Scuba diver dies after being found floating at Kurnell, NSW, Australia

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

There are two sides to this - and from the point of view of this thread the relevant one is tainted or contaminated evidence. This does not necessarily mean that anything has ACTUALLY happened to the evidence - just that it may have done so. In courts all over the world the concept exists of chain of custody and continuation of evidence.

This means that the evidence which may be adduced to a court must be in the same state in which is was found. Not tampered with or altered in any way. The accepted mechanism for doing this is to show that it was preserved (i.e locked down) and that nothing HAS or COULD HAVE happened to it from that time until a forensic expert got to it. In most courts all evidence and especially computer evidence is not admitted (i.e it is ignored and thrown out) unless you have chain of custody proved.

So for the dive computer - if this was a case where the evidence from the computer was critical, downloading data and scrolling through logs and so on could make that computer inadmissible in court. Because the chance exists that the data may in some way have been altered or changed, a new version saved internally or so on.

So contaminated is a LEGAL concept that may mean that the data is inadmissible.

In the case of PC's it gets even stricter - even switching a computer on after it has been seized can make it inadmissible. When I was an active investigator if we thought the computer data critical to the case the first thing we did was take a complete disk image of the hard drive and all attached storage media at the point of seizure, and this was to secure the data. We even had mobile equipment that allows us to do this in situ without unplugging or disconnecting the computer or components.

So I agree with Peter69_56 the likelihood that data on a dive computer will actuallybe changed is small - however for a court even that small chance is enough to get the evidence excluded.

In this example, perhaps it's not critical, but if you were investigating a case of manslaughter by negligence, or worse, then your whole case could go out the window because of a poor evidence handling protocol. - Phil
 
Phil_C:
There are two sides to this - and from the point of view of this thread the relevant one is tainted or contaminated evidence. This does not necessarily mean that anything has ACTUALLY happened to the evidence - just that it may have done so. In courts all over the world the concept exists of chain of custody and continuation of evidence.

This means that the evidence which may be adduced to a court must be in the same state in which is was found. Not tampered with or altered in any way. The accepted mechanism for doing this is to show that it was preserved (i.e locked down) and that nothing HAS or COULD HAVE happened to it from that time until a forensic expert got to it. In most courts all evidence and especially computer evidence is not admitted (i.e it is ignored and thrown out) unless you have chain of custody proved.

So for the dive computer - if this was a case where the evidence from the computer was critical, downloading data and scrolling through logs and so on could make that computer inadmissible in court. Because the chance exists that the data may in some way have been altered or changed, a new version saved internally or so on.

So contaminated is a LEGAL concept that may mean that the data is inadmissible.

In the case of PC's it gets even stricter - even switching a computer on after it has been seized can make it inadmissible. When I was an active investigator if we thought the computer data critical to the case the first thing we did was take a complete disk image of the hard drive and all attached storage media at the point of seizure, and this was to secure the data. We even had mobile equipment that allows us to do this in situ without unplugging or disconnecting the computer or components.

So I agree with Peter69_56 the likelihood that data on a dive computer will actuallybe changed is small - however for a court even that small chance is enough to get the evidence excluded.

In this example, perhaps it's not critical, but if you were investigating a case of manslaughter by negligence, or worse, then your whole case could go out the window because of a poor evidence handling protocol. - Phil
Click to expand...

Ok now understand. That sucks, a good lawyer would use this to the hilt. Oh for the days of common sense and logic.
 
Peter69_56:
Ok now understand. That sucks, a good lawyer would use this to the hilt. Oh for the days of common sense and logic.
Click to expand...

Yep - sadly (for good read clever) lawyers do exploit this to the maximum. - P
 
Phil_C:
first thing we did was take a complete disk image of the hard drive and all attached storage media at the point of seizure, and this was to secure the data.
Click to expand...

Just a question,

How is this different from downloading the information?... Creating a disk image is essentially a "pulling" of data with no data being "pushed"...
Downloading logs from a computer should be different right?









Sent from my Nokia Lumia 920
 
This has been quite a long thread with lots of ideas but I think when it's all said and done, we will have a case where a person was diving beyond their training/ability and paid the ultimate price. Not sure if it's anymore complicated than that really. But like others have said, most likley we will never know.
 
From Phoenix 31TT - " How is this different from downloading the information?... Creating a disk image is essentially a "pulling" of data with no data being "pushed"...
Downloading logs from a computer should be different right?"

Sorry - wish I knew, I'm on shaky ground here as I am not an expert on computer forensics, I know enough to be dangerous :D - so I leave well alone. Some of the people we dealt with would have traps and passwords set up on their data such that if we got it wrong, i.e switch on or off a computer and so on and the disks got wiped automatically.

