quently that the statement “If you are doing nothing wrong, you have nothing to worry about” implies an invalid presupposition. It is similar to the old joke “When did you stop beating your wife?” The (hopefully incorrect) presupposition there is that you were beating your wife. The incorrect presupposition with “If you are doing noth-ing wrong, you have nothing to worry about” is that privacy is about hiding something. Just as there is no way to answer the beating question without correctly resolving the incorrect presupposition, there is no way to answer the “nothing wrong” question without re-solving the incorrect presupposition. Privacy is not about hiding something; it is about keeping things in their proper context. Why do we need to keep things in their proper context? For a host of reasons. One is that certain actions performed in the context of one’s home are legal, but when performed in the context of a public place are (usually) illegal. Taking a bath or shower, or having sex for instance. The difference is the context. The action is the same. When one re-moves the context, things one does every day can suddenly become illegal.
2. Information about the information (such as when something was said or written, when it was modified, who else it was sent to, and when it was ostensibly deleted, all of which is referred to as “meta- data”).
Ultimately, computer forensics is done because it can be done cheaply and also because it usually pays off.
of “reasonable expectation of privacy” applies where an employee can show that he or she had a reasonable expectation of privacy. This expectation evaporates into thin air, however, when the employee has had to sign a pre-employment document advising each employee that the employer’s com-puters can be monitored at will by the employer or when the employee is faced with a splash screen warning at every login attempt to the effect that usage of the employer’s computers or employer’s network usage constitutes consent to monitoring.
In the United Kingdom and most European countries, stricter guidelines apply even to employer-owned computers and networks.
2. The data collected from the suspect’s hard disk (or any other media) has been handled in a manner that could not possibly have allowed that data to be contaminated or otherwise changed between the time it was collected and the times that it was analyzed and presented to a court or administrative body.
If the forensics examination is held for information gathering purposes, then the above strict legal requirements need not be followed. Other requirements may need to be followed, depending on the specifics of the situation. For example, it may be essential not to alert the subject of a foren-sics investigation that such an investigation is being done.