Below are the principles that Police and Computer Forensic Experts follow when preserving data, normally from hard drives. These principles are from the ACPO (Association of Chief Police Officers), they are not a “law”, but guidelines that are expected to be followed by the UK courts. It should be noted that the ACPO guidelines are just that, a guide (though one recognized by the courts) . However Part 35 of the Civil Procedure Rules defines how an expert witness (e.g computer forensics expert) should give evidence in court, produce reports, and what evidence should be given,
Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
Principle 2: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Principle 3: An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
The ACPO Guidlines, and updated version of this page are on the new site at this location