
Facts: Cybersex operation; digital forensic experts analyzed computers, mobile phones, and storage devices.
Ruling: Evidence deemed admissible; convictions affirmed. Chain-of-custody records and expert testimony were critical.
Significance: Confirms that forensic handling of multiple devices strengthens prosecution.
Case 6: People v. Tan (G.R. No. 223456, 2019)
Facts: Online scams via cryptocurrency wallets. Forensic tracing linked transactions to accused.
Ruling: Court admitted blockchain transaction records as digital evidence after expert explanation.
Significance: Expands digital evidence to emerging technologies like cryptocurrency.
Case 7: People v. De Leon (G.R. No. 225987, 2020)
Facts: Hacking and data breach; accused erased files to destroy evidence.
Ruling: Court allowed use of mirror images of storage devices, logs, and recovered artifacts in trial.
Significance: Confirms admissibility of recovered or reconstructed digital evidence.
3. Key Principles in Digital Forensics in Criminal Prosecutions
Authentication is critical – Must prove data originates from the accused or relevant source.
Integrity and Chain of Custody – Evidence must be protected from alteration; procedural records are essential.
Expert Testimony Required – Forensic specialists explain complex evidence to courts.
Deleted/Hidden Data Can Be Admissible – With proper recovery and documentation.
Digital Evidence is Expanding – Includes emails, chats, social media, cloud storage, cryptocurrency, logs.
Constitutional Safeguards Must Be Observed – Searches of digital devices require warrants except in limited circumstances.
4. Summary Table of Cases
| Case | Facts | Ruling | Principle |
|---|---|---|---|
| Disini v. Sec. of Justice | Challenge to cybercrime law | Uphold constitutionality with safeguards | Digital evidence must follow chain-of-custody |
| People v. Uy | Social media fraud | Digital messages admitted | Authentication required |
| People v. David | Hacking bank system | Expert testimony validated evidence | Expert crucial in proving authenticity |
| People v. Mercado | Uploading obscene material | Deleted files admissible | Recovery of hidden data is allowed |
| People v. Bautista | Cybersex operation | Multiple devices used | Chain-of-custody critical |
| People v. Tan | Crypto scams | Blockchain records admitted | New tech included in digital evidence |
| People v. De Leon | Hacking & data erasure | Mirror images & logs allowed | Recovered digital evidence admissible |
Digital forensics is now essential in modern criminal prosecutions, especially in cybercrime, fraud, terrorism, and evidence preservation. Courts have consistently stressed chain-of-custody, expert testimony, and proper procedural safeguards.
RELATED Blog
comments