We had a very skilled technical team who could prevent that happening and clone the data without triggering or allowing any processes to rum on it. Disk image may be the wrong term, but essentially they knew what they were doing. I just told them to do it. They have some very clever software that allowed them to see what was on the disk and in the files without altering them or allowing any changes to be made to them and so prevent malicious or wiping programs running.

The thing with evidence for a court is that they expect the same standard across the board, if the protocol is not followed they don't ask why, or what difference it makes or what harm was caused, because like me they are not technically minded. They just say the 'police', 'coast guard' or whoever didn't follow the standards, the evidence wasn't recovered by a forensic computer expert therefore we can't guarantee the evidence is not tainted - end of story unfortunately.

This sort of thing is fertile ground for a lawyer who is looking for ways to achieve the outcome their client wants - acquittal - P
 
While we have again gotten pretty far off the track of what still seems to be just a tragic accident, that might or might not have come out better had the buddy system been better used, it has become quite educational in ways I never expected.

It is really quite interesting reading about how real police detective work is done, as explained by an experienced police investigator.

I also found it quite enlightening when explaining why "expert testimony" is really not investigation, but simply the expressing of an opinion based on one person's viewpoint or knowledge, and how it could easily taint the actual investigation. That explanation made it easy to see why the two need to be kept totally separate, and how and why any "experts" brought in are simply another set of tools that the good investigator may draw on as they examine the evidence they have collected.

Thank you Phil_C, and others.

After your explanations, and reading of the current activity by the police handling this investigation it would appear that the investigators in Quero/Marcia's case seem to have things under pretty solid control, and it would seem that they are following a specific plan as they pursue the facts in the case. While I personally expect that the end result of the investigation will be accidental drowning, with no crime involved, and the actual cause of the accidental death never known, only time and patience on our part will tell if my instincts are right.
 
Phil_C:
There are two sides to this - and from the point of view of this thread the relevant one is tainted or contaminated evidence. This does not necessarily mean that anything has ACTUALLY happened to the evidence - just that it may have done so. In courts all over the world the concept exists of chain of custody and continuation of evidence.

This means that the evidence which may be adduced to a court must be in the same state in which is was found. Not tampered with or altered in any way. The accepted mechanism for doing this is to show that it was preserved (i.e locked down) and that nothing HAS or COULD HAVE happened to it from that time until a forensic expert got to it. In most courts all evidence and especially computer evidence is not admitted (i.e it is ignored and thrown out) unless you have chain of custody proved.

So for the dive computer - if this was a case where the evidence from the computer was critical, downloading data and scrolling through logs and so on could make that computer inadmissible in court. Because the chance exists that the data may in some way have been altered or changed, a new version saved internally or so on.

So contaminated is a LEGAL concept that may mean that the data is inadmissible.

In the case of PC's it gets even stricter - even switching a computer on after it has been seized can make it inadmissible. When I was an active investigator if we thought the computer data critical to the case the first thing we did was take a complete disk image of the hard drive and all attached storage media at the point of seizure, and this was to secure the data. We even had mobile equipment that allows us to do this in situ without unplugging or disconnecting the computer or components.

So I agree with Peter69_56 the likelihood that data on a dive computer will actuallybe changed is small - however for a court even that small chance is enough to get the evidence excluded.

In this example, perhaps it's not critical, but if you were investigating a case of manslaughter by negligence, or worse, then your whole case could go out the window because of a poor evidence handling protocol. - Phil
Click to expand...

I agree, but suggest that chain of custody was broken before the investigation started. I believe the body was recovered by fellow divers as opposed to police divers, and the computer could have been swapped out before the body even came to the surface. Obviously I doubt that this happened, but I think that the fact that it could have happened compromises the evidence.
 
nimoh:
I agree, but suggest that chain of custody was broken before the investigation started. I believe the body was recovered by fellow divers as opposed to police divers, and the computer could have been swapped out before the body even came to the surface. Obviously I doubt that this happened, but I think that the fact that it could have happened compromises the evidence.
Click to expand...
Sounds like a conspiracy to me...
 
You must log in or register to reply here.

Similar threads

DandyDon
Unknown Woman found floating unconscious, rescued - NSW, Australia
Replies
2
Views
1,074
John the Pom
J
wKkaY
Unknown Woman dies while diving in Tenggol island
Replies
0
Views
549
wKkaY
wKkaY
DandyDon
Unknown Woman dies after diving Homestead Crater - Utah
2
Replies
12
Views
3,340
PeterRabbit
PeterRabbit
DandyDon
  • Locked
Unknown Diver critical after near drowning - Ku-ring-gai Chase National Park, Australia
Replies
3
Views
501
chillyinCanada
chillyinCanada
Jake 10
Unknown Scuba diving student dies ‘doing what she loved’
Replies
5
Views
1,747
clownfishsydney
clownfishsydney

Back
Top Bottom