Digital evidence has quickly become the smoking gun in white collar crime, but it’s worthless in court if handled by the wrong people in the wrong way.
“As with a physical crime scene, digital evidence must be managed by forensic professionals who know how to preserve its integrity and prevent contamination,” says David Loxton, CEO and Senior Attorney at Loxton Forensics.
Yet, many organisations make the fatal mistake of assigning critical digital evidence gathering, protection and analysis duties to IT personnel who know nothing of forensic science.
The value of digital evidence
Decades ago, white collar crime investigations focused on paper trails and personal testimonies. But in the 21st century, the sheer magnitude of digital communication makes tracing corporate crimes much more complex.
At the same time, perpetrators tend to leave electronic breadcrumb trails behind them, making digital evidence essential to a conviction.
“No matter how carefully someone avoids communicating evidence of their crime through emails, WhatsApp, SMS or other medium, they inevitably slip up,” says Loxton.
The biggest mistakes companies make
Loxton says his greatest concern is when a client informs him that they’ve experienced, say, fraud and that their IT department has already started investigating it.
“In such cases, I have to tell them frankly that they’ve already lost the battle,” he says.
It takes a special skillset and knowledge of the preservation of the chain of evidence and the chain of custody to ensure that evidence is presentable in a court of law. The same goes for disciplinary hearings, albeit to a somewhat less stringent degree.
Failure to preserve the original evidence
IT personnel investigating a crime may be guilty of opening files on email servers or local devices, thereby changing timestamps that are pivotal to the case. Or, they may allow emails to continue syncing while they are examining a device. Or, they may commit any number of similar forensic sins.
“A forensic expert creates a freeze frame of any devices or services – a binary read-only clone that cannot be changed and exactly represents the data as it was when collected,” says Loxton.
Anyone who knows what they’re doing never touches the original evidence and only works on copies of it.
Securing the chain of custody
Not only can changing the original data render it completely useless in court, but the way in which evidence is processed can also impact its integrity.
The details of every person who handles the evidence must be recorded exactly – their full name and ID number, the precise date and time it was issued to them and returned by them, what they did with it, and any other pertinent information.
That level of detail ensures the chain of custody remains traceable and unbroken. “An internal IT team certainly won’t know that process,” says Loxton.
Meta-evidence and process
Both the preservation of original evidence and securing the chain of custody highlight the absolute importance of meta-evidence (evidence about evidence) and strict process.
Evidence might be challenged not because it is invalid but because proper procedure was not followed, dates on which it was processed don’t match up, a required signature is not present, or due to any other number of minute discrepancies.
“Only a trained forensic professional knows the exact requirements and understands their legal implications,” says Loxton.
A matter of fiduciary duty
Managing forensic evidence should never be casually delegated to the IT department or any other unqualified party.
Rather, it is a governance issue with board-level accountability, and organisations should be aware of their obligations and responsibilities.
Similarly, it is a critical component of risk, something the board should be managing on an ongoing basis as part of its mandate.
“Boards need to be trained on how digital evidence must be secured and, in turn, train their IT teams in what they can and cannot do in such a situation,” says Loxton.
This is not only their fiduciary duty but also a decision that, should it lead to loss for their company, could become a personal liability.

