Anyone overseeing network security must be aware of the legal implications of forensic activity. Security professionals need to consider their policy decisions and technical actions in the context of existing laws. For instance, you must have authorization before you monitor and collect information related to a computer intrusion.
There are also legal ramifications to using security monitoring tools. Digital Forensic is a relatively new discipline to the courts and many of the existing laws used to prosecute computer-related crimes, legal precedents, and practices related to digital forensics are in a state of flux. New court rulings are issued that affect how digital forensics is applied.
The site lists recent court cases involving digital forensics and computer crime, and it has guides about how to introduce computer evidence in court and what standards apply. Forensic investigators need to collect the evidence in a way that is legally admissible in a court case. Increasingly, laws passed that require organizations to safeguard the privacy of personal data. It is becoming necessary to prove that your organization is complying with computer security best practices.
If there is an incident that affects critical data, for instance, the organization that has added a digital forensics capability to its arsenal will be able to show that it followed a sound security policy. And potentially avoid lawsuits or regulatory audits.
There are three areas of law related to computer security that are important to know about. The first is in the United States Constitution. The Fourth Amendment allows for protection against unreasonable search and seizure, and the Fifth Amendment allows for protection against self-incrimination. Although the amendments were written before there were problems caused by people misusing computers. The principles in them apply to digital forensics practiced.
Violations of any one of these statutes during the practice of digital forensics could constitute a federal felony punishable, by a fine and/or imprisonment. It is always advisable to consult your legal counsel. If you are in doubt about the implications of any digital forensics action on behalf of your organization.