This module is a resource for lecturers

Legal and ethical obligations

Cybercrime investigators (discussed in Cybercrime Module 5 on Cybercrime Investigations) and digital forensics professionals should legally and ethically investigate cybercrime, handle, analyse, and interpret digital evidence, and report findings (Kizza, 2013; Seigfried-Spellar, Rogers, and Crimmins, 2017). While legal obligations are prescribed by national, regional, and international law (see cybercrime procedural law and human rights obligations in Cybercrime Module 3 on Legal Frameworks and Human Rights; data access, retention, and preservation requirements in Cybercrime Module 7 on International Cooperation against Cybercrime; and data protection requirements in Cybercrime Module 10 on Privacy and Data Protection), ethical obligations (wherever present) are self-imposed and/or prescribed by government agencies and/or private professional organizations (Roux and Falgoust, 2012; Kizza, 2013; Sharevski, 2015; Seigfried-Spellar, Rogers, and Crimmins, 2017). Where a code of ethics (i.e., guidelines covering right and wrong conduct to inform decision-making) exists, it often includes what cybercrime investigators and/or digital forensics professionals should do at all times and what these individuals should never do under any circumstance. For instance, the International Society of Forensic Computer Examiners (ISFCE) includes a code of ethics for its members to abide by to ensure that standards are being met and the results of the digital forensics process are accurate and trustworthy (ISFCE, n.d.). This code of ethics includes the behaviours that members must engage in (e.g., abiding by legal orders and conducting a comprehensive examination of the evidence according to existing laws, standards, procedures, and guidelines) and prohibited behaviours (e.g., withholding evidence, engaging in biased analyses or reporting of evidence, and misrepresenting qualifications) (ISFCE, n.d.). For additional reading, please also refer to the Module Series on Integrity and Ethics, particularly Module 12 on Integrity, Ethics and Law as well as Module 14 on Professional Ethics.

Next: Handling of digital evidence
Back to top