ComputerForensicsDigest.com

There is a tendency on the part of some lawyers, judges, and juries to treat evidence retrieved through computer forensics as somehow more credible than traditional, non-electronic evidence. The process of retrieving seemingly invisible data from the electronic void gives it a somewhat mystic quality that can blind factfinders to its real worth.

A ongoing murder case in Kentucky, however, offers a useful reminder that computer forensic evidence is subject to the same threshold tests as all other evidence, including relevance and credibility.

George Thomas, 26, is on trial for his alleged role in the January 2007 car-jacking and murders of Channon Christian, 21, and Christopher Newsom, 23. The Kentucky State Police arrested Thomas and co-defendant Letalvis Cobbins at the home of Natasha Hayes. Following their arrest, the KSP did a forensic examination of Hayes's computer, and discovered browser history that indicated that the computer was used to search www.knoxnews.com for reports about the slayings.

After prosecutors announced last week that they intended to call a witness from the KSP to testify about the forensic investigation, defense attorneys filed a motion to suppress the evidence. They argued that the disclosure came too late for them to hire their own computer forensics expert to examine the drive.

Judge Richard Baumgartner was clearly disinclined to postpone the trial, which is scheduled to start with opening statements today. More importantly, however, he ruled that the proffered evidence was too circumstantial to be admitted.

"[It] doesn't even amount to a molehill," the judge declared from the bench.

There's no question that computer forensics techniques can produce potentially powerful evidence -- the smoking deleted email being the best example. But the key is to remember that any evidence, whatever its source, must still be weighed against the standard criteria that govern admission at trial.