Hearsay and Evidence in the Computer Emergency Response Team (CERT)

The Computer Emergency Response Team (CERT) is responsible for computer related information incident handling within a specific government Agency. Part of that mission is the inherent issue to provide support to law enforcement officials. CERT must provide evidence to those that are going to complete the law enforcement effort of an incident. The CERT staff is trained either as incident handlers, those that react to information about computer incidents/events or subject area experts, those that know specific areas of computer technology. Neither of these groups are experts in legal evidence nor have they had training in evidence preservation. This paper will present the current Federal evidence laws concerning computer evidence and its relationship to hearsay and then apply the Federal law to the CERT information of a Federal Agency. Finally an actual incident's information will be reviewed as to the Federal Laws and the procedures involved and recommendations will be made. The Federal Agency will be called the Agency and all of its internal procedures are For Official Use Only so they are only referenced in this document and not quoted. Also, any indication of the Department or Agency is intended to be vague.